Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure of virus name


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rollin' w/ Rock

Rollin' w/ Rock

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:12:55 PM

Posted 24 November 2008 - 12:52 AM

Hi someone was helping me, then apparently I wasn't supposed to post a HJT log along with everything else he asked me to scan, sorry about that :) , then my post was moved to another area because of the HJT mistake I made. So I followed all the preparations they asked to be done first which has taken me days because the scans take a long time to run. So this evening when I went back to check my next step in Grinler's preparation guide it looks different? It doesn't have all the stuff about running Ad aware, spybot, housecall, active scan, bit defender. But instead says to run RSIT? But, I can't understand where the other stuff is from his post that I have already run? I hope you understand what I am saying. Anyway, now I have run all those scans they asked for, Ad aware, spybot, Malwarebyte's, ATF Cleaner, SDFix Which came up on my other scans as a virus or worm or something, housecall, active scan, bit defender. The Panda active scan came up with the infections but it wouldn't clean them. I will post what I have for you guys to help me :thumbsup: . I hope I am doing this in the right place this time. Thanks for trying to understand this!!

This is from Ad aware:
Scan mode: Smart
Scan time: 00:16:02
Number of objects scanned: 140819
Number of infections found: 2
Critical: 0
Privacy Objects: 2
Infections deleted: 2
Total infections quarantined: 0
Total infections ignored by scanner: 0


THis is from Active scan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-23 18:01:29
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4104.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\kerry\Cookies\kerry@server.iad.liveperson[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\kerry\Cookies\kerry@did-it[1].txt
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\kerry\Desktop\SDFix.exe[C:\Documents and Settings\kerry\Desktop\SDFix.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1189\A0179762.exe[C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1189\A0179762.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1189\A0179762.exe[C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1189\A0179762.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\kerry\Desktop\SDFix.exe[C:\Documents and Settings\kerry\Desktop\SDFix.exe][SDFix\catchme.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Thsi is from Malwarebytes: But they were cleaned out and my next scan came out with zero infections:
Malwarebytes' Anti-Malware 1.30
Database version: 1392
Windows 5.1.2600 Service Pack 3

11/12/2008 10:32:59 PM
mbam-log-2008-11-12 (22-32-59).txt

Scan type: Quick Scan
Objects scanned: 55135
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{edc4193f-34ad-4d07-aa87-e3fdb89e3e76} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



This is AVG FRee:

Scan "Scheduled scan" was finished.
Infections found:;"0"
Infected objects removed or healed:;"0"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Sunday, November 23, 2008, 12:00:01 AM"
Scan finished:;"Sunday, November 23, 2008, 5:01:58 AM (5 hour(s) 1 minute(s) 56 second(s))"
Total object scanned:;"1355198"
User who launched the scan:;"SYSTEM"


And finally, Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:37 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\CCleaner\CCleaner.exe
D:\ipod software update\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/index.php?sid=7dd...rry@wowway.com#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: PreCast Monitor.lnk.disabled
O4 - Global Startup: VAIO Action Setup (Server).lnk.disabled
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - ?p=ZCxdm801LCUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131670763562
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} - http://www.imagestation.com/common/classes...ab?ver=2,0,0,50
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?321
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...432/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} - http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\ipod software update\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/kerry/LOCALS~1/APPLIC~1/IM/Runtime/Image/F17B0B~1/ce3c_1.JPG

--
End of file - 12157 bytes
Welcome to the Party!!!

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:55 AM

Posted 01 December 2008 - 11:04 PM

Hello, Rollin' w/ Rock
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Rollin' w/ Rock

Rollin' w/ Rock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:12:55 PM

Posted 03 December 2008 - 08:00 PM

Hi Billy thank you for your help,

OTViewIt logfile created on: 12/3/2008 6:29:08 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\kerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 178.97 Mb Available Physical Memory | 34.99% Memory free
1.97 Gb Paging File | 1.49 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;D:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 3.50 Gb Free Space | 21.85% Space Free | Partition Type: NTFS
Drive D: | 58.56 Gb Total Space | 24.11 Gb Free Space | 41.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 618.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: kerry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/02/25 22:00:02 | 00,520,192 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MsMpEng.exe
[2008/02/25 22:00:02 | 00,520,192 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/09/07 11:24:05 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgwdsvc.exe
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2008/11/30 12:49:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe
[2008/07/03 16:16:50 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgrsx.exe
[2002/07/17 22:02:44 | 00,462,848 | ---- | M] () -- C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
[2001/09/25 09:32:50 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
[2000/08/08 12:32:12 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2008/09/07 11:24:21 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgemc.exe
[2002/11/06 10:42:32 | 00,585,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
[2002/07/03 19:17:00 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
[2007/08/31 12:01:22 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MSASCui.exe
[2008/11/27 09:26:31 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgtray.exe
[2008/11/30 12:49:26 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
[2007/08/31 11:58:52 | 00,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
[2001/08/18 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/03 18:27:48 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kerry\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/02/25 22:00:02 | 00,520,192 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/02/25 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/09/07 11:24:21 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/07 11:24:05 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- D:\ipod software update\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/11/30 12:49:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[1997/08/03 23:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE -- (MMIndexer [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2002/07/23 07:45:12 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2003/09/26 17:40:20 | 00,376,904 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer [Auto | Stopped])
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP [Auto | Stopped])
[2002/11/06 10:42:32 | 00,585,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP [Auto | Stopped])
[2002/07/17 22:02:44 | 00,462,848 | ---- | M] () -- C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer [Auto | Running])
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP [Auto | Running])
[2002/11/06 10:42:32 | 00,585,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP [Auto | Running])
[2001/09/25 09:32:50 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2000/08/08 12:32:12 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
File not found -- -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/02/14 11:59:00 | 01,169,792 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2008/02/26 00:51:43 | 02,863,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/09/07 11:23:56 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/03 16:16:48 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/03 16:18:19 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2003/12/03 16:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
[2003/10/14 20:53:20 | 00,186,100 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2003/09/18 20:47:22 | 00,496,800 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2003/08/28 03:24:08 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2003/08/28 03:24:24 | 00,136,448 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2000/12/05 18:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall [System | Running])
[2003/08/28 03:24:36 | 00,145,504 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/08/28 03:22:04 | 00,823,456 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2003/08/28 03:22:20 | 00,135,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k [On_Demand | Stopped])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2002/07/20 11:22:30 | 00,815,819 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem [On_Demand | Stopped])
[2003/08/28 03:24:06 | 00,113,840 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2007/08/21 01:13:00 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2002/04/18 04:02:00 | 00,016,288 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002/06/13 14:37:16 | 00,045,568 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2003/07/18 08:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (sisagp [Boot | Running])
[2002/08/02 13:56:00 | 00,590,464 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\soma.sys -- (soma [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2002/12/18 06:03:24 | 00,036,184 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS [On_Demand | Running])
[2002/02/11 13:13:36 | 00,009,024 | ---- | M] (STMicroelectronics ) -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m [On_Demand | Stopped])
[2008/03/14 18:13:13 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/02/18 10:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2001/09/27 11:00:26 | 00,028,396 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2002/07/19 15:25:58 | 00,202,880 | ---- | M] (YAMAHA CORPORATION) -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97 [On_Demand | Stopped])
[2008/02/23 21:35:29 | 00,186,592 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://portal.wowway.net/index.php?sid=7dda99302a2da2b65e02ac6f5a02f4d3&u_d=hellokerry@wowway.com#

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://portal.wowway.net/index.php?sid=7dda99302a2da2b65e02ac6f5a02f4d3&u_d=hellokerry@wowway.com#

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- D:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe (Easy Systems Japan Ltd.)
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
"SiS Tray"= File not found
"SunJavaUpdateSched"="D:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2007/03/07 00:24:44 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk.disabled
[2002/08/15 12:26:39 | 00,001,531 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk.disabled

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsHistory"=05 05 EA 09 [binary data]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsHistory"=05 05 EA 09 [binary data]

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Add animation to IncrediMail Style Box: C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm [2008/06/03 09:47:08 | 00,000,591 | ---- | M] ()
&Search: File not found
E&xport to Microsoft Excel: D:\Program Files\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: D:\Program Files\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: D:\Program Files\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\Software\Microsoft\Internet Explorer\MenuExt\]
&Add animation to IncrediMail Style Box: C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm [2008/06/03 09:47:08 | 00,000,591 | ---- | M] ()
&Search: File not found
E&xport to Microsoft Excel: D:\Program Files\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- D:\Program Files\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> D:\Program Files\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92D7F210-7F20-11d3-8157-0090278B20DE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> D:\Program Files\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92D7F210-7F20-11d3-8157-0090278B20DE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
turbotax.com: https in Trusted sites
34 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1266486392-3993469562-2165517387-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
turbotax.com: https in Trusted sites
34 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab -- QuickTime Object
{02CF1781-EA91-4FA5-A200-646E8241987C}: http://esupport.sony.com/VaioInfo.CAB -- Reg Error: Key does not exist or could not be opened.
{05317530-B882-449D-9421-18D94FA3ED34}: http://www.sis.com/ocis/OSInfo.cab -- OSInfo Control
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab -- Reg Error: Key does not exist or could not be opened.
{16095503-786F-4097-AED6-5D567A26D760}: http://www.sis.com/ocis/SiSAutodetectNT.cab -- SiS_OCX Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}: http://download.microsoft.com/download/0/5...b?1079208753937 -- MSSecurityAdvisor Class
{266B9238-31A5-4B53-9039-272FE846DF9D}: http://www.sis.com/download/SISTransfer.cab -- DiameterTransfer Control
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://www.pandasecurity.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{31E68DE2-5548-4B23-88F0-C51E6A0F695E}: https://support.microsoft.com/OAS/ActiveX/odc.cab -- Microsoft PID Sniffer
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- Reg Error: Key does not exist or could not be opened.
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab -- Reg Error: Key does not exist or could not be opened.
{4C39376E-FA9D-4349-BACC-D305C1750EF3}: http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab -- Reg Error: Key does not exist or could not be opened.
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1228067703968 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1228067679453 -- MUWebControl Class
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{88D969C0-F192-11D4-A65F-0040963251E5}: http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab -- XML DOM Document 4.0
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{A305FBA3-4A87-483D-A53B-138F9F635357}: http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB -- Reg Error: Key does not exist or could not be opened.
{A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}: http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab -- DDRevision Class
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe -- Virtools WebPlayer Class
{DF304508-B304-11D3-B860-00201857EBF5}: http://www.imagestation.com/common/classes...ab?ver=2,0,0,50 -- Reg Error: Key does not exist or could not be opened.
{E855A2D4-987E-4F3B-A51C-64D10A7E2479}: http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab -- Reg Error: Key does not exist or could not be opened.
{EB387D2F-E27B-4D36-979E-847D1036C65D}: http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?321 -- QDiagHUpdateObj Class
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}: http://download.mcafee.com/molbin/iss-loc/...432/mcfscan.cab -- McFreeScan Class
{F00F4763-7355-4725-82F7-0DA94A256D46}: http://www2.incredimail.com/contents/setup...er/imloader.cab -- Reg Error: Key does not exist or could not be opened.
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su/...15034/CTPID.cab -- Reg Error: Key does not exist or could not be opened.
{FF054BED-D972-4215-897E-726C3488DDBB}: http://supportcentral4.sel.sony.com/sdccom...oad/sonyctl.CAB -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{09A6116E-5382-4919-942D-8B7393CE205C} (Servers: | Description: )
{1BB0E833-04E5-453F-9BE5-0466D765C47A} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{243CB201-0043-40AB-B705-297F7A662EE4} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/03 16:16:50 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WRNotifier: "DllName" = WRLogonNTF.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
>[2001/09/18 18:37:34 | 00,016,973 | ---- | M] () -- C:\WINDOWS\system32\ZWebAuth.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/08/03 10:18:45 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.exe [MZ | ]
[2006/09/22 15:21:00 | 01,026,856 | R--- | M] (Microsoft Corporation) -- F:\autorun.exe -- [ CDFS ]

Autorun.inf [[autorun] | open=autorun.exe | icon=autorun.exe | Name=ZT2MMD1 | | shell\setup=&Install Zoo Tycoon 2 - Marine Mania | shell\setup\command=setup.exe | ]
[2006/09/22 15:21:00 | 00,000,144 | R--- | M] () -- F:\Autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cfe994e-ebbe-11dc-a631-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cfe994e-ebbe-11dc-a631-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cfe994e-ebbe-11dc-a631-00038a000015}\Shell\AutoRun\command]
""=I:\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f1714a-eaff-11dc-a630-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f1714a-eaff-11dc-a630-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f1714a-eaff-11dc-a630-00038a000015}\Shell\AutoRun\command]
""=I:\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\autorun.exe -- [2006/09/22 15:21:00 | 01,026,856 | R--- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/12/03 18:27:35 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kerry\Desktop\OTViewIt.exe
[2008/12/03 18:11:19 | 00,020,480 | ---- | C] () -- D:\my documents\The year was 1775.doc
[2008/12/03 00:00:44 | 00,540,107 | ---- | C] () -- D:\my documents\MOV00001.MPG
[2008/11/30 13:56:18 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/11/30 13:36:03 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/11/30 13:12:24 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/11/30 13:09:12 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/11/30 13:08:55 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/11/30 13:08:45 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/11/30 13:08:36 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/11/30 13:08:25 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/11/30 13:07:56 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/30 13:06:40 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/30 13:06:34 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/25 23:10:31 | 53,644,9024 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/25 23:04:07 | 03,375,239 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000002-80661102}.BAK
[2008/11/24 00:05:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/11/23 23:38:03 | 00,000,966 | ---- | C] () -- D:\my documents\AVG report from 11-23-08.csv
[2008/11/23 22:47:36 | 00,022,528 | ---- | C] () -- D:\my documents\Dear Dorothy.doc
[2008/11/23 19:08:55 | 00,020,480 | ---- | C] () -- D:\my documents\Dear.doc
[2008/11/23 14:18:45 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/21 18:24:35 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/21 16:18:22 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\kerry\Desktop\Spybot - Search & Destroy.lnk
[2008/11/18 20:24:55 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/18 20:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/18 20:19:42 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/18 19:08:59 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\kerry\Desktop\SDFix.exe
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\kerry\Desktop\SDFix.exe:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\kerry\Desktop\SDFix.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[2008/11/16 12:41:35 | 00,184,652 | ---- | C] () -- D:\my documents\cc_20081116_124127.reg
[2008/11/16 11:12:16 | 00,020,992 | ---- | C] () -- D:\my documents\Canadian Snowy Owl.doc
[2008/11/13 16:45:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
[2008/11/12 22:22:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kerry\Application Data\Malwarebytes
[2008/11/12 22:22:33 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/12 22:22:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/12 22:22:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/12 22:22:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/12 22:22:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/12/03 18:27:48 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kerry\Desktop\OTViewIt.exe
[2008/12/03 18:11:19 | 00,020,480 | ---- | M] () -- D:\my documents\The year was 1775.doc
[2008/12/03 16:34:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/03 16:32:20 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/12/03 16:31:48 | 30,533,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/03 16:31:48 | 00,077,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/03 16:29:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/03 16:28:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/03 16:28:27 | 53,644,9024 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/03 05:20:10 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/03 05:20:10 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/03 05:20:10 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000002-80661102}.dat
[2008/12/03 05:20:10 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000F-00001102-00000002-80661102}.dat
[2008/12/03 05:20:09 | 00,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000F-00001102-00000002-80661102}.rfx
[2008/12/03 05:20:09 | 00,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000F-00001102-00000002-80661102}.rfx
[2008/12/03 05:20:09 | 00,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000F-00001102-00000002-80661102}.rfx
[2008/12/03 05:20:09 | 00,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000F-00001102-00000002-80661102}.rfx
[2008/12/02 23:58:41 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\kerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/02 00:02:43 | 01,578,434 | -H-- | M] () -- C:\Documents and Settings\kerry\Local Settings\Application Data\IconCache.db
[2008/11/30 14:22:38 | 00,124,048 | ---- | M] () -- C:\Documents and Settings\kerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/30 14:17:48 | 00,415,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/30 13:58:16 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/30 13:36:14 | 00,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/30 13:29:58 | 00,000,932 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/30 00:13:30 | 00,000,232 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2008/11/25 23:04:07 | 03,375,239 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000002-80661102}.CDF
[2008/11/25 23:04:06 | 03,375,239 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000F-00001102-00000002-80661102}.BAK
[2008/11/23 23:38:03 | 00,000,966 | ---- | M] () -- D:\my documents\AVG report from 11-23-08.csv
[2008/11/23 22:47:37 | 00,022,528 | ---- | M] () -- D:\my documents\Dear Dorothy.doc
[2008/11/23 20:08:29 | 00,020,480 | ---- | M] () -- D:\my documents\Dear.doc
[2008/11/23 19:20:26 | 00,001,157 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\5550 printer assistant.lnk
[2008/11/23 18:56:10 | 00,000,000 | ---- | M] () -- C:\temp.html
[2008/11/21 16:18:22 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\kerry\Desktop\Spybot - Search & Destroy.lnk
[2008/11/18 21:32:13 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\kerry\Desktop\SDFix.exe
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\kerry\Desktop\SDFix.exe:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\kerry\Desktop\SDFix.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[2008/11/18 20:27:18 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/18 20:24:55 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/16 16:27:29 | 00,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/16 12:42:11 | 00,184,652 | ---- | M] () -- D:\my documents\cc_20081116_124127.reg
[2008/11/16 12:35:39 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\kerry\Desktop\CCleaner.lnk
[2008/11/16 11:12:16 | 00,020,992 | ---- | M] () -- D:\my documents\Canadian Snowy Owl.doc
[2008/11/12 22:22:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/12 16:37:19 | 00,444,858 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/12 16:37:19 | 00,072,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/12 16:37:13 | 00,526,534 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/12 16:36:34 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
< End of report >





OTViewIt Extras logfile created on: 12/3/2008 6:29:09 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\kerry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 178.97 Mb Available Physical Memory | 34.99% Memory free
1.97 Gb Paging File | 1.49 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;D:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.00 Gb Total Space | 3.50 Gb Free Space | 21.85% Space Free | Partition Type: NTFS
Drive D: | 58.56 Gb Total Space | 24.11 Gb Free Space | 41.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 618.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINK
Current User Name: kerry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2002/07/18 23:27:26 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe:*:enabled:SV_Httpd
[2002/11/06 10:42:32 | 00,585,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe:*:enabled:UPnPFramework
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
File not found -- C:\Program Files\support.com\client\bin\tgcmd.exe:*:Disabled:tgcmd Module
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2008/02/08 16:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\Common Files\AOL\1143607685\ee\aim6.exe:*:Disabled:AIM
File not found -- C:\Program Files\Common Files\AOL\1143607685\ee\aolsoftware.exe:*:Disabled:AOL Services
File not found -- D:\Program Files\itunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Documents and Settings\kerry\Local Settings\Temporary Internet Files\Content.IE5\DXSD1HXA\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
[2008/07/24 13:22:28 | 00,243,072 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
[2008/07/24 13:22:22 | 00,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
[2008/07/24 13:22:24 | 00,112,000 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\ModTheSims2.com\Q-Xpress Installer\QXpress.exe:*:Enabled:Q-Xpress Installer
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Documents and Settings\kerry\Local Settings\Temporary Internet Files\Content.IE5\Y0DES6Z7\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
[2002/10/07 14:57:28 | 00,188,482 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media 2.0\Vc.exe:*:Enabled:VAIO Media 2.0
File not found -- C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player
File not found -- C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer
[2006/09/22 15:21:00 | 07,520,552 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable
File not found -- C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
File not found -- C:\Documents and Settings\kerry\Local Settings\Temporary Internet Files\Content.IE5\XK7LAL5N\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
[2007/12/07 02:33:26 | 08,720,384 | ---- | M] () -- D:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
[2008/09/07 11:20:23 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/07 11:24:21 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\Program Files\Common Files\AOL\1152809172\ee\aim6.exe:*:Disabled:AIM
File not found -- C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
[2005/11/02 22:01:14 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1200547266\ee\aolsoftware.exe:*:Disabled:AOL Services
File not found -- C:\Program Files\Common Files\AOL\1152809172\ee\aolsoftware.exe:*:Disabled:AOL Services
File not found -- D:\Program Files\Avant Browser\avant.exe:*:Disabled:Avant Browser
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5
File not found -- D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax
File not found -- D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager
File not found -- C:\Program Files\Pogo Games\Zuma Deluxe\Zuma.exe:*:Disabled:Zuma
File not found -- C:\Documents and Settings\kerry\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer
[2008/03/30 09:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- D:\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 16:17:42 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) D:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{035E858B-2E6E-7AC7-16A9-41506F698D1E}"=Catalyst Control Center Graphics Full New
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{10798AE3-DCBB-43C3-9C93-C23512427E25}"=The Sims Deluxe Edition
"{109D28C7-FB38-483A-9C91-001CB59E2699}"=EPSON CardMonitor
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}"=OpenMG Secure Module 3.1
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}"=VAIO Media 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{27337663-2619-11D4-99DC-0000F49094C7}"=Memory Stick Formatter
"{27C5164D-ED0E-4D64-B788-93305BD62100}"=PictureGear Studio 1.0
"{29F61465-428A-11D4-B646-00C04F790F76}"=DVgate
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2F06D374-97CE-D8FB-9383-73150A2382DF}"=CCC Help English
"{2F93BFDD-EECE-924B-54ED-B0896F03D758}"=Catalyst Control Center Graphics Previews Common
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160060}"=Java™ SE Development Kit 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}"=Music Visualizer Library 1.4.00
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}"=VAIO Action Setup
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{47D684C4-817D-11D5-818F-009027864C7F}"=pressplay
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}"=Support Actions WinXP
"{4CCC7F68-A437-4559-A840-F5E010934951}"=HP Driver Diagnostics
"{4FA944D6-623E-EBBD-47D7-CE02A28C0796}"=Catalyst Control Center Graphics Light
"{51EC8E8F-9126-403B-84BE-128E8A8D98DF}"=SiS® 650 Chipset Driver for Microsoft® Windows® XP
"{55850AA3-0142-4462-8DD3-D1D6748F79C9}"=Art Explosion Label Factory Deluxe
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}"=EPSON PhotoStarter3.0
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}"=VAIO Help & Support
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6990A2BF-D1D2-11D3-81BC-00609789C908}"=Sony DV Shared Library
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}"=VAIO Media Installer 2.0
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}"=SonicStage 1.5.00
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{761C9026-14F0-4352-8658-934558272404}"=VAIO Edit Components LE
"{77654E99-F083-ED32-B326-118741828039}"=Catalyst Control Center Graphics Full Existing
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7D8FAC4F-5E20-4674-B642-0C141DC68D3A}"=WordPerfect Office 2002
"{87CA98F3-0A13-77FE-A9F0-2AB1F28D741A}"=ccc-core-preinstall
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8C5FAD77-F678-4758-A296-C12F08D179E0}"=Microsoft IntelliPoint 6.2
"{8C8BC74F-E17F-4D59-D098-2F90BB9AE9E0}"=Skins
"{8E1A8479-D871-4573-AA8C-90BF0338B242}"=VAIO Media Photo Server 2.0
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office PowerPoint Viewer 2003
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}"=Sound Blaster Live!
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9B5337F7-0444-5607-A397-909EFEFA7CFF}"=Catalyst Control Center Core Implementation
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}"=The Sims 2 Glamour Life Stuff
"{9F70BF98-003C-491D-81FC-FF9792206AF0}"=iTunes
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A70500000002}"=Adobe Reader 7.0.8
"{B406605B-45FE-4D8F-8250-1E77479583AE}"=Zoo Tycoon 2 - Marine Mania
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6A51892-D4A5-616B-4489-44B790179455}"=ccc-utility
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{CB20D3BC-6C7C-A9CA-D679-914240CDA0D3}"=ccc-core-static
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{D0448678-1203-4158-A58F-B3D0B616BF9E}"=Sony Certificate PCH
"{D4A49B00-02F8-11D5-B64D-00C04F790F76}"=MovieShaker 3.3
"{DC226AC9-0314-496C-BE6A-B6A132628466}"=SiSAGP driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}"=VAIO Media Platform 2.0
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1"=AusLogics Disk Defrag
"{DF733005-0F40-11D6-9254-0000F460E7A9}"=VAIO Media Music Server 2.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Agere Systems Soft Modem"=Agere Systems AC'97 Modem
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"Cartoonist_is1"=Cartoonist 1.3
"CCleaner"=CCleaner (remove only)
"CEP - Colour Enable Packages_is1"=CEP - Color Enable Package
"Easy Upload Tools"=ImageStation Easy Upload Tools
"EPSON Printer and Utilities"=EPSON Printer Software
"FastStone Image Viewer"=FastStone Image Viewer 3.5
"Fun Pack"=Fun Pack Uninstaller
"HijackThis"=HijackThis 2.0.2
"hp deskjet 5550 series"=hp deskjet 5550 series (Remove only)
"hp instant support"=hp instant support
"hp print screen utility"=hp print screen utility
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"IncrediMail"=IncrediMail Xe
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}"=Zoo Tycoon 2 - Marine Mania
"LimeWire"=LimeWire 4.16.6
"Lucent Technologies Soft Modem"=Lucent Technologies Soft Modem AMR
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Media Manager 1.5"=Microsoft Media Manager 1.5
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Motion JPEG Software Decoder"=Motion JPEG Software Decoder
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS"=Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Q-Xpress Installer"=Q-Xpress Installer 1.1.9
"RealProducer 8.5"=RealProducer Basic 8.5
"Shockwave"=Shockwave
"Silent Package Run-Time Sample"=ESPR320 Reference Guide
"SpongeBob Diner Dash"=SpongeBob Diner Dash
"SysInfo"=Creative System Information
"Tweak UI 2.10"=Tweak UI
"Virtools3DLifePlayer"=Virtools 3D Life Player
"WebPost"=Microsoft Web Publishing Wizard 1.52
"WIC"=Windows Imaging Component
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Zoo Tycoon 1.0"=Zoo Tycoon: Complete Collection

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2008 1:00:04 PM | Computer Name = LINK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/23/2008 1:00:02 PM | Computer Name = LINK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/25/2008 8:39:12 PM | Computer Name = LINK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/27/2008 1:00:03 PM | Computer Name = LINK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/29/2008 1:00:01 PM | Computer Name = LINK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/30/2008 1:38:00 PM | Computer Name = LINK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/30/2008 1:38:38 PM | Computer Name = LINK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 11/30/2008 3:30:18 PM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application startup.exe, version 1.11.0.0, faulting module
startup.exe, version 1.11.0.0, fault address 0x0000fe91.

Error - 12/3/2008 12:46:57 AM | Computer Name = LINK | Source = Application Error | ID = 1000
Description = Faulting application photocollection.exe, version 1.0.0.8010, faulting
module photocollection.exe, version 1.0.0.8010, fault address 0x000b3439.

Error - 12/3/2008 12:47:11 AM | Computer Name = LINK | Source = Application Error | ID = 1001
Description = Fault bucket 836620839.

[ System Events ]
Error - 12/3/2008 3:26:40 AM | Computer Name = LINK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/3/2008 3:26:42 AM | Computer Name = LINK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/3/2008 5:28:59 PM | Computer Name = LINK | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 12/3/2008 5:30:10 PM | Computer Name = LINK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/3/2008 5:30:10 PM | Computer Name = LINK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VAIO Media Music Server
(Application) service to connect.

Error - 12/3/2008 5:30:10 PM | Computer Name = LINK | Source = Service Control Manager | ID = 7000
Description = The VAIO Media Music Server (Application) service failed to start
due to the following error: %%1053

Error - 12/3/2008 5:30:10 PM | Computer Name = LINK | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Music Server (HTTP) service depends on the VAIO Media
Music Server (Application) service which failed to start because of the following
error: %%1053

Error - 12/3/2008 5:30:10 PM | Computer Name = LINK | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Music Server (UPnP) service depends on the VAIO Media
Music Server (HTTP) service which failed to start because of the following error:
%%1068

Error - 12/3/2008 7:06:43 PM | Computer Name = LINK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/3/2008 7:06:45 PM | Computer Name = LINK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >






GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-03 19:25:14
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1452] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Sony\PictureGear Studio\SharedData\Illust\Season\019Hallowe\x0081fen.png 1

---- EOF - GMER 1.0.14 ----
Welcome to the Party!!!

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:55 AM

Posted 04 December 2008 - 06:18 PM

Hello, Rollin' w/ Rock
Panda detected files which are part of SDFix. These aren't malware.

I don't see any malware on this system. Are you still having problems?

You may have a failing hard disk:

[ System Events ]
Error - 12/3/2008 3:26:40 AM | Computer Name = LINK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/3/2008 3:26:42 AM | Computer Name = LINK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Rollin' w/ Rock

Rollin' w/ Rock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:12:55 PM

Posted 05 December 2008 - 10:18 PM

Hi Billy,
My start screen is now not freezing, but for a long time now we have not been able to sign in using any other user besides mine. You know when you start the computer and you log on to a certain name. Well the other user accounts don't work they come on but nothing saves like the screen savers or desktop picture etc.. they go away when it is colsed and re-logged on. It's like a guest account. I have tried all the basics of the user accounts menu. I have heard that you can have to many accounts made but they don't show up. I canceled them but I think they didn't really cancel. But yet they are still in your computer and that is why my accounts I want to use won't work. (Because they are still deep in the computer depths somewhere). Is there a way to clear those accounts out without ruining my account? Or I also heard that it could be from a virus. But you say my computer is clean? Right? I don't have any viruses or adware or anything? That makes me happy. And it starts up and shuts down very slowly. Ok now here is the scan you asked for. Again thank you for your help!

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3665 (20081204)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=b449eb1344ac034594243728bffa4172
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-05 07:35:43
# local_time=2008-12-05 02:35:43 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=726400
# found=0
# scan_time=14714
Welcome to the Party!!!

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:55 AM

Posted 06 December 2008 - 04:58 PM

Can you delete the existing accounts and create new ones?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Rollin' w/ Rock

Rollin' w/ Rock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:12:55 PM

Posted 08 December 2008 - 05:08 PM

Hi Billy,
I can delete and make new. But, the new account works the same way. I can not save anything with this account, like wallpaper or anything that was previously opened doesn't show up on the start menu. The IE doesn't work right either. I can't change the home page. It always starts with msnrunonce page.
Welcome to the Party!!!

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:55 AM

Posted 08 December 2008 - 10:29 PM

Hello, Rollin' w/ Rock
Please Set Your System to Show Hidden Files
If you are using Windows XP or earlier:
  • Go to Start -> My Computer (Or click the My Computer icon on your desktop)
  • Go to the Tools Menu -> Folder Options.
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
If you are using Windows Vista:
  • Please go to Start -> Computer
  • Click on Posted Image
  • Click on Posted Image
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
Reboot.

Rename the folder
C:\Documents and Settings\Default User
to
C:\Documents and Settings\Default User.old

Let me know if you can create working acobleeps now :thumbsup:

Billy3

Edited by Billy O'Neal, 08 December 2008 - 10:30 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Rollin' w/ Rock

Rollin' w/ Rock
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:michigan
  • Local time:12:55 PM

Posted 10 December 2008 - 10:37 PM

Hi Billy,
I renamed the file and tried to log on to the user account already made and it did not change it still works the same. And tried to make a new user account and it came up saying, right after I click on the user account name: The system can not log on to this account because it can't find the profile so it will log on using the default account (I think?). It only gave me a few seconds to read this so I'm not sure of the exact wording. Thsi must be what is wrong with the 2nd account I already have. It must be a default account. Thank you for your help so far. We seem to be on different schedules.
Welcome to the Party!!!

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:55 AM

Posted 11 December 2008 - 09:28 PM

Alright then :thumbsup:

I think we have reached a point where this is beyond my ability to repair. I would head over to the XP forums here:

http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Start a new thread, and provide a link back to this one so that they know you've been checked for malware.

Good luck!

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:55 AM

Posted 14 December 2008 - 11:07 AM

Hello, Rollin' w/ Rock
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users