Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

caiijing trojan [RESOLVED]


  • This topic is locked This topic is locked

#1
rasaberry

rasaberry

    New Member

  • Member
  • Pip
  • 8 posts
this is or was on the wife's laptop. i checked with symantec and followed there procedures for removal..some of the info listed was not on the laptop and it shows the file in quaranteen....here is a hijackthis log .....thanks rasa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:16 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/fl...x.cfm?rev=10298
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8022 bytes
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello rasaberry,

Welcome to Geekstogo.

I am having a look at your log and will get back to you in a bit.

regards
emeraldnzl
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again rasaberry,

Please go to Start > Control Panel > Add or Remove Programs and uninstall Viewpoint

Next

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need more than one post to get it all on the forum; that's fine.

  • 0

#4
rasaberry

rasaberry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTViewIt logfile created on: 8/28/2008 3:56:13 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\debbie\Desktop\Reese Aug 23 2008
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.48 Mb Total Physical Memory | 242.30 Mb Available Physical Memory | 37.95% Memory free
937.63 Mb Paging File | 586.14 Mb Available in Paging File | 62.51% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.42 Gb Free Space | 62.86% Space Free | Partition Type: NTFS
Drive D: | 218.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEBBIE1
Current User Name: debbie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[04/11/2005 09:31 AM | 00,360,448 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[12/17/2003 10:35 PM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
[02/22/2005 07:32 PM | 00,038,912 | ---- | M] () - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[12/17/2003 10:56 PM | 00,651,264 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
[03/13/2008 11:11 PM | 00,075,304 | ---- | M] (Zone Labs, LLC) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[04/11/2005 09:31 AM | 00,360,448 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[04/11/2005 01:00 PM | 00,339,968 | ---- | M] (ATI Technologies, Inc.) - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[04/01/2005 06:11 PM | 00,794,624 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[02/02/2005 08:12 AM | 00,102,492 | ---- | M] (Synaptics, Inc.) - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[02/02/2005 08:11 AM | 00,692,316 | ---- | M] (Synaptics, Inc.) - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[02/17/2005 02:11 AM | 00,049,152 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
[12/03/2004 04:24 PM | 00,290,816 | ---- | M] (Hewlett-Packard ) - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
[12/17/2003 11:00 PM | 00,090,112 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
[03/13/2008 11:11 PM | 00,919,016 | ---- | M] (Zone Labs, LLC) - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[06/02/2007 09:43 PM | 00,068,856 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[10/28/2004 10:29 AM | 00,581,632 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\KEM.exe
[10/21/2004 02:28 PM | 00,029,696 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
[03/04/2005 03:16 PM | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\HPQ\Shared\hpqwmi.exe
[11/30/2006 10:49 PM | 04,662,776 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[08/28/2008 03:52 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\debbie\Desktop\Reese Aug 23 2008\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Ati HotKey Poller) Ati HotKey Poller [Auto | Running]
[04/11/2005 09:31 AM | 00,360,448 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(DefWatch) DefWatch [Auto | Running]
[12/17/2003 10:35 PM | 00,032,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 04:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[01/27/2007 10:00 AM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(hpqwmi) HP WMI Interface [On_Demand | Running]
[03/04/2005 03:16 PM | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) - C:\Program Files\HPQ\Shared\hpqwmi.exe

(iPodService) iPod Service [On_Demand | Stopped]
[10/13/2004 07:03 PM | 00,327,680 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running]
[02/22/2005 07:32 PM | 00,038,912 | ---- | M] () - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Norton AntiVirus Server) Symantec AntiVirus Client [Auto | Running]
[12/17/2003 10:56 PM | 00,651,264 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

(vsmon) TrueVector Internet Monitor [Auto | Running]
[03/13/2008 11:11 PM | 00,075,304 | ---- | M] (Zone Labs, LLC) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

===== Driver Services - Non-Microsoft Only =====

(AliIde) AliIde [Boot | Running]
[08/17/2001 11:51 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(AmdK8) AMD Processor Driver [System | Running]
[08/11/2004 07:30 PM | 00,039,424 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(ASCTRM) ASCTRM [Auto | Running]
[11/26/2005 04:00 PM | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[04/11/2005 09:33 AM | 01,035,264 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(BCM43XX) Broadcom 802.11 Network Adapter Driver [On_Demand | Running]
[03/10/2005 05:41 AM | 00,371,712 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(BTWUSB) WIDCOMM USB Bluetooth Driver [On_Demand | Stopped]
[01/18/2005 12:52 PM | 00,055,320 | ---- | M] (Broadcom Corporation.) - C:\WINDOWS\system32\drivers\btwusb.sys

(CAMCAUD) Conexant AMC Audio [On_Demand | Running]
[02/18/2005 11:41 AM | 00,038,016 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6aud.sys

(CAMCHALA) CAMCHALA [On_Demand | Running]
[02/18/2005 11:42 AM | 00,349,696 | ---- | M] (Conexant Systems Inc.) - C:\WINDOWS\system32\drivers\camc6hal.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 04:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[08/04/2004 04:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 04:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(eabfiltr) eabfiltr [System | Running]
[04/14/2004 10:36 AM | 00,007,432 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\eabfiltr.sys

(eabusb) eabusb [On_Demand | Stopped]
[06/06/2003 02:46 PM | 00,005,220 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\EabUsb.sys

(GEARAspiWDM) GEAR CDRom Filter [On_Demand | Running]
[09/14/2004 05:38 PM | 00,013,872 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HSFHWATI) HSFHWATI [On_Demand | Running]
[12/15/2004 11:18 AM | 00,200,192 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWATI.sys

(HSF_DP) HSF_DP [On_Demand | Running]
[12/15/2004 11:18 AM | 01,038,208 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys

(LHidKe) Logitech SetPoint HID Mouse Filter Driver [On_Demand | Running]
[10/21/2004 02:30 PM | 00,024,671 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidKE.Sys

(LHidUsbK) Logitech SetPoint USB Receiver device driver [On_Demand | Running]
[10/21/2004 02:31 PM | 00,038,691 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidUsbK.sys

(LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Running]
[10/21/2004 02:30 PM | 00,071,535 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouKE.Sys

(mdmxsdk) mdmxsdk [Auto | Running]
[03/17/2004 07:04 AM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(mr7910) Photo Viewer [On_Demand | Stopped]
[08/02/2006 11:45 AM | 00,114,560 | ---- | M] (Mars Semiconductor Corp.) - C:\WINDOWS\system32\drivers\mr7910.sys

(NAVAP) NAVAP [On_Demand | Running]
[08/11/2003 05:39 AM | 00,224,768 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys

(NAVAPEL) NAVAPEL [Auto | Running]
[08/11/2003 05:39 AM | 00,030,208 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/26/2008 04:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080826.023\naveng.sys

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/26/2008 04:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080826.023\navex15.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 04:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[01/26/2005 05:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Stopped]
[03/03/2005 03:10 PM | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Stopped]
[08/17/2001 03:10 PM | 00,035,913 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys

(srescan) srescan [Boot | Running]
[02/27/2008 03:10 AM | 00,051,176 | ---- | M] (Zone Labs, LLC) - C:\WINDOWS\system32\ZoneLabs\srescan.sys

(SymEvent) SymEvent [On_Demand | Running]
[01/27/2006 05:21 PM | 00,073,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[02/02/2005 07:58 AM | 00,191,456 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tifm21) tifm21 [On_Demand | Stopped]
[03/16/2005 08:43 AM | 00,159,488 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys

(tmcomm) tmcomm [Auto | Running]
[10/25/2006 10:50 AM | 00,076,560 | ---- | M] (Trend Micro Inc.) - C:\WINDOWS\system32\drivers\tmcomm.sys

(vsdatant) vsdatant [System | Running]
[03/13/2008 11:11 PM | 00,394,952 | ---- | M] (Zone Labs, LLC) - C:\WINDOWS\system32\vsdatant.sys

(wanatw) WAN Miniport (ATW) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys

(winachsf) winachsf [On_Demand | Running]
[12/15/2004 11:18 AM | 00,703,232 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"ATIPTA" = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [04/11/2005 01:00 PM | 00,339,968 | ---- | M] (ATI Technologies, Inc.)
"eabconfg.cpl" = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start [12/03/2004 04:24 PM | 00,290,816 | ---- | M] (Hewlett-Packard )
"HP Software Update" = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [02/17/2005 02:11 AM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"hpWirelessAssistant" = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [04/01/2005 06:11 PM | 00,794,624 | ---- | M] (Hewlett-Packard Company)
"Logitech Hardware Abstraction Layer" = KHALMNPR.EXE [10/21/2004 02:28 PM | 00,029,696 | ---- | M] (Logitech Inc.)
"LSBWatcher" = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [10/14/2004 04:54 PM | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"Pop-Up Stopper" = File not found
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [02/02/2005 08:11 AM | 00,692,316 | ---- | M] (Synaptics, Inc.)
"SynTPLpr" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [02/02/2005 08:12 AM | 00,102,492 | ---- | M] (Synaptics, Inc.)
"vptray" = C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [12/17/2003 11:00 PM | 00,090,112 | ---- | M] (Symantec Corporation)
"ZoneAlarm Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM | 00,919,016 | ---- | M] (Zone Labs, LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [06/02/2007 09:43 PM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[10/28/2004 10:29 AM | 00,581,632 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

[debbie Startup Folder - C:\Documents and Settings\debbie\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10/26/2006 11:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/22/2006 11:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/20/2007 12:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [05/06/2008 01:03 PM | 00,734,704 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/20/2007 12:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 11:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/20/2007 12:55 AM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

"{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{E6AE90A4-1B01-47F0-AA78-E6B122E145E9}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 11:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 04:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/24/2006 11:37 AM | 07,094,272 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 04:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [10/13/2004 07:12 PM | 08,759,808 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [11/30/2006 10:49 PM | 00,091,640 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 03:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\1133036626\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1133036626\ee\aolsoftware.exe [11/02/2005 11:01 PM | 00,050,792 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1133036626\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1133036626\ee\aim6.exe [01/09/2006 03:31 PM | 00,050,792 | ---- | M] (America Online, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe [03/13/2008 11:11 PM | 00,075,304 | ---- | M] (Zone Labs, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/24/2006 11:37 AM | 07,094,272 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [11/30/2006 10:49 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 04:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 04:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 04:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [04/11/2005 09:31 AM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [12/17/2003 10:51 PM | 00,045,056 | ---- | M] ()

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = aim6
"hkey" = HKCU
"command" = C:\Program Files\AIM6\aim6.exe [10/04/2007 11:20 AM | 00,050,528 | ---- | M] (AOL LLC)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cpqset]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = cpqset
"hkey" = HKLM
"command" = C:\Program Files\HPQ\Default Settings\Cpqset.exe [02/17/2005 05:01 PM | 00,233,534 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLSoftware
"hkey" = HKLM
"command" = C:\Program Files\Common Files\AOL\1133036626\ee\aolsoftware.exe [11/02/2005 11:01 PM | 00,050,792 | ---- | M] (America Online, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [10/13/2004 07:04 PM | 00,278,528 | ---- | M] (Apple Computer, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = qttask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\qttask.exe [04/29/2005 09:02 AM | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = RealPlay
"hkey" = HKLM
"command" = C:\Program Files\Real\RealPlayer\realplay.exe [11/26/2005 04:00 PM | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SeePassword]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SeePassword
"hkey" = HKLM
"command" = C:\Program Files\SeePassword\SeePassword.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleToolbarNotifier
"hkey" = HKCU
"command" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [06/02/2007 09:43 PM | 00,068,856 | ---- | M] (Google Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = YahooMessenger
"hkey" = HKCU
"command" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [11/30/2006 10:49 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5CD601CE-5361-4CA1-BD69-03B359C1B08A}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6C523C9D-A4E4-4BF5-97FA-D2338CCF41CF}]
Servers: | Description: Broadcom 802.11b/g WLAN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9E24E003-31B7-40F1-A1DE-5C8952BF3F24}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806a-c5ce-11dc-a75a-0014a519bcd9}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806a-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806a-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806b-c5ce-11dc-a75a-0014a519bcd9}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806b-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806b-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806c-c5ce-11dc-a75a-0014a519bcd9}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806c-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806c-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806d-c5ce-11dc-a75a-0014a519bcd9}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806d-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806d-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e570c203-5e4b-11da-a503-0014a519bcd9}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e570c203-5e4b-11da-a503-0014a519bcd9}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e570c203-5e4b-11da-a503-0014a519bcd9}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[1 C:\WINDOWS\System32\*.tmp files]
[08/18/2008 05:59 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[07/31/2008 01:42 PM | ---D | C] - C:\Documents and Settings\debbie\Desktop\July 2008
[08/23/2008 09:49 PM | ---D | C] - C:\Documents and Settings\debbie\Desktop\July&Aug 2008 Reese
[08/25/2008 06:18 PM | ---D | C] - C:\Documents and Settings\debbie\Desktop\Reese Aug 23 2008
[08/27/2008 02:27 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\debbie\Desktop\HijackThis.lnk
[08/27/2008 02:27 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/19/2008 07:55 PM | 00,000,211 | RHS- | M] () - C:\boot.ini
[08/28/2008 02:37 PM | ---D | M] - C:\WINDOWS
[08/28/2008 02:56 PM | -HSD | M] - C:\System Volume Information
[08/28/2008 03:46 PM | ---D | M] - C:\eudora attachements
[08/28/2008 03:56 PM | R--D | M] - C:\Program Files
[08/28/2008 11:07 AM | 66,956,9024 | -HS- | M] () - C:\hiberfil.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/19/2008 06:52 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/19/2008 06:52 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 06:04 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/28/2008 02:56 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/28/2008 11:08 AM | 00,352,186 | -H-- | M] () - C:\WINDOWS\System32\vsconfig.xml
[08/28/2008 11:09 AM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/28/2008 11:20 AM | ---D | M] - C:\WINDOWS\System32\ZoneLabs
[08/06/2008 12:45 PM | -HSD | M] - C:\WINDOWS\Installer
[08/18/2008 05:59 PM | ---D | M] - C:\WINDOWS\Debug
[08/18/2008 05:59 PM | ---D | M] - C:\WINDOWS\system32
[08/19/2008 06:53 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/19/2008 07:55 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/19/2008 07:55 PM | 00,000,603 | ---- | M] () - C:\WINDOWS\win.ini
[08/20/2008 11:25 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/26/2008 06:04 PM | -H-D | M] - C:\WINDOWS\inf
[08/28/2008 03:23 PM | ---D | M] - C:\WINDOWS\Internet Logs
[08/28/2008 03:56 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/28/2008 11:07 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/28/2008 11:08 AM | ---D | M] - C:\WINDOWS\Temp
[08/28/2008 11:07 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/28/2008 03:56 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Viewpoint
[08/27/2008 03:38 PM | 06,916,378 | -H-- | M] () - C:\Documents and Settings\debbie\Local Settings\Application Data\IconCache.db
[08/01/2008 07:32 PM | ---D | M] - C:\Documents and Settings\debbie\Desktop\July 2008
[08/23/2008 10:04 PM | ---D | M] - C:\Documents and Settings\debbie\Desktop\July&Aug 2008 Reese
[08/27/2008 02:29 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\debbie\Desktop\HijackThis.lnk
[08/28/2008 03:54 PM | ---D | M] - C:\Documents and Settings\debbie\Desktop\Reese Aug 23 2008

< End of report >
  • 0

#5
rasaberry

rasaberry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTViewIt Extras logfile created on: 8/28/2008 3:56:13 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\debbie\Desktop\Reese Aug 23 2008
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.48 Mb Total Physical Memory | 242.30 Mb Available Physical Memory | 37.95% Memory free
937.63 Mb Paging File | 586.14 Mb Available in Paging File | 62.51% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.42 Gb Free Space | 62.86% Space Free | Partition Type: NTFS
Drive D: | 218.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2" = Adobe Reader 8.1.2 Security Update 1 (KB403742)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D1E8DC27-C3CD-4DD8-B37B-D26D7D7CFCBD}" = HP User Guides 0002
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD546C3F-AF52-457B-94C4-D71DC94BFC82}" = Eudora
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB883667" = Windows XP Hotfix - KB883667
"KB884575" = Windows XP Hotfix - KB884575
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB885855" = Windows XP Hotfix - KB885855
"KB885884" = Windows XP Hotfix - KB885884
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888239" = Windows XP Hotfix - KB888239
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890047" = Windows XP Hotfix - KB890047
"KB890175" = Windows XP Hotfix - KB890175
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB892559" = Windows XP Hotfix - KB892559
"KB893066" = Security Update for Windows XP (KB893066)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901190" = Security Update for Windows XP (KB901190)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090" = Security Update for Windows XP (KB928090)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Okoker Sudoku_is1" = Okoker Sudoku 1.2
"Playtime For Baby & Toddler" = Playtime For Baby & Toddler
"Pop-Up Stopper" = Pop-Up Stopper
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST6UNST #1" = TABVIEW2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm Pro" = ZoneAlarm Pro

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello rasaberry,

Firstly lets remove some old versions of Java on your machine.

Older versions are vunerable to attack.
  • Go to Start > Settings > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java. Go here for a video on how to do it Video Add/Remove Programs
  • Check (highlight) any item except JRE 1.6.0_07 with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all older Java components are removed.

    Next

    Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

    Please go to the link below to update.

    http://www.adobe.com.../readstep2.html

    Now

    Before we proceed we need to backup your Registry. Making changes to your computers registry is a dangerous proceedure and backup will allow us to recover information if necessary.

    Download and install ERUNT (Emergency Recovery Utility NT) from here lars Hederer or here Snapfiles.com.

    Click on ERUNT and follow the prompts to backup your registry to a location of your choosing.

    -----Step 2-----

    Please download the OTMoveIt2 by OldTimer.[list]
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806a-c5ce-11dc-a75a-0014a519bcd9}\Shell
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44b0806a-c5ce-11dc-a75a-0014a519bcd9}\Shell\Autoplay
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e570c203-5e4b-11da-a503-0014a519bcd9}\Shell
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e570c203-5e4b-11da-a503-0014a519bcd9}\Shell\Autoplay
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e570c203-5e4b-11da-a503-0014a519bcd9}\Shell\Autoplay\DropTarget\\{f26a669a-bcbb-4e37-abf9-7325da15f931}
    HKEY_CLASSES_ROOT\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Lastly in this post

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you return please post
  • OTMoveIt2 report
  • Kaspersky scan results

  • 0

#7
rasaberry

rasaberry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
of these which one should i leave on the laptop

"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
JRE 1.6.0_07 in my previous post related to this one "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

So that is the one to keep.

regards
emeraldnzl
  • 0

#9
rasaberry

rasaberry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Files moved on Reboot...
C:\DOCUME~1\debbie\LOCALS~1\Temp\Perflib_Perfdata_eb8.dat moved successfully.
C:\DOCUME~1\debbie\LOCALS~1\Temp\~DFCA0A.tmp moved successfully.
C:\WINDOWS\temp\ZLT0531d.TMP moved successfully.
C:\WINDOWS\temp\ZLT05320.TMP moved successfully.
  • 0

#10
rasaberry

rasaberry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
the kapersy page will not mount....tried from 3 computers
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
What happened to the OTMoveIt report?

Only a tiny bit there. From that I don't know whether it worked.

The Kaspersky scan would help. I am running it on my computer to see if it is a problem at their site. So far so good but as you probably know it can take a long time.

I am reluctant to move to an alternative just yet as I find Kaspersky gives the best results for me to feel happy I have covered everything. Sometimes of course we have to look at an alternative and it may be we will have to do it in this case.

Meantime if you can find that OTMoveIt report it would be a great help. Go to Start > Right click > Explore and navigate to c:\_OTMoveIt\MovedFiles then click on it and there should be a report under Date and Time (mmddyyyy_hhmmss.log) that you ran it. Please open this log in Notepad and post its contents back here.

regards
emeraldnzl
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again rasaberry,

I have successfully run Kaspersky. Not a problem with the link I gave you.

So what do we take from this.

Well I think it is something on your computer maybe Symantec or ZoneAlarm.

Would you mind having one more go after making sure everything in Symantec and ZoneAlarm are disabled.

Another thing that often works is to run it in Safe Mode. In fact I would try that first as I ran Kaspersky without difficulty with Avira anti-virus, BoClean and Comodo Firewall all enabled.

Here is how to go to Safe Mode:

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • 0

#13
rasaberry

rasaberry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i tried the safe mode but couldn't get internet connection and i thought it might be because it is a wireless connection and it wouldnt load it....went back to normal boot , shut off zone alarm, symantec antivirus and windows firewall. the kapersky page still would not load...

as for the moveit files. i found the Date and Time but no mmddyyyy_hhmmss.log). that is why i posted what the program itself showed me in the right hand column that it had moved those files.

i will be leaving at 3:30 pm today and will not be back until tuesday.

thx for the help

rasa
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello rasaberry,

Lets try another approach.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#15
rasaberry

rasaberry

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1096
Windows 5.1.2600 Service Pack 2

9:11:35 PM 8/29/2008
mbam-log-08-29-2008 (21-11-35).txt

Scan type: Quick Scan
Objects scanned: 51051
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\PIF (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP