Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WARNING! Spware Detected On My Computer Message [CLOSED] [RESOLVED

Started by Jouju , Jun 26 2008 07:43 PM

  • This topic is locked This topic is locked

#31
Jouju
Posted 21 August 2008 - 06:09 PM

Jouju

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

Here we go...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:54 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\lphce9lj0e7c1.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SMASHER\Smasher.exe
C:\Program Files\SMASHER\Smasher.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bulletpro...ware-98743.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [lphce9lj0e7c1] C:\WINDOWS\system32\lphce9lj0e7c1.exe
O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6223 bytes
  • 0

Advertisements

#32
Jimmy2012
Posted 22 August 2008 - 10:54 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Jouju,

STEP 1
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
STEP 2
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.
~~~~~~~~~~
In your next reply please have these logs.
The SDFix log
A fresh HijackThis log
And the OTViewIt log
  • 0

#33
Jouju
Posted 22 August 2008 - 06:25 PM

Jouju

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Jimmy 2012:

Here are your reports :)

SDFix Log


SDFix: Version 1.218
Run by judith on Fri 08/22/2008 at 07:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default ScreenSaver value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\lphce9lj0e7c1.exe - Deleted
C:\WINDOWS\system32\blphce9lj0e7c1.scr - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt1.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt100.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt102.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt104.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt106.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt108.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt10A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt10C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt10E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt110.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt112.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt114.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt116.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt118.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt11A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt11C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt120.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt122.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt124.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt126.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt128.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt12A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt12C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt12E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt13.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt130.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt132.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt134.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt136.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt138.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt13A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt13C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt13E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt140.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt142.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt144.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt146.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt148.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt14A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt15.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt152.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt154.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt156.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt158.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt15A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt15C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt15E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt160.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt162.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt164.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt166.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt167.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt169.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt16B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt16D.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt16F.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt17.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt171.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt173.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt175.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt177.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt179.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt17B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt17D.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt17F.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt181.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt183.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt185.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt187.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt189.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt18B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt18C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt18D.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt18F.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt190.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt192.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt194.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt196.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt198.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt19A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt19F.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt1A1.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt1A3.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt1D.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt1F.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt21.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt23.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt25.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt27.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt29.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt2F.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt31.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt33.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt35.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt37.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt39.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt3B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt3F.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt41.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt45.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt48.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt4A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt4C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt4E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt50.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt54.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt58.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt5A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt5C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt5E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt60.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt62.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt64.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt66.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt68.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt6A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt6C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt6E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt7.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt70.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt72.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt74.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt76.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt78.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt7A.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt7C.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt7E.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt80.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt82.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt84.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt89.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt8B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt8D.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt91.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt93.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt95.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt97.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt99.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt9B.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttA3.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttA6.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttB0.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttB2.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttB4.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttB6.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttB8.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttBA.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttBC.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttBE.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttC0.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttC2.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttC4.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttC6.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttC8.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttCA.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttCC.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttCE.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttD0.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttD2.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttD4.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttD6.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttD8.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttDA.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttDC.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttDE.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttE.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttE0.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttE2.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttE4.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttE6.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttE8.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttEA.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttEC.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttEE.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttF0.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttF2.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttF4.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttF6.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttF8.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttFA.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttFC.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.ttFE.tmp - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
C:\DOCUME~1\judith\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
C:\WINDOWS\system32\wpx5.cpx - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\wiaservb.log - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 20:08:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Sony Handheld\\HOTSYNC.EXE"="C:\\Program Files\\Sony Handheld\\HOTSYNC.EXE:*:Enabled:HotSyncr Manager Application"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 26 Nov 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Fri 15 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!



HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:52 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bulletpro...ware-98743.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6054 bytes

OTViewIt Log

OTViewIt logfile created on: 8/22/2008 8:17:01 PM
OTViewIt by OldTimer - Version 1.0.0.5 Folder = C:\Documents and Settings\judith\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.30 Mb Total Physical Memory | 126.28 Mb Available Physical Memory | 49.46% Memory free
1002.06 Mb Paging File | 761.98 Mb Available in Paging File | 76.04% Paging File free
Paging file location(s): C:\pagefile.sys 768 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.54 Gb Total Space | 4.26 Gb Free Space | 44.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.53 Gb Total Space | 65.60 Gb Free Space | 88.02% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8CN6I20DL4
Current User Name: judith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[01/15/2008 03:40 AM | 0,011,0592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\system32\Crypserv.exe
[10/07/2003 12:10 PM | 0,003,2768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[01/06/2004 11:47 AM | 0,032,7792 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\Diskeeper\DkService.exe
[01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
[10/07/2003 12:35 PM | 0,064,7168 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[01/12/2007 06:45 PM | 0,059,0384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2comm.exe
[01/12/2007 06:45 PM | 0,025,1440 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2pre.exe
[01/12/2007 06:45 PM | 0,089,7584 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2tray.exe
[10/07/2003 12:39 PM | 0,009,0112 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[08/17/2001 06:36 PM | 0,002,4064 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\devldr32.exe
[05/10/2005 04:04 PM | 0,010,2400 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
[06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[05/10/2005 04:04 PM | 0,040,3456 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
[10/24/2003 12:37 AM | 0,021,7194 | ---- | M] (Adobe Systems Inc.) - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.) - C:\Program Files\Sony Handheld\HOTSYNC.EXE
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[01/15/2008 03:40 AM | 0,011,0592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(Crypkey License) Crypkey License [Auto | Running]
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\system32\Crypserv.exe

(DefWatch) DefWatch [Auto | Running]
[10/07/2003 12:10 PM | 0,003,2768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

(Diskeeper) Diskeeper [Auto | Running]
[01/06/2004 11:47 AM | 0,032,7792 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\Diskeeper\DkService.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 12:56 AM | 0,022,4768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(GoToMyPC) GoToMyPC [Auto | Running]
[01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2svc.exe

(iPod Service) iPod Service [On_Demand | Stopped]
[02/04/2008 03:18 PM | 0,050,4104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Norton AntiVirus Server) Symantec AntiVirus Client [Auto | Running]
[10/07/2003 12:35 PM | 0,064,7168 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

(sdAuxService) PC Tools Auxiliary Service [On_Demand | Stopped]
[06/25/2008 07:47 PM | 0,033,7800 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe

(sdCoreService) PC Tools Security Service [On_Demand | Stopped]
[06/25/2008 07:47 PM | 0,101,7224 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe

===== Driver Services - Non-Microsoft Only =====

(74840a61) 74840a61 [System | Stopped]
[08/22/2008 07:32 AM | 0,000,0000 | ---- | M] () - C:\WINDOWS\system32\drivers\74840a61.sys

(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [On_Demand | Running]
[08/28/2002 06:59 PM | 0,003,6224 | ---- | M] (ADMtek Incorporated.) - C:\WINDOWS\system32\drivers\an983.sys

(ati2mtaa) ati2mtaa [On_Demand | Running]
[08/03/2004 10:29 PM | 0,032,7040 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtaa.sys

(BrScnUsb) Brother USB Still Image driver [On_Demand | Stopped]
[10/15/2004 01:50 PM | 0,001,5295 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrScnUsb.sys

(BrSerIf) Brother MFC Serial Port Interface WDM Driver [On_Demand | Stopped]
[09/29/2004 04:24 AM | 0,005,1712 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrSerIf.sys

(BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped]
[01/10/2004 05:28 AM | 0,001,1648 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrUsbSer.sys

(catchme) catchme [On_Demand | Running]
File not found - C:\DOCUME~1\judith\LOCALS~1\Temp\catchme.sys

(ctljystk) Creative SBLive! Gameport [On_Demand | Running]
[08/17/2001 08:19 AM | 0,000,3712 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctljystk.sys

(dmboot) dmboot [Disabled | Stopped]
[08/03/2004 11:07 PM | 0,079,9744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/03/2004 11:07 PM | 0,015,3344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/18/2001 08:00 AM | 0,000,5888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(emu10k) Creative SB Live! (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,028,3904 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\emu10k1m.sys

(emu10k1) Creative Interface Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,000,6912 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctlfacem.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[09/19/2006 03:44 PM | 0,001,5664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HCF_MSFT) HCF_MSFT [On_Demand | Running]
[08/17/2001 09:28 AM | 0,090,7456 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\HCF_MSFT.sys

(IKFileSec) File Security Driver [On_Demand | Stopped]
[02/01/2008 01:55 PM | 0,004,2376 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\ikfilesec.sys

(IKSysFlt) System Filter Driver [On_Demand | Stopped]
[12/10/2007 03:53 PM | 0,006,6952 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksysflt.sys

(IKSysSec) System Security Driver [On_Demand | Stopped]
[12/10/2007 03:53 PM | 0,008,1288 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksyssec.sys

(NAVAP) NAVAP [On_Demand | Running]
[08/11/2003 05:39 AM | 0,022,4768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys

(NAVAPEL) NAVAPEL [Auto | Running]
[08/11/2003 05:39 AM | 0,003,0208 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/15/2008 04:00 AM | 0,008,9936 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080815.007\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/15/2008 04:00 AM | 0,085,6336 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080815.007\NAVEX15.SYS

(ndiscm) Motorola SurfBoard USB Cable Modem Windows 2000 Driver [On_Demand | Stopped]
[05/13/2002 08:43 PM | 0,001,5399 | R--- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\netmotcm.sys

(NetworkX) NetworkX [System | Running]
[01/09/2006 10:47 PM | 0,003,1846 | ---- | M] () - C:\WINDOWS\system32\Ckldrv.sys

(PalmUSBD) PalmUSBD [On_Demand | Stopped]
[07/29/2003 09:11 PM | 0,001,6772 | R--- | M] (Palm, Inc.) - C:\WINDOWS\system32\drivers\PalmUSBD.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/18/2001 08:00 AM | 0,001,7792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[08/29/2005 08:12 PM | 0,002,0576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[03/25/2002 08:02 PM | 0,002,7440 | ---- | M] () - C:\WINDOWS\system32\drivers\secdrv.sys

(sfman) Creative SoundFont Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,003,6480 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\sfmanm.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/13/2005 01:35 PM | 0,007,3496 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[01/15/2008 03:39 AM | 0,003,0464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMyPC" = C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon [01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
"MimBoot" = C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [05/10/2005 04:04 PM | 0,001,1776 | ---- | M] (Musicmatch, Inc.)
"NeroCheck" = C:\WINDOWS\system32\\NeroCheck.exe [07/09/2001 06:50 AM | 0,015,5648 | ---- | M] (Ahead Software Gmbh)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [02/01/2008 12:13 AM | 0,038,5024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [10/07/2003 12:39 PM | 0,009,0112 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[10/24/2003 12:37 AM | 0,021,7194 | ---- | M] (Adobe Systems Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[10/25/2003 03:44 AM | 0,072,4992 | ---- | M] (Intuit, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[judith Startup Folder - C:\Documents and Settings\judith\Start Menu\Programs\Startup]
[08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.) - C:\Documents and Settings\judith\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
[11/05/2005 01:59 PM | 0,025,6000 | ---- | M] () - C:\Documents and Settings\judith\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 06:17 PM | 0,005,4248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 0,050,9328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (AcroIEToolbarHelper Class) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = -1
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 12:56 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 0,006,7112 | ---- | M] (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 12:56 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [11/30/2006 10:49 PM | 0,009,1640 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Sony Handheld\HOTSYNC.EXE" = C:\Program Files\Sony Handheld\HOTSYNC.EXE [08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 0,006,7112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [10/10/2006 01:53 PM | 0,001,0800 | ---- | M] (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [11/30/2006 10:49 PM | 0,466,2776 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [02/04/2008 03:18 PM | 1,992,6824 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [08/04/2004 12:56 AM | 0,103,2192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 12:56 AM | 0,002,4576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 12:56 AM | 0,051,4560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [02/28/2005 07:11 PM | 0,845,0048 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 12:56 AM | 0,029,8496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToMyPC]
"DllName" = C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [01/12/2007 06:45 PM | 0,001,0800 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [10/07/2003 12:30 PM | 0,004,5056 | ---- | M] ()

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ not found. -> ->

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0C75E08F-6F89-47AB-B223-9027025E1B88}]
Servers: | Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8B4328B1-B837-4F86-B6FE-6A610558BD59}]
Servers: | Description: Motorola SURFboard SB5121 USB Cable Modem

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BAC3583F-E605-4F09-8FFE-E35C1737F98C}]
Servers: | Description: Motorola SurfBoard 4200 USB Cable Modem



[Files/Folders - Created Within 30 days]
[08/13/2005 01:24 PM | 0,000,0211 | ---- | M] () - C:\Boot.bak
[07/29/2008 08:02 PM | ---D | C] - C:\cmdcons
[08/03/2004 11:00 PM | 0,026,0272 | ---- | M] () - C:\cmldr
[08/22/2008 08:04 PM | 2,677,67808 | -HS- | M] () - C:\hiberfil.sys
[08/03/2008 09:31 AM | -HSD | C] - C:\RECYCLER
[08/22/2008 08:10 PM | ---D | C] - C:\SDFix
[08/22/2008 07:32 AM | 0,000,0000 | ---- | M] () - C:\WINDOWS\System32\drivers\74840a61.sys
[01/09/2006 10:47 PM | 0,003,1846 | ---- | M] () - C:\WINDOWS\System32\Ckldrv.sys
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\System32\Crypserv.exe
[08/16/2008 06:20 AM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.ind
[08/15/2008 11:22 PM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.nlp
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 02:32 AM | 0,007,3728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 0,013,9264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/22/2008 07:44 PM | 0,062,5208 | ---- | M] () - C:\WINDOWS\System32\phce9lj0e7c1.bmp
[08/20/2008 09:02 PM | 0,001,4336 | ---- | M] () - C:\WINDOWS\System32\winaux.drv
[06/18/1999 05:49 PM | 0,016,5888 | ---- | M] (Kenonic Controls) - C:\WINDOWS\Ckconfig.exe
[07/04/1995 02:33 PM | 0,001,1776 | ---- | M] () - C:\WINDOWS\Ckrfresh.exe
[08/15/2008 11:21 PM | 0,000,0071 | ---- | M] () - C:\WINDOWS\Crypkey.ini
[08/22/2008 07:56 PM | ---D | C] - C:\WINDOWS\ERUNT
[3 C:\WINDOWS\*.tmp files]
[08/16/2008 09:30 AM | -H-D | C] - C:\WINDOWS\PIF
[08/17/2008 01:58 PM | 0,000,1409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/17/2008 01:58 PM | 0,005,4156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[05/03/1996 11:36 AM | 0,001,8432 | ---- | M] () - C:\WINDOWS\Setup_ck.dll
[05/03/1996 01:21 PM | 0,002,7648 | R--- | M] () - C:\WINDOWS\Setup_ck.exe
[08/15/2008 11:22 PM | 0,000,0004 | ---- | M] () - C:\WINDOWS\vx86036.dat
[08/17/2008 09:11 AM | 0,000,0545 | ---- | M] () - C:\Documents and Settings\judith\Desktop\EPSON Smart Panel.lnk
[08/21/2008 07:40 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\judith\Desktop\HijackThis.lnk
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 07:38 PM | 0,146,3521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\SDFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier
[08/14/2008 10:08 PM | ---D | C] - C:\Program Files\Common Files\Java
[08/20/2008 09:02 PM | ---D | C] - C:\Program Files\Microsoft Common
[08/21/2008 07:40 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[07/29/2008 08:02 PM | 0,000,0281 | RHS- | M] () - C:\boot.ini
[07/29/2008 08:02 PM | ---D | M] - C:\cmdcons
[08/22/2008 08:04 PM | 2,677,67808 | -HS- | M] () - C:\hiberfil.sys
[08/21/2008 07:40 PM | ---D | M] - C:\Program Files
[08/03/2008 09:31 AM | -HSD | M] - C:\RECYCLER
[08/22/2008 08:10 PM | ---D | M] - C:\SDFix
[08/22/2008 07:45 PM | -HSD | M] - C:\System Volume Information
[08/22/2008 08:03 PM | ---D | M] - C:\WINDOWS
[08/22/2008 07:32 AM | 0,000,0000 | ---- | M] () - C:\WINDOWS\System32\drivers\74840a61.sys
[08/22/2008 08:00 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/22/2008 08:00 PM | 0,000,0686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/22/2008 01:04 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[1 C:\WINDOWS\System32\*.tmp files]
[08/22/2008 07:58 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/22/2008 01:04 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/16/2008 06:20 AM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.ind
[08/15/2008 11:22 PM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.nlp
[08/16/2008 06:31 AM | ---D | M] - C:\WINDOWS\System32\NtmsData
[08/22/2008 07:44 PM | 0,062,5208 | ---- | M] () - C:\WINDOWS\System32\phce9lj0e7c1.bmp
[08/22/2008 07:45 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 09:02 PM | 0,001,4336 | ---- | M] () - C:\WINDOWS\System32\winaux.drv
[08/22/2008 07:33 AM | 0,000,2262 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/01/2008 09:56 AM | ---D | M] - C:\WINDOWS\AppPatch
[3 C:\WINDOWS\*.tmp files]
[08/15/2008 11:21 PM | 0,000,0071 | ---- | M] () - C:\WINDOWS\Crypkey.ini
[08/01/2008 06:25 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/22/2008 07:56 PM | ---D | M] - C:\WINDOWS\ERUNT
[08/01/2008 06:25 PM | -H-D | M] - C:\WINDOWS\inf
[08/14/2008 10:09 PM | -HSD | M] - C:\WINDOWS\Installer
[08/16/2008 09:30 AM | -H-D | M] - C:\WINDOWS\PIF
[08/22/2008 08:10 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/17/2008 01:58 PM | 0,000,1409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/17/2008 01:58 PM | 0,005,4156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/01/2008 09:57 AM | 0,000,0227 | ---- | M] () - C:\WINDOWS\system.ini
[08/22/2008 08:03 PM | ---D | M] - C:\WINDOWS\system32
[08/22/2008 08:12 PM | ---D | M] - C:\WINDOWS\TEMP
[08/15/2008 11:22 PM | 0,000,0004 | ---- | M] () - C:\WINDOWS\vx86036.dat
[08/22/2008 08:07 PM | 0,000,0690 | ---- | M] () - C:\WINDOWS\win.ini
[08/21/2008 02:15 PM | 0,000,0284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/22/2008 08:05 PM | 0,000,0006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/15/2008 11:16 PM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/17/2008 10:18 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 143 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/15/2008 07:43 PM | 0,639,1568 | -H-- | M] () - C:\Documents and Settings\judith\Local Settings\Application Data\IconCache.db
[08/15/2008 11:16 PM | ---D | M] - C:\Documents and Settings\judith\Local Settings\Application Data\Microsoft
[08/22/2008 07:40 PM | ---D | M] - C:\Documents and Settings\judith\Local Settings\Application Data\SMASHER
[08/17/2008 09:11 AM | 0,000,0545 | ---- | M] () - C:\Documents and Settings\judith\Desktop\EPSON Smart Panel.lnk
[08/21/2008 07:40 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\judith\Desktop\HijackThis.lnk
[08/21/2008 09:11 AM | 0,000,2521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\Microsoft Office Outlook 2003.lnk
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 07:38 PM | 0,146,3521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\SDFix.exe
@Alternate Data Stream - 26 bytes -> %UserProf
  • 0

#34
Jimmy2012
Posted 23 August 2008 - 11:39 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Jouju,
