Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan popup window warning from windows

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan popup window warning from windows

Unread postby Braymar » August 28th, 2008, 10:30 pm

Good Evening-

I contracted a couple of trojans/viruses that I think I have cleaned up. I used 'PC Tools Spyware Doctor' and 'Malwarebytes Anti-Malware' to find and remove the suspect Trojans (at least I think they were removed).

But I still get a Windows warning pop-up window that says 'Trojan-spy.win32.keylogger.AA' and Trojan-clicker.win32.tiny.h' everything I open a new program or Internet explorer or Firefox.

I mostly use Firefox for web browsing. Comcast supplies McAffe Security Suite that I use for my firewall ( i have windows firewall shut off).

Can you help with the removal of what is causing these pop-ups. everything else seems to be working correctly (although I am no expert).

I do have some experience with cleanup - about 4 years ago on another computer I went through this and used the HiJackthis log and online help to clean up a bad infection.

Thanks for your Help - Mark

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:45 AM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System\CmFlywav.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\fqfulaxa.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Teamspeak2_RC2\server_windows.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.13.1.2\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe
O4 - HKCU\..\Run: [EnChk] C:\WINDOWS\system32\fqfulaxa.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149128008984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149212469984
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://meijer.lifepics.com/net/Uploa...eUploader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://meijer.lifepics.com/net/Uploa...Uploader45.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2D4FBC-E72B-443C-B0E7-90D48B24BFE9}: NameServer = 68.87.77.130,68.87.72.130
O21 - SSODL: WinSrvDsc - {6F047AB0-C652-E5F6-D0D4-0992F0369724} - C:\Program Files\lopbixe\WinSrvDsc.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 15096 bytes
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm
Advertisement
Register to Remove

Re: Trojan popup window warning from windows

Unread postby Shaba » August 30th, 2008, 4:58 am

Hi Braymar

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan popup window warning from windows

Unread postby Braymar » August 30th, 2008, 10:39 am

I have been attempting to Run RSIT - how long should it take - It has been going a couple of hours and seems to be hung up on 'preforming registry dump'. I am leaving to go out of town until Monday evening. I will let it run and see if it finishes while I am gone.

Thanks in advance for your help. I will be back in contact Monday evening eastern time.

Thanks Again

Mark
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm

Re: Trojan popup window warning from windows

Unread postby Shaba » August 30th, 2008, 10:49 am

You can stop that and try this instead, please:

  1. Please download OTViewIt by OldTimer and save it to your Desktop.
  2. Close all applications and windows.
  3. Double-click on the OTViewIt.exeto start OTViewIt.
  4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
  5. Click the blue Run Scan button.
  6. OTViewIt will now start its scan.
  7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
  8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan popup window warning from windows

Unread postby Braymar » August 30th, 2008, 12:00 pm

That worked - here you go.

I am leaving right now -just caught your reply as I was loading up the kids. I will be back online on Monday evening.

Thanks - Mark

OTViewIt logfile created on: 8/30/2008 12:00:18 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.6 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 338.60 Mb Available Physical Memory | 33.38% Memory free
2.38 Gb Paging File | 1.66 Gb Available in Paging File | 69.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 55.83 Gb Free Space | 24.83% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.41 Gb Free Space | 17.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 101.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 465.64 Gb Total Space | 232.37 Gb Free Space | 49.90% Space Free | Partition Type: FAT32

Computer Name: MARKS
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[04/30/2005 05:02 PM | 00,086,016 | ---- | M] (B.H.A Corporation) - C:\WINDOWS\system32\bgsvcgen.exe
[01/16/2007 02:59 PM | 00,071,208 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\MBackMonitor.exe
[09/11/2006 05:32 PM | 00,094,208 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
[02/01/2008 12:55 PM | 00,747,912 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe
[02/01/2008 12:55 PM | 00,948,616 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe
[05/28/2007 12:57 PM | 00,275,968 | ---- | M] (Rocket Division Software) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
[04/05/2005 05:19 PM | 00,077,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[10/05/2005 01:38 PM | 00,032,768 | ---- | M] () - C:\WINDOWS\system\cmflywav.exe
[11/04/2007 11:06 AM | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) - C:\WINDOWS\system32\WDBtnMgr.exe
[09/11/2006 05:32 PM | 09,371,648 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\RetroExpress.exe
[12/12/2006 11:26 PM | 00,020,480 | R--- | M] () - C:\WINDOWS\Imgtask.exe
[01/16/2007 02:59 PM | 04,838,952 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
[02/01/2008 12:55 PM | 01,103,240 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsTray.exe
[07/24/2008 05:07 PM | 00,363,591 | ---- | M] (Plaxo, Inc.) - C:\Program Files\Plaxo\3.13.1.2\PlaxoHelper_en.exe
[07/17/2008 06:44 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe

===== Win32 Services - Non-Microsoft Only =====

(bgsvcgen) B's Recorder GOLD Library General Service [Auto | Running]
[04/30/2005 05:02 PM | 00,086,016 | ---- | M] (B.H.A Corporation) - C:\WINDOWS\system32\bgsvcgen.exe

(MBackMonitor) MBackMonitor [Auto | Running]
[01/16/2007 02:59 PM | 00,071,208 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\MBackMonitor.exe

(RetroExp Helper) Retrospect Express HD Helper [Auto | Stopped]
[09/11/2006 05:32 PM | 00,122,880 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe

(RetroExpLauncher) Retrospect Express HD Launcher [Auto | Running]
[09/11/2006 05:32 PM | 00,094,208 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe

(sdAuxService) PC Tools Auxiliary Service [Auto | Running]
[02/01/2008 12:55 PM | 00,747,912 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe

(sdCoreService) PC Tools Security Service [Auto | Running]
[02/01/2008 12:55 PM | 00,948,616 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe

(StarWindServiceAE) StarWind AE Service [Auto | Running]
[05/28/2007 12:57 PM | 00,275,968 | ---- | M] (Rocket Division Software) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

===== Driver Services - Non-Microsoft Only =====

(AgereSoftModem) Agere Systems Soft Modem [On_Demand | Running]
[01/25/2006 05:24 PM | 01,149,888 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys

(cdrbsdrv) cdrbsdrv [System | Running]
[05/11/2005 12:33 AM | 00,032,256 | ---- | M] (B.H.A Corporation) - C:\WINDOWS\System32\drivers\cdrbsdrv.sys

(cmvad) C-Media Wi-Sonic Wireless Audio Interface [On_Demand | Running]
[09/26/2005 04:50 PM | 01,351,360 | ---- | M] (C-Media Electronics Inc) - C:\WINDOWS\system32\drivers\cmudaxv.sys

(E100B) Intel(R) PRO Network Connection Driver [On_Demand | Running]
[10/14/2004 06:30 PM | 00,155,648 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(hamachi) Hamachi Network Interface [On_Demand | Running]
[01/14/2008 10:07 PM | 00,025,280 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\hamachi.sys

(ialm) ialm [On_Demand | Running]
[04/05/2005 05:46 PM | 00,830,684 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(IKFileSec) File Security Driver [Boot | Running]
[02/01/2008 12:55 PM | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\ikfilesec.sys

(IKSysFlt) System Filter Driver [System | Running]
[12/10/2007 02:53 PM | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksysflt.sys

(IKSysSec) System Security Driver [System | Running]
[12/10/2007 02:53 PM | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksyssec.sys

(PCASp50) PCASp50 NDIS Protocol Driver [On_Demand | Running]
[10/25/2004 02:40 PM | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\system32\drivers\PCASp50.sys

(PcdrNdisuio) PCDRNDISUIO Usermode I/O Protocol [On_Demand | Stopped]
[01/19/2005 08:21 PM | 00,012,416 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\system32\drivers\PcdrNdisuio.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08/04/2004 12:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys

(sptd) sptd [Boot | Running]
[01/14/2008 10:57 PM | 00,715,248 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader" = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM | 00,063,712 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"CmFlywaveName" = C:\WINDOWS\System\CmFlywav.exe [10/05/2005 01:38 PM | 00,032,768 | ---- | M] ()
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe [04/05/2005 05:19 PM | 00,077,824 | ---- | M] (Intel Corporation)
"HPDJ Taskbar Utility" = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [01/13/2006 02:46 AM | 00,196,608 | ---- | M] (HP)
"HPHmon03" = C:\WINDOWS\system32\hphmon03.exe [01/13/2006 02:46 AM | 00,311,296 | ---- | M] (Hewlett-Packard)
"ImgTask" = C:\WINDOWS\Imgtask.exe [12/12/2006 11:26 PM | 00,020,480 | R--- | M] ()
"ISTray" = "C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM | 01,103,240 | ---- | M] (PC Tools)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"Linksys WMB54G Utility" = C:\Program Files\Wireless-G Music Bridge\WMB54G.exe -R [02/20/2006 04:47 AM | 01,171,456 | ---- | M] ()
"LSBWatcher" = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [10/14/2004 04:54 PM | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"MBkLogOnHook" = C:\Program Files\McAfee\MBK\LogOnHook.exe [01/08/2007 12:22 PM | 00,020,480 | ---- | M] (McAfee)
"McAfee Backup" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [01/16/2007 02:59 PM | 04,838,952 | ---- | M] (McAfee)
"mcagent_exe" = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [11/01/2007 07:12 PM | 00,582,992 | ---- | M] (McAfee, Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RetroExpress" = C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h [09/11/2006 05:32 PM | 09,371,648 | ---- | M] (EMC Corporation)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [03/30/2008 02:12 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"WD Button Manager" = WDBtnMgr.exe [11/04/2007 11:06 AM | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount [12/22/2007 03:09 AM | 00,221,056 | ---- | M] (Alcohol Soft Development Team)
"EnChk" = C:\WINDOWS\system32\fqfulaxa.exe File not found
"PlaxoSysTray" = C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe [07/24/2008 05:07 PM | 00,020,480 | ---- | M] (Plaxo, Inc.)
"PlaxoUpdate" = C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe -a [07/24/2008 05:07 PM | 00,363,591 | ---- | M] (Plaxo, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [07/13/2007 09:20 PM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount [12/22/2007 03:09 AM | 00,221,056 | ---- | M] (Alcohol Soft Development Team)
"EnChk" = C:\WINDOWS\system32\fqfulaxa.exe File not found
"PlaxoSysTray" = C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe [07/24/2008 05:07 PM | 00,020,480 | ---- | M] (Plaxo, Inc.)
"PlaxoUpdate" = C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe -a [07/24/2008 05:07 PM | 00,363,591 | ---- | M] (Plaxo, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [07/13/2007 09:20 PM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/05/2004 05:28 AM | 00,258,048 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[11/21/2003 09:02 PM | 00,151,552 | ---- | M] (Sony Corporation) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

[Brayton Startup Folder - C:\Documents and Settings\Brayton\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[HP_Administrator Startup Folder - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [03/30/2008 02:13 PM | 00,308,856 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
HKLM CLSID: (scriptproxy) - [11/09/2007 12:09 PM | 00,058,688 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\scriptsn.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [08/13/2008 08:56 PM | 00,651,760 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
""
HKLM CLSID: () - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

========== AppInit_Dlls ==========

========== SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinSrvDsc" = {6F047AB0-C652-E5F6-D0D4-0992F0369724}
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [08/13/2008 06:46 PM | 00,102,400 | ---- | M] () C:\Program Files\lopbixe\WinSrvDsc.dll

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = SpySubtract Shell Extension
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [04/05/2005 05:18 PM | 00,131,072 | ---- | M] (Intel Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE File not found
"item" = Adobe Reader Speed Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu File not found
"backup" = C:\WINDOWS\pss\Picture Package Menu.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [11/21/2003 09:02 PM | 00,151,552 | ---- | M] (Sony Corporation)
"item" = Picture Package Menu

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk File not found
"backup" = C:\WINDOWS\pss\Picture Package VCD Maker.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE File not found
"item" = Picture Package VCD Maker

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk File not found
"backup" = C:\WINDOWS\pss\SpySubtract.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\InterMute\SpySubtract\sslaunch.exe [05/16/2005 08:37 PM | 00,073,728 | ---- | M] (InterMute, Inc.)
"item" = SpySubtract

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk File not found
"backup" = C:\WINDOWS\pss\Updates from HP.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [05/16/2005 08:38 PM | 00,045,056 | ---- | M] (Hewlett-Packard)
"item" = Updates from HP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path" = C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Gamma.lnk File not found
"location" = Startup
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/2005 09:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"item" = Adobe Gamma

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\ALCMTR.EXE [05/03/2005 06:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\WINDOWS\ALCMTR.EXE [05/03/2005 06:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ehtray
"hkey" = HKLM
"command" = C:\WINDOWS\ehome\ehtray.exe [08/05/2005 01:56 PM | 00,064,512 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Free Download Manager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = fdm
"hkey" = HKCU
"command" = C:\Program Files\Free Download Manager\fdm.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPBootOp]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HPBootOp
"hkey" = HKLM
"command" = C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [02/26/2005 01:34 AM | 00,245,760 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 08:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\igfxpers.exe [04/05/2005 05:23 PM | 00,114,688 | ---- | M] (Intel Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\igfxpers.exe [04/05/2005 05:23 PM | 00,114,688 | ---- | M] (Intel Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = qttask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\RTHDCPL.EXE [09/22/2005 01:36 PM | 14,854,144 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\WINDOWS\RTHDCPL.EXE [09/22/2005 01:36 PM | 14,854,144 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tgcmd]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = tgcmd
"hkey" = HKLM
"command" = C:\Program Files\support.com\bin\tgcmd.exe [01/09/2006 05:42 PM | 01,757,184 | ---- | M] (Comcast)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [03/30/2008 02:12 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[05/11/2008 03:54 PM | 00,000,250 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTOEXEC.BAT []
[07/28/2001 07:07 AM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[08/07/2005 08:49 PM | 00,000,090 | ---- | M] () D:\Autorun.inf [ FAT32 ]

AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[04/30/2004 11:01 PM | 00,000,053 | -HS- | M] () D:\AUTORUN.FCB [ FAT32 ]

Autorun.inf [[autorun] | OPEN=setup.exe | ICON=setup.exe | ]
[05/01/2007 09:12 AM | 00,000,043 | R--- | M] () F:\Autorun.inf [ CDFS ]

autorun []
[11/02/2007 07:39 AM | ---D | M] N:\autorun [ FAT32 ]

autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ]
[11/15/2005 11:08 AM | 00,000,036 | -H-- | M] () N:\autorun.inf [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{018e1243-5d82-11db-84f7-0013d4135bcb}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a1-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a2-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a3-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a4-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a5-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de5d3b8-22be-11dc-8525-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7227c9e4-2560-11dd-856b-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{943b4180-fed6-11da-84cf-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa46224-fef9-11da-84d2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa46225-fef9-11da-84d2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0f755b-bba2-11dc-8551-0013d4135bcb}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc9ae9d8-2446-11dc-8526-0013d4135bcb}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2AB6FA7A-27D7-4E7E-AC05-AA33147E2DCF}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2C18D7EF-BE58-4B16-9253-1DEDB62F4A4A}]
Servers: | Description: Windows Mobile-based Device

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3944E655-6245-46B9-8E4C-6314609F18A9}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{785F8075-287C-4814-A130-9C5E27B5D2C3}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AD2D4FBC-E72B-443C-B0E7-90D48B24BFE9}]
Servers: 68.87.77.130,68.87.72.130 | Description: Intel(R) PRO/100 VE Network Connection

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[08/30/2008 07:39 AM | ---D | C] - C:\rsit
[08/13/2008 09:03 PM | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\kcom.sys
[08/13/2008 09:03 PM | 00,042,376 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\ikfilesec.sys
[08/13/2008 09:03 PM | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\iksysflt.sys
[08/13/2008 09:03 PM | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\iksyssec.sys
[11 C:\WINDOWS\System32\*.tmp files]
[08/13/2008 08:56 PM | ---D | C] - C:\WINDOWS\System32\runtime
[08/13/2008 06:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\dqjibyhi
[08/13/2008 07:45 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/13/2008 08:03 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/06/2008 08:12 PM | 00,001,804 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/13/2008 08:03 PM | 00,000,707 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/29/2008 06:01 PM | 00,002,009 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Logitech Harmony Remote Software 7.lnk
[08/29/2008 05:59 PM | ---D | C] - C:\Program Files\Common Files\Remote Control Software Common
[08/29/2008 05:59 PM | ---D | C] - C:\Program Files\Common Files\Remote Control USB Driver
[08/13/2008 06:46 PM | ---D | C] - C:\Program Files\lopbixe
[08/13/2008 08:03 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/13/2008 09:03 PM | ---D | C] - C:\Program Files\Spyware Doctor
[08/23/2008 09:35 AM | ---D | C] - C:\Program Files\Trend Micro
[08/29/2008 05:59 PM | ---D | C] - C:\Program Files\Logitech

========== Files/Folders - Modified Within 30 days ==========

[08/30/2008 09:08 AM | 10,637,68064 | -HS- | M] () - C:\hiberfil.sys
[11 C:\WINDOWS\System32\*.tmp files]
[08/17/2008 07:32 PM | 00,072,824 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/17/2008 07:32 PM | 00,445,870 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/17/2008 07:32 PM | 00,525,398 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/29/2008 06:03 PM | 00,000,004 | ---- | M] () - C:\WINDOWS\System32\2B395C
[08/29/2008 06:03 PM | 00,870,128 | ---- | M] () - C:\WINDOWS\System32\mcs.rma
[08/30/2008 09:09 AM | 00,019,260 | ---- | M] () - C:\WINDOWS\System32\Config.MPF
[08/30/2008 09:15 AM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/30/2008 09:02 AM | 00,000,134 | ---- | M] () - C:\WINDOWS\System\Flywave.dll
[1 C:\WINDOWS\*.tmp files]
[08/13/2008 06:42 AM | 00,000,653 | ---- | M] () - C:\WINDOWS\win.ini
[08/30/2008 09:08 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/15/2008 01:46 AM | 00,000,372 | ---- | M] () - C:\WINDOWS\tasks\McDefragTask.job
[08/27/2008 12:08 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/28/2008 01:00 AM | 00,000,378 | ---- | M] () - C:\WINDOWS\tasks\McQcTask.job
[08/30/2008 09:08 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/06/2008 08:12 PM | 00,001,804 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/13/2008 08:03 PM | 00,000,707 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/29/2008 06:01 PM | 00,002,009 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Logitech Harmony Remote Software 7.lnk

< End of report >



Extras:

OTViewIt Extras logfile created on: 8/30/2008 12:00:19 PM - Run 1
OTViewIt by OldTimer - Version 1.0.1.6 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 338.60 Mb Available Physical Memory | 33.38% Memory free
2.38 Gb Paging File | 1.66 Gb Available in Paging File | 69.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 55.83 Gb Free Space | 24.83% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.41 Gb Free Space | 17.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 101.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 465.64 Gb Total Space | 232.37 Gb Free Space | 49.90% Space Free | Partition Type: FAT32

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[06/20/2006 11:36 PM | 00,187,176 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[06/20/2006 11:36 PM | 01,207,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[06/20/2006 11:36 PM | 01,977,128 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[05/01/2007 03:09 PM | 00,194,072 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Disabled:BackWeb for Pavilion
[05/16/2005 08:38 PM | 00,045,056 | ---- | M] (Hewlett-Packard)

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
File not found

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[04/13/2008 08:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe" = C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2
[08/29/2003 04:13 PM | 01,436,160 | ---- | M] (Dominating Bytes Design)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[06/20/2006 11:36 PM | 00,187,176 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[06/20/2006 11:36 PM | 01,207,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[06/20/2006 11:36 PM | 01,977,128 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exe" = C:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exe:*:Enabled:Retrospect Express HD
[09/11/2006 05:32 PM | 00,221,184 | ---- | M] (EMC Corporation)

"C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe" = C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe:*:Enabled:Retrospect Express HD Launcher service
[09/11/2006 05:32 PM | 00,094,208 | ---- | M] (EMC Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[05/01/2007 03:09 PM | 00,194,072 | ---- | M] ()

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [07/17/2008 06:44 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" %*

========== Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D917C5F-1CF9-42E0-899F-78AC10576405}" = First Step Guide
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1219497F-FA96-4D8E-9571-9C27A2A66B38}" = Opera 9.51
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1CCDF8BE-8BE8-45F1-BDAD-1195131E5AC5}" = Linksys Wireless-G Music Bridge
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6512B303-F989-4C13-B9F6-A99989E4ED54}" = HP Tunes
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{A9CF9052-F4A0-475D-A00F-A8388C62DD63}" = MSXML 4.0 SP2 (KB925672)
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2" = Adobe Reader 8.1.2 Security Update 1 (KB403742)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"31D6EDEF-1926-4267-A24E-077BFB360F72" = Final Drive Nitro from HP Media Center (remove only)
"4C838121-69EC-424A-8FB0-91C15306A758" = Phoenix Assault from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"600C800C-5985-4E74-AFE7-571001AC3FA4" = Slyder from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A8B63E91-BB8C-41FF-B530-5BB13C915612" = Overball from HP Media Center (remove only)
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"CCleaner" = CCleaner (remove only)
"C-Media Wi-Sonic Wireless Audio Driver" = C-Media Wi-Sonic Wireless Audio Driver
"Comcast Rhapsody" = Comcast Rhapsody
"comcastDD" = Desktop Doctor
"ComcastToolbar" = Comcast Toolbar
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Shorten Codec" = dBpowerAMP Shorten Codec
"DivX Content Uploader" = DivX Content Uploader
"ExtractNow_is1" = ExtractNow
"getPlus(R)_dll" = getPlus(R)_dll
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.2.5
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.8.6
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Kazaa Lite Resurrection_is1" = Kazaa Lite Resurrection 0.0.8
"KB888111WXPSP2" = High Definition Audio Driver Package - KB888111
"KB888316" = Windows XP Media Center Edition 2005 KB888316
"KB889858" = Windows Media Player 10 Hotfix [See KB889858 for more information]
"KB890629" = Windows XP Media Center Edition 2005 KB890629
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB895678" = Windows XP Media Center Edition 2005 KB895678
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB900325" = Update Rollup 2 for Windows XP Media Center Edition 2005
"KB902344" = Hotfix for Windows Media Format SDK (KB902344)
"KB903157" = Hotfix for Windows Media Player 10 (KB903157)
"KB909520" = Microsoft Base Smart Card Cryptographic Service Provider Package
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB913800" = Update for Windows Media Player 10 (KB913800)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925766" = Windows XP Media Center Edition 2005 KB925766
"KB926251" = Update for Windows Media Player 10 (KB926251)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Owl and Mouse Make a Shield" = Owl and Mouse Make a Shield
"Plaxo" = Plaxo Toolbar for Windows
"PremElem20" = Adobe Premiere Elements 2.0
"PROSet" = Intel(R) PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SpySubtract" = SpySubtract
"Spyware Doctor" = Spyware Doctor 5.5
"Starcraft" = Starcraft
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"yEnc32" = yEnc32 (remove only)
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Event Log Errors ==========

[ Application Events ]

Error - 2/13/2008 11:09:21 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Microsoft Office 11
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 2/14/2008 12:06:52 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:06:55 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Fault bucket 293157059.

Error - 2/14/2008 12:07:51 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:08:24 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:09:32 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Fault bucket 293157059.

Error - 2/14/2008 12:24:13 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:26:11 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 3/7/2008 11:05:43 PM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

[ System Events ]

Error - 6/27/2008 5:08:08 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:08:38 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:09:11 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:09:41 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:10:11 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:10:41 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:11:15 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:11:45 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:12:17 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

[ Security Events ]

[ Anti-Virus Events ]

Error - 2/13/2008 11:09:21 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Microsoft Office 11
Description =

Error - 2/14/2008 12:06:52 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:06:55 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:07:51 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:08:24 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:09:32 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:24:13 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:26:11 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 3/7/2008 11:05:43 PM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =


< End of report >
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm

Re: Trojan popup window warning from windows

Unread postby Shaba » August 30th, 2008, 12:11 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Kazaa Lite Resurrection 0.0.8

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new OTViewIt scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan popup window warning from windows

Unread postby Braymar » September 1st, 2008, 8:35 pm

Ok - I'm back from the weekend.

I removed Kazaa

Here is the results of the scan:

OTViewIt logfile created on: 9/1/2008 8:13:55 PM - Run 2
OTViewIt by OldTimer - Version 1.0.1.6 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 205.96 Mb Available Physical Memory | 20.30% Memory free
2.38 Gb Paging File | 1.40 Gb Available in Paging File | 58.65% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 60.18 Gb Free Space | 26.76% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.41 Gb Free Space | 17.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 101.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 465.64 Gb Total Space | 188.10 Gb Free Space | 40.40% Space Free | Partition Type: FAT32

Computer Name: MARKS
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[04/30/2005 05:02 PM | 00,086,016 | ---- | M] (B.H.A Corporation) - C:\WINDOWS\system32\bgsvcgen.exe
[01/16/2007 02:59 PM | 00,071,208 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\MBackMonitor.exe
[09/11/2006 05:32 PM | 00,094,208 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
[02/01/2008 12:55 PM | 00,747,912 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe
[02/01/2008 12:55 PM | 00,948,616 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe
[05/28/2007 12:57 PM | 00,275,968 | ---- | M] (Rocket Division Software) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
[04/05/2005 05:19 PM | 00,077,824 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\hkcmd.exe
[10/05/2005 01:38 PM | 00,032,768 | ---- | M] () - C:\WINDOWS\system\cmflywav.exe
[11/04/2007 11:06 AM | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.) - C:\WINDOWS\system32\WDBtnMgr.exe
[09/11/2006 05:32 PM | 09,371,648 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\RetroExpress.exe
[12/12/2006 11:26 PM | 00,020,480 | R--- | M] () - C:\WINDOWS\Imgtask.exe
[01/16/2007 02:59 PM | 04,838,952 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
[02/01/2008 12:55 PM | 01,103,240 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsTray.exe
[07/24/2008 05:07 PM | 00,363,591 | ---- | M] (Plaxo, Inc.) - C:\Program Files\Plaxo\3.13.1.2\PlaxoHelper_en.exe
[07/17/2008 06:44 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe

===== Win32 Services - Non-Microsoft Only =====

(bgsvcgen) B's Recorder GOLD Library General Service [Auto | Running]
[04/30/2005 05:02 PM | 00,086,016 | ---- | M] (B.H.A Corporation) - C:\WINDOWS\system32\bgsvcgen.exe

(MBackMonitor) MBackMonitor [Auto | Running]
[01/16/2007 02:59 PM | 00,071,208 | ---- | M] (McAfee) - C:\Program Files\McAfee\MBK\MBackMonitor.exe

(RetroExp Helper) Retrospect Express HD Helper [Auto | Stopped]
[09/11/2006 05:32 PM | 00,122,880 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe

(RetroExpLauncher) Retrospect Express HD Launcher [Auto | Running]
[09/11/2006 05:32 PM | 00,094,208 | ---- | M] (EMC Corporation) - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe

(sdAuxService) PC Tools Auxiliary Service [Auto | Running]
[02/01/2008 12:55 PM | 00,747,912 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsAuxs.exe

(sdCoreService) PC Tools Security Service [Auto | Running]
[02/01/2008 12:55 PM | 00,948,616 | ---- | M] (PC Tools) - C:\Program Files\Spyware Doctor\pctsSvc.exe

(StarWindServiceAE) StarWind AE Service [Auto | Running]
[05/28/2007 12:57 PM | 00,275,968 | ---- | M] (Rocket Division Software) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

===== Driver Services - Non-Microsoft Only =====

(AgereSoftModem) Agere Systems Soft Modem [On_Demand | Running]
[01/25/2006 05:24 PM | 01,149,888 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\AGRSM.sys

(cdrbsdrv) cdrbsdrv [System | Running]
[05/11/2005 12:33 AM | 00,032,256 | ---- | M] (B.H.A Corporation) - C:\WINDOWS\System32\drivers\cdrbsdrv.sys

(cmvad) C-Media Wi-Sonic Wireless Audio Interface [On_Demand | Running]
[09/26/2005 04:50 PM | 01,351,360 | ---- | M] (C-Media Electronics Inc) - C:\WINDOWS\system32\drivers\cmudaxv.sys

(E100B) Intel(R) PRO Network Connection Driver [On_Demand | Running]
[10/14/2004 06:30 PM | 00,155,648 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(hamachi) Hamachi Network Interface [On_Demand | Running]
[01/14/2008 10:07 PM | 00,025,280 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\hamachi.sys

(ialm) ialm [On_Demand | Running]
[04/05/2005 05:46 PM | 00,830,684 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(IKFileSec) File Security Driver [Boot | Running]
[02/01/2008 12:55 PM | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\ikfilesec.sys

(IKSysFlt) System Filter Driver [System | Running]
[12/10/2007 02:53 PM | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksysflt.sys

(IKSysSec) System Security Driver [System | Running]
[12/10/2007 02:53 PM | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) - C:\WINDOWS\system32\drivers\iksyssec.sys

(PCASp50) PCASp50 NDIS Protocol Driver [On_Demand | Running]
[10/25/2004 02:40 PM | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\system32\drivers\PCASp50.sys

(PcdrNdisuio) PCDRNDISUIO Usermode I/O Protocol [On_Demand | Stopped]
[01/19/2005 08:21 PM | 00,012,416 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\system32\drivers\PcdrNdisuio.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08/04/2004 12:31 AM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys

(sptd) sptd [Boot | Running]
[01/14/2008 10:57 PM | 00,715,248 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader" = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM | 00,063,712 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"CmFlywaveName" = C:\WINDOWS\System\CmFlywav.exe [10/05/2005 01:38 PM | 00,032,768 | ---- | M] ()
"HotKeysCmds" = C:\WINDOWS\system32\hkcmd.exe [04/05/2005 05:19 PM | 00,077,824 | ---- | M] (Intel Corporation)
"HPDJ Taskbar Utility" = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [01/13/2006 02:46 AM | 00,196,608 | ---- | M] (HP)
"HPHmon03" = C:\WINDOWS\system32\hphmon03.exe [01/13/2006 02:46 AM | 00,311,296 | ---- | M] (Hewlett-Packard)
"ImgTask" = C:\WINDOWS\Imgtask.exe [12/12/2006 11:26 PM | 00,020,480 | R--- | M] ()
"ISTray" = "C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM | 01,103,240 | ---- | M] (PC Tools)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"Linksys WMB54G Utility" = C:\Program Files\Wireless-G Music Bridge\WMB54G.exe -R [02/20/2006 04:47 AM | 01,171,456 | ---- | M] ()
"LSBWatcher" = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [10/14/2004 04:54 PM | 00,253,952 | ---- | M] (Hewlett-Packard Company)
"MBkLogOnHook" = C:\Program Files\McAfee\MBK\LogOnHook.exe [01/08/2007 12:22 PM | 00,020,480 | ---- | M] (McAfee)
"McAfee Backup" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [01/16/2007 02:59 PM | 04,838,952 | ---- | M] (McAfee)
"mcagent_exe" = C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey [11/01/2007 07:12 PM | 00,582,992 | ---- | M] (McAfee, Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RetroExpress" = C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h [09/11/2006 05:32 PM | 09,371,648 | ---- | M] (EMC Corporation)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [03/30/2008 02:12 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"WD Button Manager" = WDBtnMgr.exe [11/04/2007 11:06 AM | 00,339,968 | ---- | M] (Western Digital Technologies, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount [12/22/2007 03:09 AM | 00,221,056 | ---- | M] (Alcohol Soft Development Team)
"EnChk" = C:\WINDOWS\system32\fqfulaxa.exe File not found
"PlaxoSysTray" = C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe [07/24/2008 05:07 PM | 00,020,480 | ---- | M] (Plaxo, Inc.)
"PlaxoUpdate" = C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe -a [07/24/2008 05:07 PM | 00,363,591 | ---- | M] (Plaxo, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [07/13/2007 09:20 PM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount [12/22/2007 03:09 AM | 00,221,056 | ---- | M] (Alcohol Soft Development Team)
"EnChk" = C:\WINDOWS\system32\fqfulaxa.exe File not found
"PlaxoSysTray" = C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe [07/24/2008 05:07 PM | 00,020,480 | ---- | M] (Plaxo, Inc.)
"PlaxoUpdate" = C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe -a [07/24/2008 05:07 PM | 00,363,591 | ---- | M] (Plaxo, Inc.)
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [07/13/2007 09:20 PM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/05/2004 05:28 AM | 00,258,048 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[11/21/2003 09:02 PM | 00,151,552 | ---- | M] (Sony Corporation) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

[Brayton Startup Folder - C:\Documents and Settings\Brayton\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[HP_Administrator Startup Folder - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [03/30/2008 02:13 PM | 00,308,856 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
HKLM CLSID: (scriptproxy) - [11/09/2007 12:09 PM | 00,058,688 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\scriptsn.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [08/13/2008 08:56 PM | 00,651,760 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
""
HKLM CLSID: () - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar4.dll

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Comcast Toolbar) - [09/10/2006 09:10 AM | 01,799,680 | ---- | M] () C:\Program Files\ComcastToolbar\comcasttoolbar.dll

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP view) - [11/21/2003 03:26 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

========== AppInit_Dlls ==========

========== SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinSrvDsc" = {6F047AB0-C652-E5F6-D0D4-0992F0369724}
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [08/13/2008 06:46 PM | 00,102,400 | ---- | M] () C:\Program Files\lopbixe\WinSrvDsc.dll

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = SpySubtract Shell Extension
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxdev.dll [04/05/2005 05:18 PM | 00,131,072 | ---- | M] (Intel Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"InstallVisualStyle" = C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found
"InstallTheme" = C:\WINDOWS\Resources\Themes\Royale.the File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE File not found
"item" = Adobe Reader Speed Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu File not found
"backup" = C:\WINDOWS\pss\Picture Package Menu.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [11/21/2003 09:02 PM | 00,151,552 | ---- | M] (Sony Corporation)
"item" = Picture Package Menu

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk File not found
"backup" = C:\WINDOWS\pss\Picture Package VCD Maker.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE File not found
"item" = Picture Package VCD Maker

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk File not found
"backup" = C:\WINDOWS\pss\SpySubtract.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\InterMute\SpySubtract\sslaunch.exe [05/16/2005 08:37 PM | 00,073,728 | ---- | M] (InterMute, Inc.)
"item" = SpySubtract

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk File not found
"backup" = C:\WINDOWS\pss\Updates from HP.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [05/16/2005 08:38 PM | 00,045,056 | ---- | M] (Hewlett-Packard)
"item" = Updates from HP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path" = C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Gamma.lnk File not found
"location" = Startup
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/2005 09:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"item" = Adobe Gamma

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\ALCMTR.EXE [05/03/2005 06:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\WINDOWS\ALCMTR.EXE [05/03/2005 06:43 PM | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ehtray
"hkey" = HKLM
"command" = C:\WINDOWS\ehome\ehtray.exe [08/05/2005 01:56 PM | 00,064,512 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Free Download Manager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = fdm
"hkey" = HKCU
"command" = C:\Program Files\Free Download Manager\fdm.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPBootOp]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HPBootOp
"hkey" = HKLM
"command" = C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [02/26/2005 01:34 AM | 00,245,760 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 08:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\igfxpers.exe [04/05/2005 05:23 PM | 00,114,688 | ---- | M] (Intel Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\igfxpers.exe [04/05/2005 05:23 PM | 00,114,688 | ---- | M] (Intel Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = qttask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\RTHDCPL.EXE [09/22/2005 01:36 PM | 14,854,144 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\WINDOWS\RTHDCPL.EXE [09/22/2005 01:36 PM | 14,854,144 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tgcmd]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = tgcmd
"hkey" = HKLM
"command" = C:\Program Files\support.com\bin\tgcmd.exe [01/09/2006 05:42 PM | 01,757,184 | ---- | M] (Comcast)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [03/30/2008 02:12 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[05/11/2008 03:54 PM | 00,000,250 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTOEXEC.BAT []
[07/28/2001 07:07 AM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[08/07/2005 08:49 PM | 00,000,090 | ---- | M] () D:\Autorun.inf [ FAT32 ]

AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[04/30/2004 11:01 PM | 00,000,053 | -HS- | M] () D:\AUTORUN.FCB [ FAT32 ]

Autorun.inf [[autorun] | OPEN=setup.exe | ICON=setup.exe | ]
[05/01/2007 09:12 AM | 00,000,043 | R--- | M] () F:\Autorun.inf [ CDFS ]

autorun []
[11/02/2007 07:39 AM | ---D | M] N:\autorun [ FAT32 ]

autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ]
[11/15/2005 11:08 AM | 00,000,036 | -H-- | M] () N:\autorun.inf [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{018e1243-5d82-11db-84f7-0013d4135bcb}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a1-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a2-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a3-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a4-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cccb3a5-19c0-11db-84e2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de5d3b8-22be-11dc-8525-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7227c9e4-2560-11dd-856b-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{943b4180-fed6-11da-84cf-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa46224-fef9-11da-84d2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaa46225-fef9-11da-84d2-0013d4135bcb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0f755b-bba2-11dc-8551-0013d4135bcb}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4e22298-f10b-11da-84c0-806d6172696f}\Shell]
"" = Open

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4e2229b-f10b-11da-84c0-806d6172696f}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc9ae9d8-2446-11dc-8526-0013d4135bcb}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2AB6FA7A-27D7-4E7E-AC05-AA33147E2DCF}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2C18D7EF-BE58-4B16-9253-1DEDB62F4A4A}]
Servers: | Description: Windows Mobile-based Device

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3944E655-6245-46B9-8E4C-6314609F18A9}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{785F8075-287C-4814-A130-9C5E27B5D2C3}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AD2D4FBC-E72B-443C-B0E7-90D48B24BFE9}]
Servers: 68.87.77.130,68.87.72.130 | Description: Intel(R) PRO/100 VE Network Connection

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[08/30/2008 07:39 AM | ---D | C] - C:\rsit
[08/13/2008 09:03 PM | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\kcom.sys
[08/13/2008 09:03 PM | 00,042,376 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\ikfilesec.sys
[08/13/2008 09:03 PM | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\iksysflt.sys
[08/13/2008 09:03 PM | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) - C:\WINDOWS\System32\drivers\iksyssec.sys
[11 C:\WINDOWS\System32\*.tmp files]
[08/13/2008 08:56 PM | ---D | C] - C:\WINDOWS\System32\runtime
[08/13/2008 06:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\dqjibyhi
[08/13/2008 07:45 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[08/13/2008 08:03 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/06/2008 08:12 PM | 00,001,804 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/13/2008 08:03 PM | 00,000,707 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/29/2008 06:01 PM | 00,002,009 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Logitech Harmony Remote Software 7.lnk
[08/29/2008 05:59 PM | ---D | C] - C:\Program Files\Common Files\Remote Control Software Common
[08/29/2008 05:59 PM | ---D | C] - C:\Program Files\Common Files\Remote Control USB Driver
[08/13/2008 06:46 PM | ---D | C] - C:\Program Files\lopbixe
[08/13/2008 08:03 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/13/2008 09:03 PM | ---D | C] - C:\Program Files\Spyware Doctor
[08/23/2008 09:35 AM | ---D | C] - C:\Program Files\Trend Micro
[08/29/2008 05:59 PM | ---D | C] - C:\Program Files\Logitech

========== Files/Folders - Modified Within 30 days ==========

[08/30/2008 09:08 AM | 10,637,68064 | -HS- | M] () - C:\hiberfil.sys
[11 C:\WINDOWS\System32\*.tmp files]
[08/17/2008 07:32 PM | 00,072,824 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/17/2008 07:32 PM | 00,445,870 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/17/2008 07:32 PM | 00,525,398 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/29/2008 06:03 PM | 00,000,004 | ---- | M] () - C:\WINDOWS\System32\2B395C
[08/29/2008 06:03 PM | 00,870,128 | ---- | M] () - C:\WINDOWS\System32\mcs.rma
[08/30/2008 09:09 AM | 00,019,260 | ---- | M] () - C:\WINDOWS\System32\Config.MPF
[08/30/2008 09:15 AM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/30/2008 09:02 AM | 00,000,134 | ---- | M] () - C:\WINDOWS\System\Flywave.dll
[1 C:\WINDOWS\*.tmp files]
[08/13/2008 06:42 AM | 00,000,653 | ---- | M] () - C:\WINDOWS\win.ini
[08/30/2008 09:08 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/15/2008 01:46 AM | 00,000,372 | ---- | M] () - C:\WINDOWS\tasks\McDefragTask.job
[08/27/2008 12:08 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/30/2008 09:08 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/01/2008 01:00 AM | 00,000,378 | ---- | M] () - C:\WINDOWS\tasks\McQcTask.job
[08/06/2008 08:12 PM | 00,001,804 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/13/2008 08:03 PM | 00,000,707 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/29/2008 06:01 PM | 00,002,009 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Logitech Harmony Remote Software 7.lnk

< End of report >


Extras report log:

OTViewIt Extras logfile created on: 9/1/2008 8:13:55 PM - Run 2
OTViewIt by OldTimer - Version 1.0.1.6 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 205.96 Mb Available Physical Memory | 20.30% Memory free
2.38 Gb Paging File | 1.40 Gb Available in Paging File | 58.65% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 60.18 Gb Free Space | 26.76% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.41 Gb Free Space | 17.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 101.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 465.64 Gb Total Space | 188.10 Gb Free Space | 40.40% Space Free | Partition Type: FAT32

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[06/20/2006 11:36 PM | 00,187,176 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[06/20/2006 11:36 PM | 01,207,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[06/20/2006 11:36 PM | 01,977,128 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[05/01/2007 03:09 PM | 00,194,072 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Disabled:BackWeb for Pavilion
[05/16/2005 08:38 PM | 00,045,056 | ---- | M] (Hewlett-Packard)

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
File not found

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[04/13/2008 08:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe" = C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2
[08/29/2003 04:13 PM | 01,436,160 | ---- | M] (Dominating Bytes Design)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[06/20/2006 11:36 PM | 00,187,176 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[06/20/2006 11:36 PM | 01,207,080 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[06/20/2006 11:36 PM | 01,977,128 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exe" = C:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exe:*:Enabled:Retrospect Express HD
[09/11/2006 05:32 PM | 00,221,184 | ---- | M] (EMC Corporation)

"C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe" = C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe:*:Enabled:Retrospect Express HD Launcher service
[09/11/2006 05:32 PM | 00,094,208 | ---- | M] (EMC Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[01/25/2008 01:38 AM | 02,458,128 | ---- | M] (McAfee, Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[05/01/2007 03:09 PM | 00,194,072 | ---- | M] ()

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [07/17/2008 06:44 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" %*

========== Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}" = MSXML 6.0 Parser (KB933579)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D917C5F-1CF9-42E0-899F-78AC10576405}" = First Step Guide
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{1219497F-FA96-4D8E-9571-9C27A2A66B38}" = Opera 9.51
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1CCDF8BE-8BE8-45F1-BDAD-1195131E5AC5}" = Linksys Wireless-G Music Bridge
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{32C32B46-41C3-438F-94F6-55FE150D50D8}" = ImageMixer EasyStepDVD
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6512B303-F989-4C13-B9F6-A99989E4ED54}" = HP Tunes
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A360821C-6B51-4EE4-A7E5-5E14B15004CD}" = Sony DVD Handycam USB Driver 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{A9CF9052-F4A0-475D-A00F-A8388C62DD63}" = MSXML 4.0 SP2 (KB925672)
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2" = Adobe Reader 8.1.2 Security Update 1 (KB403742)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"31D6EDEF-1926-4267-A24E-077BFB360F72" = Final Drive Nitro from HP Media Center (remove only)
"4C838121-69EC-424A-8FB0-91C15306A758" = Phoenix Assault from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"600C800C-5985-4E74-AFE7-571001AC3FA4" = Slyder from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A8B63E91-BB8C-41FF-B530-5BB13C915612" = Overball from HP Media Center (remove only)
"ABC" = ABC (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"CCleaner" = CCleaner (remove only)
"C-Media Wi-Sonic Wireless Audio Driver" = C-Media Wi-Sonic Wireless Audio Driver
"Comcast Rhapsody" = Comcast Rhapsody
"comcastDD" = Desktop Doctor
"ComcastToolbar" = Comcast Toolbar
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Shorten Codec" = dBpowerAMP Shorten Codec
"DivX Content Uploader" = DivX Content Uploader
"ExtractNow_is1" = ExtractNow
"getPlus(R)_dll" = getPlus(R)_dll
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.2.5
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.8.6
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"KB888111WXPSP2" = High Definition Audio Driver Package - KB888111
"KB888316" = Windows XP Media Center Edition 2005 KB888316
"KB889858" = Windows Media Player 10 Hotfix [See KB889858 for more information]
"KB890629" = Windows XP Media Center Edition 2005 KB890629
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB895678" = Windows XP Media Center Edition 2005 KB895678
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB900325" = Update Rollup 2 for Windows XP Media Center Edition 2005
"KB902344" = Hotfix for Windows Media Format SDK (KB902344)
"KB903157" = Hotfix for Windows Media Player 10 (KB903157)
"KB909520" = Microsoft Base Smart Card Cryptographic Service Provider Package
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB913800" = Update for Windows Media Player 10 (KB913800)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925766" = Windows XP Media Center Edition 2005 KB925766
"KB926251" = Update for Windows Media Player 10 (KB926251)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Owl and Mouse Make a Shield" = Owl and Mouse Make a Shield
"Plaxo" = Plaxo Toolbar for Windows
"PremElem20" = Adobe Premiere Elements 2.0
"PROSet" = Intel(R) PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SpySubtract" = SpySubtract
"Spyware Doctor" = Spyware Doctor 5.5
"Starcraft" = Starcraft
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"yEnc32" = yEnc32 (remove only)
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-406495344-3546872139-2698839344-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

========== Event Log Errors ==========

[ Application Events ]

Error - 2/13/2008 11:09:21 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Microsoft Office 11
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 2/14/2008 12:06:52 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:06:55 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Fault bucket 293157059.

Error - 2/14/2008 12:07:51 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:08:24 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:09:32 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Fault bucket 293157059.

Error - 2/14/2008 12:24:13 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 2/14/2008 12:26:11 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

Error - 3/7/2008 11:05:43 PM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description = Faulting application wmb54g.exe, version 1.0.1.8, faulting module
wmb54g.exe, version 1.0.1.8, fault address 0x0000fc45.

[ System Events ]

Error - 6/27/2008 5:09:41 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:10:11 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:10:41 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:11:15 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:11:45 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:12:17 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:12:47 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:13:20 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {7EB483B0-414C-4B45-A46C-CF4620531F8F} did not register
with DCOM within the required timeout.

Error - 6/27/2008 5:13:50 AM - Computer Name = MARKS - User Name = NT AUTHORITY\SYSTEM - Source = DCOM
Description = The server {820E0B47-27D0-4E64-BE80-7610FAC9BBC7} did not register
with DCOM within the required timeout.

[ Security Events ]

[ Anti-Virus Events ]

Error - 2/13/2008 11:09:21 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Microsoft Office 11
Description =

Error - 2/14/2008 12:06:52 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:06:55 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:07:51 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:08:24 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:09:32 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:24:13 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 2/14/2008 12:26:11 AM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =

Error - 3/7/2008 11:05:43 PM - Computer Name = YOUR-55E5F9E3D2 - User Name = User SID not found - Source = Application Error
Description =


< End of report >
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm

Re: Trojan popup window warning from windows

Unread postby Shaba » September 2nd, 2008, 8:29 am

Open HijackThis, click do a system scan only and checkmark these:


O4 - HKCU\..\Run: [EnChk] C:\WINDOWS\system32\fqfulaxa.exe
O21 - SSODL: WinSrvDsc - {6F047AB0-C652-E5F6-D0D4-0992F0369724} - C:\Program Files\lopbixe\WinSrvDsc.dll


Close all windows including browser and press fix checked.

Reboot.

Delete these:

C:\Documents and Settings\All Users\Application Data\dqjibyhi
C:\Program Files\lopbixe
C:\WINDOWS\system32\fqfulaxa.exe

Empty Recycle Bin.

Post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan popup window warning from windows

Unread postby Braymar » September 2nd, 2008, 9:56 pm

Did that - but could not find this file:

C:\WINDOWS\system32\fqfulaxa.exe

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:52 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System\CmFlywav.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.14.0.44\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.14.0.44\PlaxoSysTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9128008984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9212469984
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://meijer.lifepics.com/net/Uploader ... oader3.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://meijer.lifepics.com/net/Uploader ... ader45.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2D4FBC-E72B-443C-B0E7-90D48B24BFE9}: NameServer = 68.87.77.130,68.87.72.130
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 14795 bytes
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm

Re: Trojan popup window warning from windows

Unread postby Shaba » September 3rd, 2008, 4:44 am

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan popup window warning from windows

Unread postby Braymar » September 3rd, 2008, 10:18 pm

Alright - I have tried to load the Kaspersky program about 10 times. The first time it got 35% through loading the definitions and then hung up for hours.

Now it starts to load the definitions/updates and a Java error comes up and says I must be online to use this. Then a error message comes up from Kaspersky that says it cannot continue and I must restart it. Which I have done 10 times.

Ugh.......

On a good note, the pop up window does not come up any more that says I have a trojan problem.

Mark
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm

Re: Trojan popup window warning from windows

Unread postby Shaba » September 4th, 2008, 3:48 am

You can try this then instead, please.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan popup window warning from windows

Unread postby Braymar » September 4th, 2008, 6:16 pm

It looks like it did not find anything:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3414 (20080904)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=aad7c0025f55614ca860dca6c51f7d5f
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-09-04 03:27:02
# local_time=2008-09-04 11:27:02 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=882625
# found=0
# scan_time=16518
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm

Re: Trojan popup window warning from windows

Unread postby Shaba » September 5th, 2008, 3:05 am

Great :)

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan popup window warning from windows

Unread postby Braymar » September 5th, 2008, 6:59 am

Everything seems to be fine. The popups have quit.

I appreciate your help.

Any suggestions on protection?

I currently have McAffe Security Center (supplied by Comcast), I use this for firewall and antivirus and spam
I also have the free version of 'PC Tools Spyware Doctor' running. (I did not have this running when I got infected).
I also have the free version of Malwarebytes AntiMalware set to run once a week

Thanks again for your help.

Mark
Braymar
Active Member
 
Posts: 8
Joined: August 28th, 2008, 10:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware