Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Antivirus 2008


  • This topic is locked This topic is locked
17 replies to this topic

#1 rcp

rcp

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 22 September 2008 - 05:49 PM

Could someone please review the following Hijack This Log file?

I have already done the Malware scans ATF cleaner, and SuperAntiSpyware on the "Am I infected" section of the forums. The results come up with nothing according to Rigel.

My Internet Explorer shuts down frequently.

I believe I removed Antivirus 2008 after I got infected 2 months ago by reading previous threads. My concern is when I log onto Ebay on this computer. A screen asks for all of my personal information such as SSN, bank account number, etc. I can log onto Ebay from 2 diff't computers without problems. I think something is running in the background or with Internet Explorer? :thumbsup:

Thanks again for any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:49 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited", "http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?storeId=10151&catalogId=10551&langId=-1");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("mail.smtpservers", "");
user_pref("mail.ui.folderpane.version", 2);
user_pref("mailnews.global_html_domains.version", 2);
user_pref("mailnews.html_domains", "netscape.net,netscape.com,aol.com,cs.com,yahoo.com,hotmail.com,msn.com");
user_pref("mailnews.ui.threadpane.version", 2);
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "41097381.s");
user_pref("timebomb.first_laun
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: getPlusŪ Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - file:///E:/wp/wp4_1024.jpg
O24 - Desktop Component 1: (no name) - file:///E:/wp/wp4_800.jpg

--
End of file - 9623 bytes

Edited by rcp, 23 September 2008 - 11:06 AM.


BC AdBot (Login to Remove)

 


m

#2 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 25 September 2008 - 06:21 PM

Still having problems can someone please help? Thanks

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:55 AM

Posted 27 September 2008 - 04:03 PM

Hello, rcp.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 27 September 2008 - 10:46 PM

Hello Billy! Thanks for replying, below is a newer High Jack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:59 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited", "http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?storeId=10151&catalogId=10551&langId=-1");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("mail.smtpservers", "");
user_pref("mail.ui.folderpane.version", 2);
user_pref("mailnews.global_html_domains.version", 2);
user_pref("mailnews.html_domains", "netscape.net,netscape.com,aol.com,cs.com,yahoo.com,hotmail.com,msn.com");
user_pref("mailnews.ui.threadpane.version", 2);
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "41097381.s");
user_pref("timebomb.first_laun
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - file:///E:/wp/wp4_1024.jpg
O24 - Desktop Component 1: (no name) - file:///E:/wp/wp4_800.jpg

--
End of file - 9546 bytes

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:55 AM

Posted 28 September 2008 - 10:02 AM

Hello, rcp.
That log looks clean. Are you still having problems?

Do you recognise this file:
E:/wp/wp4_1024.jpg
?

We have to remove some entries in HiJack This
  • Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    The long line beginning with N3 - Netscape 7:
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imageservr.com (HKLM)
  • Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 September 2008 - 02:27 PM

Billy,

I am still concerned with this computer because when I log on to EBAY, a screen comes up asking for all of my personal information such as SSN, bank account numbers, passwords, etc. I can log on to EBAY from any other computer without problems. I don't know what that is all about? :thumbsup:



Here are the results of the ESET log:


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3478 (20080928)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=6ccb48a53f5d3e4498f6c240070e1bc7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-28 07:02:44
# local_time=2008-09-28 03:02:44 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=315634
# found=0
# scan_time=1989

And the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:15 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.history.last_page_visited", "http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?storeId=10151&catalogId=10551&langId=-1");
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("mail.smtpservers", "");
user_pref("mail.ui.folderpane.version", 2);
user_pref("mailnews.global_html_domains.version", 2);
user_pref("mailnews.html_domains", "netscape.net,netscape.com,aol.com,cs.com,yahoo.com,hotmail.com,msn.com");
user_pref("mailnews.ui.threadpane.version", 2);
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "41097381.s");
user_pref("timebomb.first_laun
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/sis/mjolauncher.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - file:///E:/wp/wp4_1024.jpg
O24 - Desktop Component 1: (no name) - file:///E:/wp/wp4_800.jpg

--
End of file - 9587 bytes

#7 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 September 2008 - 02:29 PM

Billy,

You also asked about...E:/wp/wp4_1024.jpg. I do not recognize this file

Thanks,
Rob

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:55 AM

Posted 28 September 2008 - 03:32 PM

Hello, rcp.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\program files\support.com\
    E:/wp/wp4_800.jpg
    E:/wp/wp4_1024.jpg
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZTgServerSwitch"=-
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 September 2008 - 05:22 PM

Billy,

I get an error after pressing the "move it" button. It states: "Invalid time flag! [ wp4_800.jpg ] Must be numerical.

Thanks

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:55 AM

Posted 28 September 2008 - 05:58 PM

Hello, rcp.

Oops... lets try backslashes this time :thumbsup:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\program files\support.com\
    E:\wp\wp4_800.jpg
    E:\wp\wp4_1024.jpg
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZTgServerSwitch"=-
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 September 2008 - 06:19 PM

Billy,

OTMoveIt Results:

========== FILES ==========
Folder c:\program files\support.com\ not found.
File/Folder E:\wp\wp4_800.jpg not found.
File/Folder E:\wp\wp4_1024.jpg not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZTgServerSwitch deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09282008_190815

OTViewIt results:

OTViewIt logfile created on: 9/28/2008 7:12:16 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 172.95 Mb Available Physical Memory | 33.82% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 2.04 Gb Free Space | 14.63% Space Free | Partition Type: NTFS
Drive D: | 129.07 Gb Total Space | 128.97 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LILO
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2003/11/16 01:00:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2003/06/23 20:32:54 | 01,409,024 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\client\bin\tgcmd.exe
[2003/05/23 14:43:00 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
[2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2005/07/11 16:29:54 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/02/03 14:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/07/26 12:15:26 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[2004/05/28 22:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2004/05/28 23:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/09/28 19:10:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2008/06/19 17:18:12 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2003/08/18 21:56:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
[2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2008/09/08 22:34:09 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
[2008/09/08 22:34:30 | 01,077,640 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
[2003/07/28 21:31:14 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV [On_Demand | Stopped])
[2003/10/21 01:00:08 | 00,503,897 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer [On_Demand | Stopped])
[2003/10/21 01:00:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP [On_Demand | Stopped])
[2003/10/21 01:00:40 | 00,712,704 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP [On_Demand | Stopped])
[2003/10/21 01:00:14 | 00,925,696 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer [On_Demand | Stopped])
[2003/10/21 01:00:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP [On_Demand | Stopped])
[2003/10/21 01:00:40 | 00,712,704 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP [On_Demand | Stopped])
[2003/10/21 01:00:56 | 01,286,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer [On_Demand | Stopped])
[2003/10/21 01:00:38 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP [On_Demand | Stopped])
[2003/10/21 01:00:40 | 00,712,704 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2002/04/01 18:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2005/02/13 11:13:01 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2003/05/23 14:44:00 | 01,171,648 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2003/11/16 01:40:34 | 00,621,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/04/13 14:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2000/12/05 20:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall [System | Running])
[2008/04/13 14:39:46 | 00,206,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dot4.sys -- (Dot4 [On_Demand | Stopped])
[2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2003/03/11 09:21:38 | 00,121,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped])
[2003/03/04 15:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2001/08/17 08:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
File not found -- C:\WINDOWS\System32\drivers\hpopar03.SYS -- (hpopar03 [Auto | Stopped])
[2004/06/22 08:05:12 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])
[2004/06/22 08:05:12 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2004/06/22 08:05:12 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2003/04/15 13:39:46 | 00,090,907 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2008/09/08 22:34:12 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [On_Demand | Stopped])
[2008/09/08 22:34:12 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [On_Demand | Stopped])
[2008/09/08 22:34:13 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [On_Demand | Stopped])
[2008/04/13 14:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2008/02/26 14:07:54 | 00,073,728 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running])
[2008/04/13 14:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/04/13 14:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/13 14:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2003/08/18 21:56:00 | 01,343,803 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2001/08/17 17:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2008/08/05 14:09:46 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctfw2.sys -- (pctfw2 [System | Running])
[2008/04/13 14:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/22 22:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2001/08/23 15:00:00 | 00,022,400 | ---- | M] () -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid [Disabled | Stopped])
[2007/12/04 13:01:28 | 00,010,430 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\secbulk.sys -- (SecBulk [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2003/10/30 15:20:54 | 00,766,848 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt [On_Demand | Stopped])
[2003/10/01 18:48:24 | 00,594,048 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/04/13 14:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2008/04/13 14:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2003/12/22 10:28:20 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2003/03/31 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/04/13 14:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2003/04/15 13:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2003/04/15 13:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2004/05/28 22:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2004/05/28 23:06:36 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite -- C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Create Mobile Favorite... -- C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
41 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: http in Trusted sites
turbotax.com: https in Trusted sites
40 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
40 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1183147249-3259982630-632391768-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: http in Trusted sites
turbotax.com: https in Trusted sites
40 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BCC737-B171-4746-94C9-0D8A0B2C0089}: http://office.microsoft.com/templates/ieawsdc.cab -- Microsoft Office Template and Media Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}: http://www.shockwave.com/content/luxor/sis/mjolauncher.cab -- MJLauncherCtrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}: http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab -- CPlayFirstddfotgControl Object
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab -- Java Plug-in 1.4.2_01
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}: http://download.abacast.com/download/files/abasetup162.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1E1FCA59-79DD-4D7E-9E0D-ACB3E092AD8E} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{32FDD7B5-586A-467A-9E16-DA57E692ADF9} (Servers: | Description: 1394 Net Adapter)
{A8F391C6-56C1-4D9C-AC55-651586C8EC39} (Servers: | Description: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX))
{B4AA541E-B9FF-4EAA-8847-7D446BF87D1C} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2003/12/01 21:36:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/09/28 19:10:36 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTViewIt.exe
[2008/09/28 18:18:25 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/09/28 18:17:23 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTMoveIt3.exe
[2008/09/28 14:27:43 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/09/22 18:41:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\HijackThis.lnk
[2008/09/22 13:19:54 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/09/22 13:19:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/22 12:18:37 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/22 12:18:37 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/22 12:18:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/22 12:18:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/22 12:15:27 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robert\Desktop\mbam-setup.exe
[2008/09/22 06:50:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/09/19 08:59:32 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2008/09/19 08:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/19 08:51:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/19 08:43:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/19 08:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/09/18 21:30:34 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\sign work.wps
[2008/09/18 21:25:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/09/15 19:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Windows Desktop Search
[2008/09/15 19:16:58 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2008/09/15 19:16:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2008/09/15 19:16:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/15 19:16:22 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2008/09/15 19:16:22 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2008/09/15 19:16:22 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/09/15 19:13:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/09/15 19:09:44 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/15 19:09:15 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/15 19:07:23 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/15 19:07:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/09/15 19:07:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/09/15 17:57:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/15 17:30:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/15 17:30:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/15 17:30:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/15 17:26:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/09/04 10:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Desktop\SegaMega CD bin to cso tool
[2008/09/03 20:06:00 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2008/09/01 16:17:25 | 00,000,000 | ---D | C] -- C:\Program Files\Barbie
[2008/09/01 16:00:05 | 00,297,472 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/09/28 19:10:37 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTViewIt.exe
[2008/09/28 18:17:23 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTMoveIt3.exe
[2008/09/28 07:45:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/28 07:45:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/27 15:08:56 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/26 06:44:18 | 00,224,256 | ---- | M] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/22 18:41:52 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\HijackThis.lnk
[2008/09/22 13:19:54 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/09/22 12:18:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/22 12:15:37 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robert\Desktop\mbam-setup.exe
[2008/09/19 08:59:33 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2008/09/18 21:30:34 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\sign work.wps
[2008/09/18 13:49:41 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Homeroom List.wps
[2008/09/16 13:40:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/16 13:39:26 | 00,482,538 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/16 13:39:26 | 00,422,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/16 13:39:26 | 00,069,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/16 08:45:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/15 19:28:06 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Robert\My Documents\desktop.ini
[2008/09/15 19:16:58 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2008/09/15 19:09:34 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/15 19:09:34 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/15 19:09:24 | 00,000,942 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/09/15 19:07:23 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/15 17:58:09 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/15 17:57:11 | 00,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/15 17:26:28 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/08 22:34:13 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2008/09/08 22:34:12 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2008/09/08 22:34:12 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2008/09/03 20:52:31 | 00,018,094 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Itinerary.pdf
[2008/09/01 21:47:47 | 03,700,952 | -H-- | M] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\IconCache.db
[2008/09/01 16:01:02 | 00,000,221 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
< End of report >

Extras text:

OTViewIt Extras logfile created on: 9/28/2008 7:12:17 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 172.95 Mb Available Physical Memory | 33.82% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 2.04 Gb Free Space | 14.63% Space Free | Partition Type: NTFS
Drive D: | 129.07 Gb Total Space | 128.97 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LILO
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007/03/08 01:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax
[2007/04/01 14:14:12 | 03,679,784 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager
[2004/02/03 14:42:54 | 00,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Disabled:ActiveSync Connection Manager
[2003/06/23 20:32:54 | 01,409,024 | ---- | M] (Support.com, Inc.) -- C:\Program Files\support.com\client\bin\tgcmd.exe:*:Disabled:tgcmd Module
[2008/09/23 09:36:10 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/01/12 14:54:56 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])
ipp: [HKLM - No CLSID value]
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2004/02/03 14:43:36 | 00,077,903 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\aatp.dll (mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} (HKLM) [mctp: Asynchronous Pluggable Protocol Handler])
msdaipp: [HKLM - No CLSID value]
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}"=VAIO Media 2.6
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}"=Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}"=HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}"=Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}"=Fax
"{27337663-2619-11D4-99DC-0000F49094C7}"=Memory Stick Formatter
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}"=CreativeProjects
"{2E132061-C78A-48D4-A899-1D13B9D189FA}"=Memories Disc Creator 2.0
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}"=TurboTax ItsDeductible 2005
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}"=VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}"=AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}"=Copy
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}"=Music Visualizer Library 1.4.00
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}"=5500
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}"=HPSystemDiagnostics
"{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}"=Video ToolBox 2.0 Home Edition
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}"=Unload
"{49F00501-E02F-458F-8AED-85949AB9656F}"=MioTransfer
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}"=VAIO BrightColor Wallpaper
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1"=FreeRIP v3.08
"{55732C09-DEBC-456D-B65B-DD82D9542A94}"=WorldMate
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}"=HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}"=ProductContext
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}"=5500Tour
"{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}"=OpenMG Secure Module 3.3.01
"{62369F2F77534556AEF4C58152E3BDE5}"=Dr.DivX
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}"=DVgate Plus
"{6990A2BF-D1D2-11D3-81BC-00609789C908}"=Sony Video Shared Library
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}"=VAIO Media Redistribution 2.6
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142010}"=Java 2 Runtime Environment, SE v1.4.2_01
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}"=SonicStage
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}"=overland
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7A79D11B-FD82-4A5E-834F-20173515DD14}"=VAIO Media Integrated Server 2.6
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Pro
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}"=Click to DVD 1.4
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{88DA0A52-3372-4803-971A-ADFB961707E8}"=PictureGear Studio 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD 5 for VAIO
"{93B80FB1-7A23-11D3-B250-00105A1F4184}"=
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}"=SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}"=QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}"=PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}"=HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}"=PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}"=Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}"=AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}"=TurboTax ItsDeductible 2006
"{B05013B7-A6C7-4A01-A696-92CE7D3AF2F1}"=WinCE CAB Manager
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}"=5500_Help
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}"=DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}"=Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}"=CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}"=DocumentViewer
"{BC339BFD-F550-471a-8D26-4D08126C62F7}"=SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}"=InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}"=TrayApp
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}"=HPODiscovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}"=VAIO System Information
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D0448678-1203-4158-A58F-B3D0B616BF9E}"=Sony Certificate PCH
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}"=5500Trb
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}"=Drag'n Drop CD+DVD
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}"=VAIO Help and Support
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}"=WexTech AnswerWorks
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}"=BufferChm
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}"=Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}"=WebReg
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}"=VAIO Survey Standalone
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}"=hpmdtab
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}"=CueTour
"7-Zip"=7-Zip 4.32
"Abacast Client"=Abacast Client
"AC3Filter"=AC3Filter (remove only)
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Agere Systems Soft Modem"=Agere Systems AC'97 Modem
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AviSynth"=AviSynth 2.5
"Bink and Smacker"=Bink and Smacker
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"EsetOnlineScanner"=ESET Online Scanner
"Free Mp3 Wma Converter_is1"=Free Mp3 Wma Converter V 1.7.2
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}"=VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}"=VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}"=VAIO Survey Standalone
"InterActual Player"=InterActual Player
"IrfanView"=IrfanView (remove only)
"KB870669"=Microsoft Data Access Components KB870669
"KB940157"=Windows Search 4.0
"LameACM"=Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"mp3-2-wav"=mp3-2-wav converter 1.14
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"Neat Image_is1"=Neat Image v5 Demo (with plug-in)
"Netscape (7.02)"=Netscape (7.02)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"Picasa2"=Picasa 2
"PROSet"=Intel® PRO Network Adapters and Drivers
"QuickTime"=QuickTime
"Sesame Street Baby and Me"=Sesame Street Baby and Me
"Spyware Doctor"=Spyware Doctor 6.0
"TurboTax Deluxe 2004"=TurboTax Deluxe 2004
"TurboTax Deluxe 2005"=TurboTax Deluxe 2005
"TurboTax Deluxe Deduction Maximizer 2006"=TurboTax Deluxe Deduction Maximizer 2006
"UltraISO_is1"=UltraISO Premium V9.0
"VAIO Support"=VAIO Support
"VEMoDe 0.12b"=VEMoDe 0.12b
"ViewpointMediaPlayer"=Viewpoint Media Player (Remove Only)
"Welcome to VAIO life"=Welcome to VAIO life
"Windows CE Services"=Microsoft ActiveSync 3.7
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinFF_is1"=WinFF v0.29
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1"=XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2008 3:16:45 PM | Computer Name = LILO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2008 8:29:15 AM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module flash9f.ocx, version 9.0.124.0, fault address 0x0000da10.

Error - 9/21/2008 7:23:30 PM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x01741ecc.

Error - 9/22/2008 8:23:38 AM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x00971ecc.

Error - 9/22/2008 1:16:18 PM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x01de1ecc.

Error - 9/22/2008 9:50:50 PM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x03211ecc.

Error - 9/24/2008 10:41:17 AM | Computer Name = LILO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/25/2008 7:18:30 PM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x02a21ecc.

Error - 9/27/2008 3:53:26 PM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x040c1ecc.

Error - 9/27/2008 11:40:40 PM | Computer Name = LILO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x03211ecc.

[ System Events ]
Error - 9/22/2008 1:28:05 PM | Computer Name = LILO | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 9/22/2008 1:28:05 PM | Computer Name = LILO | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 9/22/2008 1:28:05 PM | Computer Name = LILO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT pctfw2 RasAcd Rdbss SASDIFSV Tcpip WS2IFSL

Error - 9/22/2008 1:28:34 PM | Computer Name = LILO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/22/2008 1:28:39 PM | Computer Name = LILO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/22/2008 3:04:30 PM | Computer Name = LILO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/23/2008 6:58:45 AM | Computer Name = LILO | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 9/23/2008 7:02:42 AM | Computer Name = LILO | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 9/23/2008 7:03:14 AM | Computer Name = LILO | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 9/23/2008 7:03:22 AM | Computer Name = LILO | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.


< End of report >

Thanks!

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:55 AM

Posted 28 September 2008 - 08:20 PM

Hello... from what I can see everything looks good there.

The only thing I can think of right now is that your system's DNS source is inaccurate... this may help. But at this point I think it's the fault of the ISP you are on or Ebay itself.

Here are instructions to setup OpenDNS. Try these and see if the problem continues:
https://www.opendns.com/homenetwork/start/device/windows-xp

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 September 2008 - 08:49 PM

Billy,

Thanks for your help. Here is my set up... I have a Home Computer with Broadband and a Router w/ Wifi. I also have 2 laptops which connect through this same router when on the internet. Both laptops work and log in to Ebay without problems. Except for the desktop.

Since the laptops work fine, wouldn't I assume that the ISP and/or Ebay are not the culprit?

I don't know :thumbsup: It just seems like this Ebay screen asking for my personal data is not legitimate and I am refraining to make any transactions with my desktop.

Thanks again for looking!

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:55 AM

Posted 28 September 2008 - 09:45 PM

Does setting OpenDNS resolve the problem?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 rcp

rcp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 29 September 2008 - 08:35 PM

Billy,

I followed the instructions for OpenDNS and logged on to Ebay. The same screen appears asking for all of my personal data. It did not seem to make a difference. Also, my Internet Explorer continues to shut down on occasions.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users