Your OTViewIt log got cutoff, please repost it in your next reply. The log should be on your Desktop, all you need to do is open the file and copy/paste it in your next reply.
  • 0

#35
Jouju
Posted 23 August 2008 - 03:10 PM

Jouju

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here it is:

OTViewIt logfile created on: 8/22/2008 8:17:01 PM
OTViewIt by OldTimer - Version 1.0.0.5 Folder = C:\Documents and Settings\judith\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.30 Mb Total Physical Memory | 126.28 Mb Available Physical Memory | 49.46% Memory free
1002.06 Mb Paging File | 761.98 Mb Available in Paging File | 76.04% Paging File free
Paging file location(s): C:\pagefile.sys 768 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.54 Gb Total Space | 4.26 Gb Free Space | 44.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.53 Gb Total Space | 65.60 Gb Free Space | 88.02% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8CN6I20DL4
Current User Name: judith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[01/15/2008 03:40 AM | 0,011,0592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\system32\Crypserv.exe
[10/07/2003 12:10 PM | 0,003,2768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[01/06/2004 11:47 AM | 0,032,7792 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\Diskeeper\DkService.exe
[01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
[10/07/2003 12:35 PM | 0,064,7168 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[01/12/2007 06:45 PM | 0,059,0384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2comm.exe
[01/12/2007 06:45 PM | 0,025,1440 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2pre.exe
[01/12/2007 06:45 PM | 0,089,7584 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2tray.exe
[10/07/2003 12:39 PM | 0,009,0112 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[08/17/2001 06:36 PM | 0,002,4064 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\devldr32.exe
[05/10/2005 04:04 PM | 0,010,2400 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
[06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[05/10/2005 04:04 PM | 0,040,3456 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
[10/24/2003 12:37 AM | 0,021,7194 | ---- | M] (Adobe Systems Inc.) - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.) - C:\Program Files\Sony Handheld\HOTSYNC.EXE
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[01/15/2008 03:40 AM | 0,011,0592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(Crypkey License) Crypkey License [Auto | Running]
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\system32\Crypserv.exe

(DefWatch) DefWatch [Auto | Running]
[10/07/2003 12:10 PM | 0,003,2768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

(Diskeeper) Diskeeper [Auto | Running]
[01/06/2004 11:47 AM | 0,032,7792 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\Diskeeper\DkService.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 12:56 AM | 0,022,4768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(GoToMyPC) GoToMyPC [Auto | Running]
[01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2svc.exe

(iPod Service) iPod Service [On_Demand | Stopped]
[02/04/2008 03:18 PM | 0,050,4104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Norton AntiVirus Server) Symantec AntiVirus Client [Auto | Running]
[10/07/2003 12:35 PM | 0,064,7168 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

(sdAuxService) PC Tools Auxiliary Service [On_Demand | Stopped]
[06/25/2008 07:47 PM | 0,033,7800 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe

(sdCoreService) PC Tools Security Service [On_Demand | Stopped]
[06/25/2008 07:47 PM | 0,101,7224 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe

===== Driver Services - Non-Microsoft Only =====

(74840a61) 74840a61 [System | Stopped]
[08/22/2008 07:32 AM | 0,000,0000 | ---- | M] () - C:\WINDOWS\system32\drivers\74840a61.sys

(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [On_Demand | Running]
[08/28/2002 06:59 PM | 0,003,6224 | ---- | M] (ADMtek Incorporated.) - C:\WINDOWS\system32\drivers\an983.sys

(ati2mtaa) ati2mtaa [On_Demand | Running]
[08/03/2004 10:29 PM | 0,032,7040 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtaa.sys

(BrScnUsb) Brother USB Still Image driver [On_Demand | Stopped]
[10/15/2004 01:50 PM | 0,001,5295 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrScnUsb.sys

(BrSerIf) Brother MFC Serial Port Interface WDM Driver [On_Demand | Stopped]
[09/29/2004 04:24 AM | 0,005,1712 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrSerIf.sys

(BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped]
[01/10/2004 05:28 AM | 0,001,1648 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrUsbSer.sys

(catchme) catchme [On_Demand | Running]
File not found - C:\DOCUME~1\judith\LOCALS~1\Temp\catchme.sys

(ctljystk) Creative SBLive! Gameport [On_Demand | Running]
[08/17/2001 08:19 AM | 0,000,3712 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctljystk.sys

(dmboot) dmboot [Disabled | Stopped]
[08/03/2004 11:07 PM | 0,079,9744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/03/2004 11:07 PM | 0,015,3344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/18/2001 08:00 AM | 0,000,5888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(emu10k) Creative SB Live! (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,028,3904 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\emu10k1m.sys

(emu10k1) Creative Interface Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,000,6912 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctlfacem.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[09/19/2006 03:44 PM | 0,001,5664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HCF_MSFT) HCF_MSFT [On_Demand | Running]
[08/17/2001 09:28 AM | 0,090,7456 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\HCF_MSFT.sys

(IKFileSec) File Security Driver [On_Demand | Stopped]
[02/01/2008 01:55 PM | 0,004,2376 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\ikfilesec.sys

(IKSysFlt) System Filter Driver [On_Demand | Stopped]
[12/10/2007 03:53 PM | 0,006,6952 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksysflt.sys

(IKSysSec) System Security Driver [On_Demand | Stopped]
[12/10/2007 03:53 PM | 0,008,1288 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksyssec.sys

(NAVAP) NAVAP [On_Demand | Running]
[08/11/2003 05:39 AM | 0,022,4768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys

(NAVAPEL) NAVAPEL [Auto | Running]
[08/11/2003 05:39 AM | 0,003,0208 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/15/2008 04:00 AM | 0,008,9936 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080815.007\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/15/2008 04:00 AM | 0,085,6336 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080815.007\NAVEX15.SYS

(ndiscm) Motorola SurfBoard USB Cable Modem Windows 2000 Driver [On_Demand | Stopped]
[05/13/2002 08:43 PM | 0,001,5399 | R--- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\netmotcm.sys

(NetworkX) NetworkX [System | Running]
[01/09/2006 10:47 PM | 0,003,1846 | ---- | M] () - C:\WINDOWS\system32\Ckldrv.sys

(PalmUSBD) PalmUSBD [On_Demand | Stopped]
[07/29/2003 09:11 PM | 0,001,6772 | R--- | M] (Palm, Inc.) - C:\WINDOWS\system32\drivers\PalmUSBD.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/18/2001 08:00 AM | 0,001,7792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[08/29/2005 08:12 PM | 0,002,0576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[03/25/2002 08:02 PM | 0,002,7440 | ---- | M] () - C:\WINDOWS\system32\drivers\secdrv.sys

(sfman) Creative SoundFont Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,003,6480 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\sfmanm.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/13/2005 01:35 PM | 0,007,3496 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[01/15/2008 03:39 AM | 0,003,0464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMyPC" = C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon [01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
"MimBoot" = C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [05/10/2005 04:04 PM | 0,001,1776 | ---- | M] (Musicmatch, Inc.)
"NeroCheck" = C:\WINDOWS\system32\\NeroCheck.exe [07/09/2001 06:50 AM | 0,015,5648 | ---- | M] (Ahead Software Gmbh)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [02/01/2008 12:13 AM | 0,038,5024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [10/07/2003 12:39 PM | 0,009,0112 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[10/24/2003 12:37 AM | 0,021,7194 | ---- | M] (Adobe Systems Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[10/25/2003 03:44 AM | 0,072,4992 | ---- | M] (Intuit, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[judith Startup Folder - C:\Documents and Settings\judith\Start Menu\Programs\Startup]
[08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.) - C:\Documents and Settings\judith\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
[11/05/2005 01:59 PM | 0,025,6000 | ---- | M] () - C:\Documents and Settings\judith\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 06:17 PM | 0,005,4248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 0,050,9328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (AcroIEToolbarHelper Class) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = -1
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 12:56 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 0,006,7112 | ---- | M] (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 12:56 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [11/30/2006 10:49 PM | 0,009,1640 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Sony Handheld\HOTSYNC.EXE" = C:\Program Files\Sony Handheld\HOTSYNC.EXE [08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 0,006,7112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [10/10/2006 01:53 PM | 0,001,0800 | ---- | M] (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [11/30/2006 10:49 PM | 0,466,2776 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [02/04/2008 03:18 PM | 1,992,6824 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [08/04/2004 12:56 AM | 0,103,2192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 12:56 AM | 0,002,4576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 12:56 AM | 0,051,4560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [02/28/2005 07:11 PM | 0,845,0048 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 12:56 AM | 0,029,8496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToMyPC]
"DllName" = C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [01/12/2007 06:45 PM | 0,001,0800 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [10/07/2003 12:30 PM | 0,004,5056 | ---- | M] ()

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ not found. -> ->

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0C75E08F-6F89-47AB-B223-9027025E1B88}]
Servers: | Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8B4328B1-B837-4F86-B6FE-6A610558BD59}]
Servers: | Description: Motorola SURFboard SB5121 USB Cable Modem

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BAC3583F-E605-4F09-8FFE-E35C1737F98C}]
Servers: | Description: Motorola SurfBoard 4200 USB Cable Modem



[Files/Folders - Created Within 30 days]
[08/13/2005 01:24 PM | 0,000,0211 | ---- | M] () - C:\Boot.bak
[07/29/2008 08:02 PM | ---D | C] - C:\cmdcons
[08/03/2004 11:00 PM | 0,026,0272 | ---- | M] () - C:\cmldr
[08/22/2008 08:04 PM | 2,677,67808 | -HS- | M] () - C:\hiberfil.sys
[08/03/2008 09:31 AM | -HSD | C] - C:\RECYCLER
[08/22/2008 08:10 PM | ---D | C] - C:\SDFix
[08/22/2008 07:32 AM | 0,000,0000 | ---- | M] () - C:\WINDOWS\System32\drivers\74840a61.sys
[01/09/2006 10:47 PM | 0,003,1846 | ---- | M] () - C:\WINDOWS\System32\Ckldrv.sys
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\System32\Crypserv.exe
[08/16/2008 06:20 AM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.ind
[08/15/2008 11:22 PM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.nlp
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 02:32 AM | 0,007,3728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 0,013,9264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/22/2008 07:44 PM | 0,062,5208 | ---- | M] () - C:\WINDOWS\System32\phce9lj0e7c1.bmp
[08/20/2008 09:02 PM | 0,001,4336 | ---- | M] () - C:\WINDOWS\System32\winaux.drv
[06/18/1999 05:49 PM | 0,016,5888 | ---- | M] (Kenonic Controls) - C:\WINDOWS\Ckconfig.exe
[07/04/1995 02:33 PM | 0,001,1776 | ---- | M] () - C:\WINDOWS\Ckrfresh.exe
[08/15/2008 11:21 PM | 0,000,0071 | ---- | M] () - C:\WINDOWS\Crypkey.ini
[08/22/2008 07:56 PM | ---D | C] - C:\WINDOWS\ERUNT
[3 C:\WINDOWS\*.tmp files]
[08/16/2008 09:30 AM | -H-D | C] - C:\WINDOWS\PIF
[08/17/2008 01:58 PM | 0,000,1409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/17/2008 01:58 PM | 0,005,4156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[05/03/1996 11:36 AM | 0,001,8432 | ---- | M] () - C:\WINDOWS\Setup_ck.dll
[05/03/1996 01:21 PM | 0,002,7648 | R--- | M] () - C:\WINDOWS\Setup_ck.exe
[08/15/2008 11:22 PM | 0,000,0004 | ---- | M] () - C:\WINDOWS\vx86036.dat
[08/17/2008 09:11 AM | 0,000,0545 | ---- | M] () - C:\Documents and Settings\judith\Desktop\EPSON Smart Panel.lnk
[08/21/2008 07:40 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\judith\Desktop\HijackThis.lnk
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 07:38 PM | 0,146,3521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\SDFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier
[08/14/2008 10:08 PM | ---D | C] - C:\Program Files\Common Files\Java
[08/20/2008 09:02 PM | ---D | C] - C:\Program Files\Microsoft Common
[08/21/2008 07:40 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[07/29/2008 08:02 PM | 0,000,0281 | RHS- | M] () - C:\boot.ini
[07/29/2008 08:02 PM | ---D | M] - C:\cmdcons
[08/22/2008 08:04 PM | 2,677,67808 | -HS- | M] () - C:\hiberfil.sys
[08/21/2008 07:40 PM | ---D | M] - C:\Program Files
[08/03/2008 09:31 AM | -HSD | M] - C:\RECYCLER
[08/22/2008 08:10 PM | ---D | M] - C:\SDFix
[08/22/2008 07:45 PM | -HSD | M] - C:\System Volume Information
[08/22/2008 08:03 PM | ---D | M] - C:\WINDOWS
[08/22/2008 07:32 AM | 0,000,0000 | ---- | M] () - C:\WINDOWS\System32\drivers\74840a61.sys
[08/22/2008 08:00 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/22/2008 08:00 PM | 0,000,0686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/22/2008 01:04 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[1 C:\WINDOWS\System32\*.tmp files]
[08/22/2008 07:58 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/22/2008 01:04 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/16/2008 06:20 AM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.ind
[08/15/2008 11:22 PM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.nlp
[08/16/2008 06:31 AM | ---D | M] - C:\WINDOWS\System32\NtmsData
[08/22/2008 07:44 PM | 0,062,5208 | ---- | M] () - C:\WINDOWS\System32\phce9lj0e7c1.bmp
[08/22/2008 07:45 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 09:02 PM | 0,001,4336 | ---- | M] () - C:\WINDOWS\System32\winaux.drv
[08/22/2008 07:33 AM | 0,000,2262 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/01/2008 09:56 AM | ---D | M] - C:\WINDOWS\AppPatch
[3 C:\WINDOWS\*.tmp files]
[08/15/2008 11:21 PM | 0,000,0071 | ---- | M] () - C:\WINDOWS\Crypkey.ini
[08/01/2008 06:25 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/22/2008 07:56 PM | ---D | M] - C:\WINDOWS\ERUNT
[08/01/2008 06:25 PM | -H-D | M] - C:\WINDOWS\inf
[08/14/2008 10:09 PM | -HSD | M] - C:\WINDOWS\Installer
[08/16/2008 09:30 AM | -H-D | M] - C:\WINDOWS\PIF
[08/22/2008 08:10 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/17/2008 01:58 PM | 0,000,1409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/17/2008 01:58 PM | 0,005,4156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/01/2008 09:57 AM | 0,000,0227 | ---- | M] () - C:\WINDOWS\system.ini
[08/22/2008 08:03 PM | ---D | M] - C:\WINDOWS\system32
[08/22/2008 08:12 PM | ---D | M] - C:\WINDOWS\TEMP
[08/15/2008 11:22 PM | 0,000,0004 | ---- | M] () - C:\WINDOWS\vx86036.dat
[08/22/2008 08:07 PM | 0,000,0690 | ---- | M] () - C:\WINDOWS\win.ini
[08/21/2008 02:15 PM | 0,000,0284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/22/2008 08:05 PM | 0,000,0006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/15/2008 11:16 PM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/17/2008 10:18 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 143 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/15/2008 07:43 PM | 0,639,1568 | -H-- | M] () - C:\Documents and Settings\judith\Local Settings\Application Data\IconCache.db
[08/15/2008 11:16 PM | ---D | M] - C:\Documents and Settings\judith\Local Settings\Application Data\Microsoft
[08/22/2008 07:40 PM | ---D | M] - C:\Documents and Settings\judith\Local Settings\Application Data\SMASHER
[08/17/2008 09:11 AM | 0,000,0545 | ---- | M] () - C:\Documents and Settings\judith\Desktop\EPSON Smart Panel.lnk
[08/21/2008 07:40 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\judith\Desktop\HijackThis.lnk
[08/21/2008 09:11 AM | 0,000,2521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\Microsoft Office Outlook 2003.lnk
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 07:38 PM | 0,146,3521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\SDFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier
[08/14/2008 10:08 PM | ---D | M] - C:\Program Files\Common Files\Java

< End of report >
  • 0

#36
Jimmy2012
Posted 24 August 2008 - 03:29 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Jouju,

STEP 1
CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\System32\drivers\74840a61.sys"
  • Put a link to this Geeks to Go topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\System32\drivers\74840a61.sys

  • Click Open.
  • Click Post.
Thank you!

STEP 2
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
74840a61 <delete service>
C:\WINDOWS\System32\drivers\74840a61.sys
C:\WINDOWS\System32\phce9lj0e7c1.bmp
C:\WINDOWS\uccspecc.sys
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 3
Please rescan with OTViewIt, and post the log back here in your next reply.

STEP 4
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\System32\winaux.drv
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
The OTViewIt log
And the VirScan log
  • 0

#37
Jouju
Posted 24 August 2008 - 07:50 PM

Jouju

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here we go!!

Explorer killed successfully
74840a61 service deleted successfully.
C:\WINDOWS\System32\drivers\74840a61.sys moved successfully.
C:\WINDOWS\System32\phce9lj0e7c1.bmp moved successfully.
C:\WINDOWS\uccspecc.sys moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\judith\LOCALS~1\Temp\Acr17.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\judith\LOCALS~1\Temp\Acr19.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\judith\LOCALS~1\Temp\JETB080.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\judith\LOCALS~1\Temp\~DFA467.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08242008_213219

Files moved on Reboot...
C:\DOCUME~1\judith\LOCALS~1\Temp\Acr17.tmp moved successfully.
C:\DOCUME~1\judith\LOCALS~1\Temp\Acr19.tmp moved successfully.
File C:\DOCUME~1\judith\LOCALS~1\Temp\JETB080.tmp not found!
C:\DOCUME~1\judith\LOCALS~1\Temp\~DFA467.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat not found!


OTViewIt logfile created on: 8/24/2008 9:40:11 PM
OTViewIt by OldTimer - Version 1.0.0.5 Folder = C:\Documents and Settings\judith\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.30 Mb Total Physical Memory | 70.34 Mb Available Physical Memory | 27.55% Memory free
1002.06 Mb Paging File | 736.87 Mb Available in Paging File | 73.54% Paging File free
Paging file location(s): C:\pagefile.sys 768 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.54 Gb Total Space | 4.22 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.53 Gb Total Space | 65.60 Gb Free Space | 88.02% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-8CN6I20DL4
Current User Name: judith
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[01/15/2008 03:40 AM | 0,011,0592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\system32\Crypserv.exe
[10/07/2003 12:10 PM | 0,003,2768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[01/06/2004 11:47 AM | 0,032,7792 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\Diskeeper\DkService.exe
[01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
[10/07/2003 12:35 PM | 0,064,7168 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[01/12/2007 06:45 PM | 0,059,0384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2comm.exe
[01/12/2007 06:45 PM | 0,025,1440 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2pre.exe
[01/12/2007 06:45 PM | 0,089,7584 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2tray.exe
[10/07/2003 12:39 PM | 0,009,0112 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[08/17/2001 06:36 PM | 0,002,4064 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\devldr32.exe
[05/10/2005 04:04 PM | 0,010,2400 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
[06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[05/10/2005 04:04 PM | 0,040,3456 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
[10/24/2003 12:37 AM | 0,021,7194 | ---- | M] (Adobe Systems Inc.) - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.) - C:\Program Files\Sony Handheld\HOTSYNC.EXE
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[01/15/2008 03:40 AM | 0,011,0592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(Crypkey License) Crypkey License [Auto | Running]
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\system32\Crypserv.exe

(DefWatch) DefWatch [Auto | Running]
[10/07/2003 12:10 PM | 0,003,2768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

(Diskeeper) Diskeeper [Auto | Running]
[01/06/2004 11:47 AM | 0,032,7792 | ---- | M] (Executive Software International, Inc.) - C:\Program Files\Executive Software\Diskeeper\DkService.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 12:56 AM | 0,022,4768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(GoToMyPC) GoToMyPC [Auto | Running]
[01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) - C:\Program Files\Citrix\GoToMyPC\g2svc.exe

(iPod Service) iPod Service [On_Demand | Stopped]
[02/04/2008 03:18 PM | 0,050,4104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Norton AntiVirus Server) Symantec AntiVirus Client [Auto | Running]
[10/07/2003 12:35 PM | 0,064,7168 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

(sdAuxService) PC Tools Auxiliary Service [On_Demand | Stopped]
[06/25/2008 07:47 PM | 0,033,7800 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe

(sdCoreService) PC Tools Security Service [On_Demand | Stopped]
[06/25/2008 07:47 PM | 0,101,7224 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe

===== Driver Services - Non-Microsoft Only =====

(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [On_Demand | Running]
[08/28/2002 06:59 PM | 0,003,6224 | ---- | M] (ADMtek Incorporated.) - C:\WINDOWS\system32\drivers\an983.sys

(ati2mtaa) ati2mtaa [On_Demand | Running]
[08/03/2004 10:29 PM | 0,032,7040 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtaa.sys

(BrScnUsb) Brother USB Still Image driver [On_Demand | Stopped]
[10/15/2004 01:50 PM | 0,001,5295 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrScnUsb.sys

(BrSerIf) Brother MFC Serial Port Interface WDM Driver [On_Demand | Stopped]
[09/29/2004 04:24 AM | 0,005,1712 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrSerIf.sys

(BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped]
[01/10/2004 05:28 AM | 0,001,1648 | ---- | M] (Brother Industries Ltd.) - C:\WINDOWS\system32\drivers\BrUsbSer.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\DOCUME~1\judith\LOCALS~1\Temp\catchme.sys

(ctljystk) Creative SBLive! Gameport [On_Demand | Running]
[08/17/2001 08:19 AM | 0,000,3712 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctljystk.sys

(dmboot) dmboot [Disabled | Stopped]
[08/03/2004 11:07 PM | 0,079,9744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/03/2004 11:07 PM | 0,015,3344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/18/2001 08:00 AM | 0,000,5888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(emu10k) Creative SB Live! (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,028,3904 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\emu10k1m.sys

(emu10k1) Creative Interface Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,000,6912 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\ctlfacem.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[09/19/2006 03:44 PM | 0,001,5664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HCF_MSFT) HCF_MSFT [On_Demand | Running]
[08/17/2001 09:28 AM | 0,090,7456 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\HCF_MSFT.sys

(IKFileSec) File Security Driver [On_Demand | Stopped]
[02/01/2008 01:55 PM | 0,004,2376 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\ikfilesec.sys

(IKSysFlt) System Filter Driver [On_Demand | Stopped]
[12/10/2007 03:53 PM | 0,006,6952 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksysflt.sys

(IKSysSec) System Security Driver [On_Demand | Stopped]
[12/10/2007 03:53 PM | 0,008,1288 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksyssec.sys

(NAVAP) NAVAP [On_Demand | Running]
[08/11/2003 05:39 AM | 0,022,4768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys

(NAVAPEL) NAVAPEL [Auto | Running]
[08/11/2003 05:39 AM | 0,003,0208 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/15/2008 04:00 AM | 0,008,9936 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080815.007\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/15/2008 04:00 AM | 0,085,6336 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080815.007\NAVEX15.SYS

(ndiscm) Motorola SurfBoard USB Cable Modem Windows 2000 Driver [On_Demand | Stopped]
[05/13/2002 08:43 PM | 0,001,5399 | R--- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\netmotcm.sys

(NetworkX) NetworkX [System | Running]
[01/09/2006 10:47 PM | 0,003,1846 | ---- | M] () - C:\WINDOWS\system32\Ckldrv.sys

(PalmUSBD) PalmUSBD [On_Demand | Stopped]
[07/29/2003 09:11 PM | 0,001,6772 | R--- | M] (Palm, Inc.) - C:\WINDOWS\system32\drivers\PalmUSBD.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/18/2001 08:00 AM | 0,001,7792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[08/29/2005 08:12 PM | 0,002,0576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[03/25/2002 08:02 PM | 0,002,7440 | ---- | M] () - C:\WINDOWS\system32\drivers\secdrv.sys

(sfman) Creative SoundFont Manager Driver (WDM) [On_Demand | Running]
[08/17/2001 08:19 AM | 0,003,6480 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\sfmanm.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/13/2005 01:35 PM | 0,007,3496 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[01/15/2008 03:39 AM | 0,003,0464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMyPC" = C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon [01/12/2007 06:45 PM | 0,024,9904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
"MimBoot" = C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe [05/10/2005 04:04 PM | 0,001,1776 | ---- | M] (Musicmatch, Inc.)
"NeroCheck" = C:\WINDOWS\system32\\NeroCheck.exe [07/09/2001 06:50 AM | 0,015,5648 | ---- | M] (Ahead Software Gmbh)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [02/01/2008 12:13 AM | 0,038,5024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 0,014,4784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [10/07/2003 12:39 PM | 0,009,0112 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[10/24/2003 12:37 AM | 0,021,7194 | ---- | M] (Adobe Systems Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[10/25/2003 03:44 AM | 0,072,4992 | ---- | M] (Intuit, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[judith Startup Folder - C:\Documents and Settings\judith\Start Menu\Programs\Startup]
[08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.) - C:\Documents and Settings\judith\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
[11/05/2005 01:59 PM | 0,025,6000 | ---- | M] () - C:\Documents and Settings\judith\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [11/03/2003 06:17 PM | 0,005,4248 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 0,050,9328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (AcroIEToolbarHelper Class) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/15/2003 02:03 AM | 0,014,7456 | ---- | M] () C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = -1
"NoDrives" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 12:56 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 0,006,7112 | ---- | M] (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 12:56 AM | 0,014,0800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [11/30/2006 10:49 PM | 0,009,1640 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Sony Handheld\HOTSYNC.EXE" = C:\Program Files\Sony Handheld\HOTSYNC.EXE [08/09/2002 04:36 PM | 0,029,9008 | ---- | M] (Palm, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 0,006,7112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [10/10/2006 01:53 PM | 0,001,0800 | ---- | M] (AOL LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [11/30/2006 10:49 PM | 0,466,2776 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 04:17 PM | 0,022,9376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [02/04/2008 03:18 PM | 1,992,6824 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [08/04/2004 12:56 AM | 0,103,2192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 12:56 AM | 0,002,4576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 12:56 AM | 0,051,4560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [02/28/2005 07:11 PM | 0,845,0048 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 12:56 AM | 0,029,8496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToMyPC]
"DllName" = C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll [01/12/2007 06:45 PM | 0,001,0800 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [10/07/2003 12:30 PM | 0,004,5056 | ---- | M] ()

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ not found. -> ->

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0C75E08F-6F89-47AB-B223-9027025E1B88}]
Servers: | Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8B4328B1-B837-4F86-B6FE-6A610558BD59}]
Servers: | Description: Motorola SURFboard SB5121 USB Cable Modem

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BAC3583F-E605-4F09-8FFE-E35C1737F98C}]
Servers: | Description: Motorola SurfBoard 4200 USB Cable Modem



[Files/Folders - Created Within 30 days]
[08/13/2005 01:24 PM | 0,000,0211 | ---- | M] () - C:\Boot.bak
[07/29/2008 08:02 PM | ---D | C] - C:\cmdcons
[08/03/2004 11:00 PM | 0,026,0272 | ---- | M] () - C:\cmldr
[08/24/2008 09:35 PM | 2,677,67808 | -HS- | M] () - C:\hiberfil.sys
[08/03/2008 09:31 AM | -HSD | C] - C:\RECYCLER
[08/22/2008 08:10 PM | ---D | C] - C:\SDFix
[08/24/2008 09:32 PM | ---D | C] - C:\_OTMoveIt
[01/09/2006 10:47 PM | 0,003,1846 | ---- | M] () - C:\WINDOWS\System32\Ckldrv.sys
[02/28/2006 09:10 PM | 0,006,9632 | ---- | M] (CrypKey (Canada) Ltd.) - C:\WINDOWS\System32\Crypserv.exe
[08/16/2008 06:20 AM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.ind
[08/15/2008 11:22 PM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.nlp
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 02:32 AM | 0,007,3728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 01:21 AM | 0,013,5168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 0,013,9264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/20/2008 09:02 PM | 0,001,4336 | ---- | M] () - C:\WINDOWS\System32\winaux.drv
[06/18/1999 05:49 PM | 0,016,5888 | ---- | M] (Kenonic Controls) - C:\WINDOWS\Ckconfig.exe
[07/04/1995 02:33 PM | 0,001,1776 | ---- | M] () - C:\WINDOWS\Ckrfresh.exe
[08/15/2008 11:21 PM | 0,000,0071 | ---- | M] () - C:\WINDOWS\Crypkey.ini
[08/22/2008 07:56 PM | ---D | C] - C:\WINDOWS\ERUNT
[3 C:\WINDOWS\*.tmp files]
[08/16/2008 09:30 AM | -H-D | C] - C:\WINDOWS\PIF
[08/23/2008 05:50 PM | 0,000,1409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/23/2008 05:50 PM | 0,005,4156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[05/03/1996 11:36 AM | 0,001,8432 | ---- | M] () - C:\WINDOWS\Setup_ck.dll
[05/03/1996 01:21 PM | 0,002,7648 | R--- | M] () - C:\WINDOWS\Setup_ck.exe
[08/15/2008 11:22 PM | 0,000,0004 | ---- | M] () - C:\WINDOWS\vx86036.dat
[08/24/2008 10:16 AM | 0,125,0828 | ---- | M] () - C:\Documents and Settings\judith\My Documents\CC%20App%209-06.pdf
[08/17/2008 09:11 AM | 0,000,0545 | ---- | M] () - C:\Documents and Settings\judith\Desktop\EPSON Smart Panel.lnk
[08/21/2008 07:40 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\judith\Desktop\HijackThis.lnk
[08/24/2008 09:30 PM | 0,029,1840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTMoveIt2.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 07:38 PM | 0,146,3521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\SDFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier
[08/14/2008 10:08 PM | ---D | C] - C:\Program Files\Common Files\Java
[08/20/2008 09:02 PM | ---D | C] - C:\Program Files\Microsoft Common
[08/21/2008 07:40 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[07/29/2008 08:02 PM | 0,000,0281 | RHS- | M] () - C:\boot.ini
[07/29/2008 08:02 PM | ---D | M] - C:\cmdcons
[08/24/2008 09:35 PM | 2,677,67808 | -HS- | M] () - C:\hiberfil.sys
[08/21/2008 07:40 PM | ---D | M] - C:\Program Files
[08/03/2008 09:31 AM | -HSD | M] - C:\RECYCLER
[08/22/2008 08:10 PM | ---D | M] - C:\SDFix
[08/22/2008 07:45 PM | -HSD | M] - C:\System Volume Information
[08/24/2008 09:32 PM | ---D | M] - C:\WINDOWS
[08/24/2008 09:32 PM | ---D | M] - C:\_OTMoveIt
[08/22/2008 08:00 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/22/2008 08:00 PM | 0,000,0686 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/22/2008 01:04 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[1 C:\WINDOWS\System32\*.tmp files]
[08/22/2008 07:58 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/24/2008 09:32 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/16/2008 06:20 AM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.ind
[08/15/2008 11:22 PM | 0,000,1680 | ---- | M] () - C:\WINDOWS\System32\esnecil.nlp
[08/16/2008 06:31 AM | ---D | M] - C:\WINDOWS\System32\NtmsData
[08/22/2008 07:45 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/20/2008 09:02 PM | 0,001,4336 | ---- | M] () - C:\WINDOWS\System32\winaux.drv
[08/24/2008 09:35 PM | 0,000,2262 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/01/2008 09:56 AM | ---D | M] - C:\WINDOWS\AppPatch
[3 C:\WINDOWS\*.tmp files]
[08/15/2008 11:21 PM | 0,000,0071 | ---- | M] () - C:\WINDOWS\Crypkey.ini
[08/01/2008 06:25 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/22/2008 07:56 PM | ---D | M] - C:\WINDOWS\ERUNT
[08/01/2008 06:25 PM | -H-D | M] - C:\WINDOWS\inf
[08/14/2008 10:09 PM | -HSD | M] - C:\WINDOWS\Installer
[08/16/2008 09:30 AM | -H-D | M] - C:\WINDOWS\PIF
[08/24/2008 09:31 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/23/2008 05:50 PM | 0,000,1409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/23/2008 05:50 PM | 0,005,4156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/01/2008 09:57 AM | 0,000,0227 | ---- | M] () - C:\WINDOWS\system.ini
[08/24/2008 09:32 PM | ---D | M] - C:\WINDOWS\system32
[08/24/2008 09:36 PM | ---D | M] - C:\WINDOWS\TEMP
[08/15/2008 11:22 PM | 0,000,0004 | ---- | M] () - C:\WINDOWS\vx86036.dat
[08/24/2008 09:37 PM | 0,000,0614 | ---- | M] () - C:\WINDOWS\win.ini
[08/21/2008 02:15 PM | 0,000,0284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/24/2008 09:35 PM | 0,000,0006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/15/2008 11:16 PM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/17/2008 10:18 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 143 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/15/2008 07:43 PM | 0,639,1568 | -H-- | M] () - C:\Documents and Settings\judith\Local Settings\Application Data\IconCache.db
[08/15/2008 11:16 PM | ---D | M] - C:\Documents and Settings\judith\Local Settings\Application Data\Microsoft
[08/24/2008 09:33 PM | ---D | M] - C:\Documents and Settings\judith\Local Settings\Application Data\SMASHER
[08/24/2008 10:16 AM | 0,125,0828 | ---- | M] () - C:\Documents and Settings\judith\My Documents\CC%20App%209-06.pdf
[08/24/2008 12:40 PM | 0,000,2137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/17/2008 09:11 AM | 0,000,0545 | ---- | M] () - C:\Documents and Settings\judith\Desktop\EPSON Smart Panel.lnk
[08/21/2008 07:40 PM | 0,000,1734 | ---- | M] () - C:\Documents and Settings\judith\Desktop\HijackThis.lnk
[08/22/2008 08:58 PM | 0,000,2521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\Microsoft Office Outlook 2003.lnk
[08/24/2008 09:30 PM | 0,029,1840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTMoveIt2.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
[08/22/2008 08:16 PM | 0,139,7248 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\judith\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 07:38 PM | 0,146,3521 | ---- | M] () - C:\Documents and Settings\judith\Desktop\SDFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier
[08/14/2008 10:08 PM | ---D | M] - C:\Program Files\Common Files\Java

< End of report >

VirSCAN.org Scanned Report :
Scanned time : 2008/08/24 21:44:24 (EDT)
Scanner results: 22% Scanner(8/36) found malware!
File Name : winaux.drv
File Size : 14336 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : a166b3484ffd23371ad02ba0a8a0c3b5
SHA1 : ef2fcf62914cb5b19262100d3f1373f1529315b2
Online report : http://virscan.org/r...6a9fc4d8a3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.24 2008-08-24 2.53 -
AhnLab V3 2008.08.23.00 2008.08.23 2008-08-23 0.88 -
AntiVir 7.8.1.23 7.0.6.61 2008-08-24 2.18 TR/Dldr.Delphi.Gen
Arcavir 1.0.5 200808241228 2008-08-24 1.20 -
AVAST! 3.0.1 080824-0 2008-08-24 0.00 Win32:Trojan-gen {Other}
AVG 7.5.51.442 270.6.7/1631 2008-08-24 1.53 Delf.FKF
BitDefender 7.60825.1574867 7.20659 2008-08-25 2.84 -
CA (VET) 9.0.0.143 31.6.6044 2008-08-23 3.84 -
ClamAV 0.93.3 8082 2008-08-25 0.01 -
Comodo 2.11 2.0.0.626 2008-08-24 0.42 -
CP Secure 1.1.0.715 2008.08.21 2008-08-21 6.20 -
Dr.Web 4.44.0.9170 2008.08.24 2008-08-24 3.10 DLOADER.Trojan
ewido 4.0.0.2 2008.08.24 2008-08-24 2.59 -
F-Prot 4.4.4.56 20080823 2008-08-23 1.01 -
F-Secure 5.51.6100 2008.08.24.01 2008-08-24 0.04 -
Fortinet 2.81-3.11 9.470 1970-01-01 2.06 -
ViRobot 20080822 2008.08.22 2008-08-22 0.48 -
Ikarus T3.1.01.34 2008.08.24.71332 2008-08-24 3.47 Trojan.Win32.Delf.nf
JiangMin 11.0.706 2008.08.24 2008-08-24 1.22 -
Kaspersky 5.5.10 2008.08.24 2008-08-24 0.03 -
KingSoft 2008.1.14.15 2008.8.24.15 2008-08-24 0.62 -
McAfee 5.2.00 5368 2008-08-22 2.57 -
Microsoft 1.3807 2008.08.24 2008-08-24 4.56 -
mks_vir 2.01 2008.08.19 2008-08-19 2.62 -
Norman 5.93.01 5.93.00 2008-08-22 4.93 -
Panda 9.05.01 2008.08.24 2008-08-24 2.03 Suspicious file
Trend Micro 8.700-1004 5.496.24 2008-08-24 0.02 -
Quick Heal 9.50 2008.08.22 2008-08-22 1.68 -
Rising 20.0 20.58.62.00 2008-08-24 0.73 -
Sophos 2.77.0 4.32 2008-08-25 2.04 Mal/Delf-M
Sunbelt 3.1.1575.1 2202 2008-08-22 0.68 Trojan-Downloader.Delphi.Gen
Symantec 1.3.0.24 20080824.007 2008-08-24 0.17 -
nProtect 2008-08-22.00 1909009 2008-08-22 3.72 -
The Hacker 6.3.0.6 v00060 2008-08-22 0.41 -
VBA32 3.12.8.4 20080823.1106 2008-08-23 1.12 -
VirusBuster 4.5.11.10 10.84.10/598500 2008-08-24 0.80 -
  • 0

#38
Jimmy2012
Posted 25 August 2008 - 11:32 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Jouju,

STEP 1
CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\_OTMoveIt\MovedFiles\08232008_231537\WINDOWS\System32\drivers\74840a61.sys"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\_OTMoveIt\MovedFiles\08232008_231537\WINDOWS\System32\drivers\74840a61.sys

  • Click Open.
  • Click Post.
Thank you!

STEP 2
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\System32\winaux.drv
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
~~~~~~~~~~
In your next reply please have this log.
The OTMoveIt2 log
  • 0

#39
Jouju
Posted 26 August 2008 - 08:33 PM

Jouju

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello Jimmy2012;

I am not able to locate C:\_OTMoveIt\MovedFiles\08232008_231537\WINDOWS\System32\drivers\74840a61.sys


Also, I did the task of the hidden files.

What should be done?
  • 0

#40
Jimmy2012
Posted 26 August 2008 - 10:06 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Jouju,

I am not able to locate C:\_OTMoveIt\MovedFiles\08232008_231537\WINDOWS\System32\drivers\74840a61.sys

Please see if you can find this one.
C:\_OTMoveIt\MovedFiles\08242008_213219\WINDOWS\System32\drivers\74840a61.sys
  • 0

Advertisements

#41
Jouju
Posted 29 August 2008 - 07:20 PM

Jouju

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello Jimmy2012:

1. I posted the OTMovieIt2 link on the spy killer forum as requested.

2. Here is the new log for OTMoveIt2.

Explorer killed successfully
C:\WINDOWS\System32\winaux.drv moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\judith\LOCALS~1\Temp\JETDF48.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\judith\LOCALS~1\Temp\~DF9833.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_628.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_103303

Files moved on Reboot...
File C:\DOCUME~1\judith\LOCALS~1\Temp\JETDF48.tmp not found!
C:\DOCUME~1\judith\LOCALS~1\Temp\~DF9833.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_628.dat moved successfully.


FYI... The red virus screen is not there anymore.
  • 0

#42
Jimmy2012
Posted 30 August 2008 - 12:46 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Jouju,

Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~
In your next reply please have these logs/info.
The Kaspersky log
A fresh HijackThis log
And please tell me how your computer is running
  • 0

#43
Rorschach112
Posted 02 September 2008 - 05:09 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP