[Resolved] windows system restore, windows search and other progr

Welcome to What the Tech! Register for a free account, or login > How does it work? We specialize in the removal of malicious software (malware),
but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn.

Spyware, Virus, Trojan, Rootkit? Remove malware -> Read this before posting a hijackthis log • Need help starting a new topic?

To avoid confusion, please do not post your question in someone else's topic. Start your own. Stay with your original topic when posting a follow up.

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

2 Pages

1 2 >

[Resolved] windows system restore, windows search and other progr, I think I'm gonna loose everything...

Options

sdabbs View Member Profile	Jul 6 2009, 10:46 AM Post #1
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	Hi Please Help !! I Think I have a virus on my computer, I first noticed a whie line going across my laptop screen, I thought the screen had broken, I tried restarting the computer but the line still remained (while starting up and shutting down before, while, and after windows the line appeared constant) I read that if it was a problem with my screen the line should move when I moved my screen. So as a quick fix I performed a system rstore - this appeared to do nothing. Though afer about five minutes (just after I opened another application (adobe photoshop) the line just dissapeared. Later on noticed the windows search program (from the start tab) opened up but did not respond (just the little dog but a blank screen) - so I performed a malware bytes scan - It didn't come up with anthing. I then performed a regcure scan, I fixed the errors it highlighted - but the problem still persisted. I then noticed that the system restore became non reponsive (same open box with a blank screen). I scanned the mcafee - but it came up with nothing, Other programs since have began to not work - online streaming (flash player says it is not installed) my hot mail account and general images on the internet are not showing. I performed a hijackthis log- could somebody pleeeeeaaaaseee take a look and try and help me figure out where and what the problem is. While writing this I removed mcafee and installed AVG - this removed one virus (trojan horse) bit all of the other problems still remain and I am afraid tht everything on my computer will be lost! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:15:40, on 06/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\avgui.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\rundll32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\icondrv.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing) O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {75177ed7-dfe1-4aa7-bd89-b42e87fbdd52} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: .amaena.com O15 - Trusted Zone: .antispyexpert.com O15 - Trusted Zone: .avsystemcare.com O15 - Trusted Zone: .imageservr.com O15 - Trusted Zone: .imagesrvr.com O15 - Trusted Zone: .onerateld.com O15 - Trusted Zone: .safetydownload.com O15 - Trusted Zone: .spyguardpro.com O15 - Trusted Zone: .storageguardsoft.com O15 - Trusted Zone: .trustedantivirus.com O15 - Trusted Zone: .virusremover2008.com O15 - Trusted Zone: .virusschlacht.com O15 - Trusted Zone: .amaena.com (HKLM) O15 - Trusted Zone: .antispyexpert.com (HKLM) O15 - Trusted Zone: .avsystemcare.com (HKLM) O15 - Trusted Zone: .imageservr.com (HKLM) O15 - Trusted Zone: .imagesrvr.com (HKLM) O15 - Trusted Zone: .onerateld.com (HKLM) O15 - Trusted Zone: .safetydownload.com (HKLM) O15 - Trusted Zone: .spyguardpro.com (HKLM) O15 - Trusted Zone: .storageguardsoft.com (HKLM) O15 - Trusted Zone: .trustedantivirus.com (HKLM) O15 - Trusted Zone: .virusremover2008.com (HKLM) O15 - Trusted Zone: .virusschlacht.com (HKLM) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file) O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing) O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 15194 bytes

CatByte View Member Profile	Jul 6 2009, 01:30 PM Post #2
Classroom Administrator Group: Classroom Admin Posts: 12,670 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi, Please do the following: Open HiJackThis Click on Do a system scan only Check the boxes next to ONLY the entries listed below (if still present): F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\icondrv.exe, O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing) O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing) O2 - BHO: (no name) - {75177ed7-dfe1-4aa7-bd89-b42e87fbdd52} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (file missing) O15 - Trusted Zone: .amaena.com O15 - Trusted Zone: .antispyexpert.com O15 - Trusted Zone: .avsystemcare.com O15 - Trusted Zone: .imageservr.com O15 - Trusted Zone: .imagesrvr.com O15 - Trusted Zone: .onerateld.com O15 - Trusted Zone: .safetydownload.com O15 - Trusted Zone: .spyguardpro.com O15 - Trusted Zone: .storageguardsoft.com O15 - Trusted Zone: .trustedantivirus.com O15 - Trusted Zone: .virusremover2008.com O15 - Trusted Zone: .virusschlacht.com O15 - Trusted Zone: .amaena.com (HKLM) O15 - Trusted Zone: .antispyexpert.com (HKLM) O15 - Trusted Zone: .avsystemcare.com (HKLM) O15 - Trusted Zone: .imageservr.com (HKLM) O15 - Trusted Zone: .imagesrvr.com (HKLM) O15 - Trusted Zone: .onerateld.com (HKLM) O15 - Trusted Zone: .safetydownload.com (HKLM) O15 - Trusted Zone: .spyguardpro.com (HKLM) O15 - Trusted Zone: .storageguardsoft.com (HKLM) O15 - Trusted Zone: .trustedantivirus.com (HKLM) O15 - Trusted Zone: .virusremover2008.com (HKLM) O15 - Trusted Zone: .virusschlacht.com (HKLM) O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file) O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file) Close all windows except Hijackthis and click Fix Checked Click Yes when prompted Close HijackThis. NEXT Go Start > Run and copy/paste the following single-line command into the Run box and click OK: QUOTE cmd /c del /f/a/q "C:\WINDOWS\system32\icondrv.exe" NEXT Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in. NEXT Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop, and attach it in your reply. Caution Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

sdabbs View Member Profile	Jul 6 2009, 02:07 PM Post #3
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	HI CatByte, Many thanks for your quick response - greatly appreciated. I followed your instructions, everything went fine until I scanned with GMER, it started to scan and then the computer crashed (big blue screen with an error message) I tried this twice to make sure that I didn't make a mistake and I got the same blue screen again. Here are the results from OTL - (OTL) OTL logfile created on: 06/07/2009 20:52:21 - Run 1 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\fabi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1022.37 Mb Total Physical Memory \| 559.19 Mb Available Physical Memory \| 54.70% Memory free 2.40 Gb Paging File \| 2.10 Gb Available in Paging File \| 87.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 87.01 Gb Total Space \| 24.45 Gb Free Space \| 28.10% Space Free \| Partition Type: NTFS Drive D: \| 5.56 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF1.02 Drive E: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 414.48 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive G: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive H: \| 216.14 Mb Total Space \| 126.66 Mb Free Space \| 58.60% Space Free \| Partition Type: FAT I: Drive not present or media not loaded Drive J: \| 713.41 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive K: \| 121.16 Mb Total Space \| 119.38 Mb Free Space \| 98.53% Space Free \| Partition Type: FAT Computer Name: DC59QB2J Current User Name: fabi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== (extras) OTL Extras logfile created on: 06/07/2009 20:52:21 - Run 1 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\fabi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1022.37 Mb Total Physical Memory \| 559.19 Mb Available Physical Memory \| 54.70% Memory free 2.40 Gb Paging File \| 2.10 Gb Available in Paging File \| 87.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 87.01 Gb Total Space \| 24.45 Gb Free Space \| 28.10% Space Free \| Partition Type: NTFS Drive D: \| 5.56 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF1.02 Drive E: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 414.48 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive G: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive H: \| 216.14 Mb Total Space \| 126.66 Mb Free Space \| 58.60% Space Free \| Partition Type: FAT I: Drive not present or media not loaded Drive J: \| 713.41 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive K: \| 121.16 Mb Total Space \| 119.38 Mb Free Space \| 98.53% Space Free \| Partition Type: FAT Computer Name: DC59QB2J Current User Name: fabi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ==========

sdabbs View Member Profile	Jul 6 2009, 02:15 PM Post #4
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	I tried a 3rd time just in case - the same thing happened - The error screen says - A problem has been detected and windows has been shut down to prevent damage to your computer. IRQL_NOT_LESS_OR_EQUAL (If problem persists, BLAH BLAH BLAH) Technical information: *** STOP: 0X0000000A (0X00000000, 0X0000001C, 0X00000001, 0X804FB03C)

CatByte View Member Profile	Jul 6 2009, 02:40 PM Post #5
Classroom Administrator Group: Classroom Admin Posts: 12,670 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi, Please disable all your security programs and try to run the program in safe mode. To Enter Safemode Go to Start> Shut off your Computer> Restart As the computer starts to boot-up, Tap the F8 KEY repeatedly, this will bring up a menu. Use the Up and Down Arrow Keys to scroll up to Safemode Then press the Enter Key on your Keyboard go into your usual account

sdabbs View Member Profile	Jul 6 2009, 03:12 PM Post #6
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	Cheers, it seems to be working now... I will put the files up now This post has been edited by sdabbs: Jul 6 2009, 03:14 PM

CatByte View Member Profile	Jul 6 2009, 03:23 PM Post #7
Classroom Administrator Group: Classroom Admin Posts: 12,670 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi, can you also look for the OTL log, it should be about 4 times longer than what was posted... You should be able to locate it in the OTTools folder on your C:\ drive

sdabbs View Member Profile	Jul 6 2009, 04:13 PM Post #8
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	Sorry about that, I'm still waiting for GMER, here is the OTL : OTL logfile created on: 06/07/2009 20:52:21 - Run 1 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\fabi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1022.37 Mb Total Physical Memory \| 559.19 Mb Available Physical Memory \| 54.70% Memory free 2.40 Gb Paging File \| 2.10 Gb Available in Paging File \| 87.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 87.01 Gb Total Space \| 24.45 Gb Free Space \| 28.10% Space Free \| Partition Type: NTFS Drive D: \| 5.56 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF1.02 Drive E: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 414.48 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive G: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive H: \| 216.14 Mb Total Space \| 126.66 Mb Free Space \| 58.60% Space Free \| Partition Type: FAT I: Drive not present or media not loaded Drive J: \| 713.41 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive K: \| 121.16 Mb Total Space \| 119.38 Mb Free Space \| 98.53% Space Free \| Partition Type: FAT Computer Name: DC59QB2J Current User Name: fabi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation) PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe () PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\WINDOWS\System32\PSIService.exe () PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) PRC - C:\Program Files\NetWaiting\netWaiting.exe () PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom) PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Documents and Settings\fabi\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Ati HotKey Poller [Auto \| Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CSIScanner [Auto \| Stopped]) -- File not found SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (EvtEng [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (gusvc [Disabled \| Stopped]) -- File not found SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (License Management Service ESD [On_Demand \| Stopped]) -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe () SRV - (mcmscsvc [Auto \| Stopped]) -- File not found SRV - (McNASvc [Auto \| Stopped]) -- File not found SRV - (McODS [On_Demand \| Stopped]) -- File not found SRV - (McProxy [Auto \| Stopped]) -- File not found SRV - (McrdSvc [Auto \| Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) SRV - (McShield [Unknown \| Stopped]) -- File not found SRV - (McSysmon [On_Demand \| Stopped]) -- File not found SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (MpfService [On_Demand \| Stopped]) -- File not found SRV - (MSCSPTISRV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (MSK80Service [Auto \| Stopped]) -- File not found SRV - (NWCWorkstation [Auto \| Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation) SRV - (PACSPTISVR [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (ProtexisLicensing [Auto \| Running]) -- C:\WINDOWS\System32\PSIService.exe () SRV - (RegSrvc [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (rpcapd [On_Demand \| Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (S24EventMonitor [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (SonicStage Back-End Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation) SRV - (SPTISRV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (SSScsiSV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (TabletServicePen [Auto \| Running]) -- C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (WLANKEEPER [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (61883 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation) DRV - (acedrv11 [Auto \| Running]) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (ADILOADER [Auto \| Stopped]) -- C:\WINDOWS\System32\Drivers\adildr.sys (Analog Deivces) DRV - (adiusbaw [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys (Analog Devices Inc.) DRV - (AegisP [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications) DRV - (AliIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (atksgt [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys () DRV - (Avc [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation) DRV - (AvgRkx86 [Disabled \| Running]) -- File not found DRV - (AvgTdiX [Disabled \| Running]) -- File not found DRV - (bcm4sbxp [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (Cinemsup [System \| Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions) DRV - (CmdIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (drvmcdb [Boot \| Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto \| Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (HDAudBus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HSF_DPV [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (lirsgt [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys () DRV - (mcdbus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV - (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (mferkdk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mraid35x [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (MSDV [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation) DRV - (nm [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation) DRV - (NPF [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies) DRV - (nv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nvport [System \| Running]) -- C:\WINDOWS\System32\Drivers\nvport.sys (NVIDIA Corporation.) DRV - (NwlnkIpx [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation) DRV - (NWRDR [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation) DRV - (omci [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Inc) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (pxscan [Boot \| Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx) DRV - (pxsec [Boot \| Running]) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx) DRV - (ql1080 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (rimmptsk [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC) DRV - (rimsptsk [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC) DRV - (rismxdp [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys (REDC) DRV - (s24trans [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System \| Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System \| Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions) DRV - (STHDA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (symc810 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (tfsnboio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (ultra [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (w39n51 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation) DRV - (wacommousefilter [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wacomvhid.sys (Wacom Technology) DRV - (WacomVKHid [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\WacomVKHid.sys (Wacom Technology) DRV - (winachsf [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (726 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe () O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [DellSupport] File not found O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 04:43:04 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/04/30 03:57:32 \| 00,054,544 \| R--- \| M] (Electronic Arts) - D:\Autorun.exe -- [ UDF1.02 ] O32 - AutoRun File - [2008/10/22 00:48:37 \| 00,000,045 \| R--- \| M] () - D:\Autorun.inf -- [ UDF1.02 ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:08 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:44:48 \| 00,000,156 \| R--- \| M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:01 \| 00,000,158 \| R--- \| M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:08 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:44:48 \| 00,000,156 \| R--- \| M] () - G:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:58:07 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:57:48 \| 00,000,166 \| R--- \| M] () - J:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009/04/13 19:18:26 \| 00,000,195 \| RHS- \| M] () - K:\autorun.inf -- [ FAT ] O33 - MountPoints2\{0b99b910-bc8c-11dd-954e-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{0b99b910-bc8c-11dd-954e-4d6564696130}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0b99b910-bc8c-11dd-954e-4d6564696130}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/30 03:57:32 \| 00,054,544 \| R--- \| M] (Electronic Arts) O33 - MountPoints2\{194f619f-ce00-11dd-9573-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{194f619f-ce00-11dd-9573-4d6564696130}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{194f619f-ce00-11dd-9573-4d6564696130}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3a14e331-7ab9-11dd-94d1-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{3a14e331-7ab9-11dd-94d1-4d6564696130}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{457777f6-9507-11dd-94fa-001422f8c291}\Shell - "" = AutoRun O33 - MountPoints2\{457777f6-9507-11dd-94fa-001422f8c291}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{457777f6-9507-11dd-94fa-001422f8c291}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\{74e514f9-7d81-11dd-94d8-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{74e514f9-7d81-11dd-94d8-4d6564696130}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{74e514f9-7d81-11dd-94d8-4d6564696130}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\{84bcdaaf-7b1e-11dd-94d2-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{84bcdaaf-7b1e-11dd-94d2-4d6564696130}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{84bcdaaf-7b1e-11dd-94d2-4d6564696130}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\{c6e85d16-5bcd-11dc-92ba-806d6172696f}\Shell\Autoplay\command - "" = icondrv.exe O33 - MountPoints2\{c6e85d16-5bcd-11dc-92ba-806d6172696f}\Shell\AutoRun\command - "" = icondrv.exe O33 - MountPoints2\{c6e85d16-5bcd-11dc-92ba-806d6172696f}\Shell\open\command - "" = icondrv.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/30 03:57:32 \| 00,054,544 \| R--- \| M] (Electronic Arts) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\.tmp files] [2009/07/06 20:51:24 \| 00,513,536 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\OTL.exe [2009/07/06 18:59:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Avg8 [2009/07/06 18:23:13 \| 10,721,03424 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/06 16:08:47 \| 00,010,520 \| ---- \| C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup [2009/07/05 22:30:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Application Data\Uniblue [2009/07/04 12:11:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData [2009/07/04 12:11:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009/07/04 12:11:09 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\My Documents\Electronic Arts [2009/07/04 12:09:52 \| 00,000,784 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk [2009/07/04 12:08:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft WSE [2009/07/04 12:07:54 \| 00,001,723 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk [2009/07/04 11:49:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Electronic Arts [2009/07/04 09:07:48 \| 00,008,212 \| ---- \| C] () -- C:\WINDOWS\mfebcdata [2009/07/02 17:11:16 \| 00,006,203 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/07/02 17:04:41 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor(2) [2009/07/02 17:01:00 \| 00,000,338 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/07/02 17:00:59 \| 00,000,330 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/07/02 17:00:43 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee(2) [2009/07/02 17:00:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee(2).com [2009/07/02 17:00:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/07/02 16:54:50 \| 00,034,248 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/07/02 16:47:33 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/07/02 16:32:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/07/02 16:31:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Local Settings\Application Data\Citrix [2009/07/01 15:15:15 \| 00,000,000 \| -H-D \| C] -- C:\Program Files\Uninstall Information [2009/07/01 14:28:07 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\FCC07EEAFA184A2191059666603C6885.TMP [2009/07/01 13:45:16 \| 00,001,825 \| ---- \| C] () -- C:\Documents and Settings\fabi\Desktop\McAfee Virtual Technician.lnk [2009/07/01 13:37:51 \| 00,000,284 \| ---- \| C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/07/01 13:37:47 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/07/01 13:17:42 \| 00,054,156 \| -H-- \| C] () -- C:\WINDOWS\QTFont.qfn [2009/07/01 13:17:42 \| 00,001,409 \| ---- \| C] () -- C:\WINDOWS\QTFont.for [2009/06/30 23:17:37 \| 00,000,005 \| ---- \| C] () -- C:\WINDOWS\System32\_id.dat [2009/06/19 13:33:06 \| 00,019,164 \| ---- \| C] () -- C:\Documents and Settings\fabi\My Documents\modeller_briefing_090610.pdf [2009/06/18 12:48:29 \| 00,025,088 \| ---- \| C] () -- C:\Documents and Settings\fabi\My Documents\Hi Dad.doc [2009/06/17 18:52:16 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Desktop\New Folder [2009/06/17 18:51:19 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2009/06/17 18:51:18 \| 00,159,232 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2009/05/21 11:19:39 \| 00,043,520 \| ---- \| C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008/12/17 11:57:46 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\Fast800.ini [2008/12/17 11:57:38 \| 00,000,342 \| ---- \| C] () -- C:\WINDOWS\adiras.ini [2008/12/17 11:57:38 \| 00,000,154 \| ---- \| C] () -- C:\WINDOWS\adidsl.ini [2008/12/17 11:57:35 \| 00,106,496 \| ---- \| C] () -- C:\WINDOWS\System32\coclassfast.dll [2008/12/17 11:57:34 \| 00,046,892 \| ---- \| C] () -- C:\WINDOWS\System32\adadix16.dll [2008/12/11 18:33:14 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\NDCurses.INI [2008/11/27 15:41:20 \| 00,000,069 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2008/11/21 13:12:36 \| 00,116,224 \| ---- \| C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008/07/20 12:44:24 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PROTOCOL.INI [2008/06/10 21:11:57 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PhantomOfVenice.INI [2008/05/28 21:54:48 \| 00,278,984 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008/05/28 21:54:48 \| 00,025,416 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008/05/08 18:46:14 \| 00,000,361 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2008/04/16 08:42:57 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2007/12/01 17:48:12 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\musicmv.INI [2007/12/01 13:59:59 \| 00,237,568 \| ---- \| C] () -- C:\WINDOWS\System32\lame_enc.dll [2007/12/01 13:59:50 \| 00,000,001 \| ---- \| C] () -- C:\WINDOWS\gaminon.dll [2007/12/01 12:42:28 \| 00,532,480 \| ---- \| C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2007/11/25 14:29:18 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\game.INI [2007/10/15 08:28:46 \| 00,001,301 \| ---- \| C] () -- C:\WINDOWS\script95.ini [2007/10/04 14:39:42 \| 00,000,168 \| RHS- \| C] () -- C:\WINDOWS\System32\973D450A65.sys [2007/09/07 22:50:47 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2007/09/05 21:56:12 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\650A453D97.sys [2007/09/05 21:56:05 \| 00,007,518 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/07/25 14:24:30 \| 01,559,040 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/01/25 18:31:36 \| 00,053,299 \| ---- \| C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/01/10 07:44:26 \| 01,457,024 \| R--- \| C] () -- C:\WINDOWS\System32\SSCProt.dll [2006/06/27 22:40:02 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006/06/27 22:31:04 \| 00,000,185 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2006/06/27 21:59:17 \| 00,016,480 \| ---- \| C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/06/27 21:58:01 \| 00,000,473 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/02/26 15:08:28 \| 00,585,728 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2005/08/16 04:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 04:18:43 \| 00,000,661 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 04:18:41 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 14:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/12/20 22:25:17 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2003/12/19 02:00:00 \| 00,013,387 \| ---- \| C] () -- C:\WINDOWS\System32\CinemSup.sys [2002/09/10 16:10:05 \| 00,495,616 \| ---- \| C] () -- C:\WINDOWS\System32\xvid.dll ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\.tmp files] [3 C:\WINDOWS\.tmp files] [2009/07/06 20:49:48 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\OTL.exe [2009/07/06 18:37:49 \| 00,000,661 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/07/06 18:37:49 \| 00,000,246 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/07/06 18:37:49 \| 00,000,210 \| -HS- \| M] () -- C:\boot.ini [2009/07/06 18:23:30 \| 00,000,436 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/07/06 18:23:25 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/07/06 18:23:18 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/07/06 18:23:13 \| 10,721,03424 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/06 16:08:47 \| 00,010,520 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup [2009/07/04 12:09:52 \| 00,000,784 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk [2009/07/04 12:07:55 \| 00,001,723 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk [2009/07/04 11:39:57 \| 00,054,156 \| -H-- \| M] () -- C:\WINDOWS\QTFont.qfn [2009/07/04 11:36:19 \| 00,027,656 \| ---- \| M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys [2009/07/04 11:36:19 \| 00,022,024 \| ---- \| M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2009/07/04 11:36:06 \| 00,000,185 \| ---- \| M] () -- C:\WINDOWS\wininit.ini [2009/07/04 10:52:28 \| 00,000,394 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\Shortcut to Shared Documents.lnk [2009/07/04 09:10:08 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/07/04 09:07:48 \| 00,008,212 \| ---- \| M] () -- C:\WINDOWS\mfebcdata [2009/07/04 09:07:47 \| 00,006,203 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/07/02 17:01:01 \| 00,000,338 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/07/02 17:00:59 \| 00,000,330 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\WindowsShell.Manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2009/07/01 14:31:57 \| 00,002,409 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2009/07/01 13:45:16 \| 00,001,825 \| ---- \| M] () -- C:\Documents and Settings\fabi\Desktop\McAfee Virtual Technician.lnk [2009/07/01 13:37:51 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/07/01 13:17:50 \| 00,001,409 \| ---- \| M] () -- C:\WINDOWS\QTFont.for [2009/06/30 23:17:43 \| 00,000,005 \| ---- \| M] () -- C:\WINDOWS\System32\_id.dat [2009/06/30 21:11:38 \| 00,000,069 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/06/30 16:40:26 \| 00,155,136 \| ---- \| M] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/20 09:37:38 \| 00,000,361 \| ---- \| M] () -- C:\WINDOWS\cdplayer.ini [2009/06/19 13:33:06 \| 00,019,164 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\modeller_briefing_090610.pdf [2009/06/18 12:57:52 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\Hi Dad.doc ========== LOP Check ========== [2009/07/06 18:59:17 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/04/08 11:44:40 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2008/03/03 21:18:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Christmasville [2009/07/02 16:32:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/07/04 12:11:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2008/03/27 13:09:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\element5 [2008/07/14 22:42:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2008/07/12 14:56:41 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games [2008/03/04 23:08:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames [2009/03/01 00:19:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2009/05/22 16:28:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\GeoVid [2006/06/27 22:26:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intel [2008/03/02 19:05:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2008/10/02 09:16:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2009/07/04 10:42:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI [2009/05/19 19:38:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/12/26 14:03:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2008/03/03 14:46:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2006/06/27 22:34:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/07/05 22:30:31 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\fabi\Application Data [2008/11/27 16:20:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Ahead [2009/04/16 14:20:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Amazon [2008/07/10 08:45:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Ambient Design [2008/05/28 21:46:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Anuman Interactive [2009/04/16 15:07:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\ATI [2008/03/03 16:09:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Big Fish Games [2009/04/15 13:43:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Canon [2008/10/01 15:26:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Corel [2007/09/06 14:59:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Corel Photo Album [2008/05/13 09:46:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\CyberLink [2008/07/10 20:16:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\DVD Flick [2008/10/07 14:36:17 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Flood Light Games [2008/03/04 23:08:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\FloodLightGames [2009/07/06 20:50:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Free Download Manager [2009/05/22 16:30:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\GeoVid [2006/06/27 22:26:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Intel [2007/11/05 12:15:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Leadertech [2008/12/05 18:41:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Opera [2009/04/23 14:46:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\pidle [2008/03/01 17:36:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\SpinTop [2009/03/08 17:54:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\SpinTop Games [2007/09/25 13:10:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Sytexis Software [2007/09/26 10:25:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Template [2008/12/26 14:00:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\TomTom [2009/07/05 22:30:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Uniblue [2009/07/06 17:09:18 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\uTorrent [2007/10/11 15:05:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\Viewpoint [2009/07/06 18:24:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\WTablet [2006/06/27 22:34:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\fabi\Application Data\You've Got Pictures Screensaver [2009/07/01 13:37:51 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 05:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/07/02 17:01:01 \| 00,000,338 \| ---- \| M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/07/02 17:00:59 \| 00,000,330 \| ---- \| M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/07/06 18:23:30 \| 00,000,436 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2009/05/19 19:54:18 \| 00,000,370 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure.job [2009/07/06 18:23:25 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88050731 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E5E0A4D @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2AAF611 @Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41A00CF0 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60B38AF3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF09BC9E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB64EAA8 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B8B2AF8 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60516BC3 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCCEABB @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9E9471A @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D41AB8D0 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C9F690 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068 @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1BCFD4A @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2 < End of report >

sdabbs View Member Profile	Jul 6 2009, 04:14 PM Post #9
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	OTL Extras logfile created on: 06/07/2009 20:52:21 - Run 1 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\fabi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1022.37 Mb Total Physical Memory \| 559.19 Mb Available Physical Memory \| 54.70% Memory free 2.40 Gb Paging File \| 2.10 Gb Available in Paging File \| 87.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 87.01 Gb Total Space \| 24.45 Gb Free Space \| 28.10% Space Free \| Partition Type: NTFS Drive D: \| 5.56 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF1.02 Drive E: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 414.48 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive G: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive H: \| 216.14 Mb Total Space \| 126.66 Mb Free Space \| 58.60% Space Free \| Partition Type: FAT I: Drive not present or media not loaded Drive J: \| 713.41 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive K: \| 121.16 Mb Total Space \| 119.38 Mb Free Space \| 98.53% Space Free \| Partition Type: FAT Computer Name: DC59QB2J Current User Name: fabi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent () C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe::Enabled:McAfee Network Agent File not found C:\WINDOWS\explorer.exe::Enabled:Explorer (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe::Enabled:iexplore (Microsoft Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe:*:Enabled:ZCfgSvc (Intel Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Sonic CinePlayer "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4038EAF0-6F8E-4068-88F6-A417958B8AC5}" = PDF Manual NW-E010 Series "{476F602E-76D0-4B93-A69D-AD9EC5E4F075}" = ArtRage 2 "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3 "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7 "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9BB25A44-1CE8-44B1-A709-CD4A574762F9}" = Dora Backpack "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{A6332A5D-CD49-48C7-A34E-4B3F7043B653}" = Dora the Explorer - Lost City "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module "{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D6367FFE-2D8C-4BB7-A1CB-9BFF32A81DF9}" = VAIO music transfer 1.2 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife "{FC18317E-BB91-4502-8909-E5AB70BC1033}" = Nero 7 Essentials "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "BFGC" = Big Fish Games Client "BFG-Dream Day First Home" = Dream Day First Home "BFG-Dream Day Wedding" = Dream Day Wedding "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "DellSupport" = Dell Support 5.0.0 (630) "DVD Flick_is1" = DVD Flick "EADM" = EA Download Manager "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] "Flash to Video Encoder_is1" = Flash to Video Encoder "G6 U-DISK Manager" = G6 U-DISK Manager Uninstall "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "Little Shop - Memories" = Little Shop - Memories "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239) "Magic ISO Maker v5.5 (build 0268)" = Magic ISO Maker v5.5 (build 0268) "MagicDisc 2.7.105" = MagicDisc 2.7.105 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Martine à la ferme_is1" = Martine à la ferme "Martine à la montagne_is1" = Micro Application - Martine à la montagne "McAfee Uninstall Utility" = McAfee Uninstaller "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "MP Navigator EX 1.2" = Canon MP Navigator EX 1.2 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01 "PDFCreator Toolbar" = PDFCreator Toolbar "Pen Tablet Driver" = Pen Tablet "ProInst" = Intel® PROSet/Wireless Software "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0 "QuickTime" = QuickTime "RealPlayer 6.0" = RealPlayer "RegCure" = RegCure 1.5.2.7 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.5.2.60 "Uninstaller_B1FFA000_517142 - ZBrush (Windows)" = 517142 - ZBrush (Windows) (Shared Components) "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6d "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinPcapInst" = WinPcap 4.0 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD" = XviD MPEG-4 Codec "Xvid_is1" = Xvid 1.1.3 final uninstall "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06/07/2009 10:16:05 \| Computer Name = DC59QB2J \| Source = Userenv \| ID = 1500 Description = Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Incorrect function. Error - 06/07/2009 12:18:50 \| Computer Name = DC59QB2J \| Source = Application Hang \| ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 06/07/2009 12:18:51 \| Computer Name = DC59QB2J \| Source = Application Hang \| ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 06/07/2009 12:20:00 \| Computer Name = DC59QB2J \| Source = Application Hang \| ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 06/07/2009 12:20:02 \| Computer Name = DC59QB2J \| Source = Application Hang \| ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 06/07/2009 13:23:24 \| Computer Name = DC59QB2J \| Source = Userenv \| ID = 1500 Description = Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Incorrect function. Error - 06/07/2009 13:23:25 \| Computer Name = DC59QB2J \| Source = Userenv \| ID = 1500 Description = Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Incorrect function. Error - 06/07/2009 13:23:49 \| Computer Name = DC59QB2J \| Source = Userenv \| ID = 1500 Description = Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Incorrect function. Error - 06/07/2009 13:24:00 \| Computer Name = DC59QB2J \| Source = Userenv \| ID = 1500 Description = Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Incorrect function. Error - 06/07/2009 13:24:16 \| Computer Name = DC59QB2J \| Source = Userenv \| ID = 1500 Description = Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Incorrect function. [ System Events ] Error - 06/07/2009 13:24:13 \| Computer Name = DC59QB2J \| Source = Service Control Manager \| ID = 7005 Description = The LoadUserProfile call failed with the following error: %%1 Error - 06/07/2009 13:24:13 \| Computer Name = DC59QB2J \| Source = Service Control Manager \| ID = 7005 Description = The LoadUserProfile call failed with the following error: %%1 Error - 06/07/2009 13:24:13 \| Computer Name = DC59QB2J \| Source = Service Control Manager \| ID = 7001 Description = The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: %%0 Error - 06/07/2009 13:24:13 \| Computer Name = DC59QB2J \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: mfehidk MPFP Error - 06/07/2009 13:24:17 \| Computer Name = DC59QB2J \| Source = Service Control Manager \| ID = 7005 Description = The LoadUserProfile call failed with the following error: %%1 Error - 06/07/2009 13:24:51 \| Computer Name = DC59QB2J \| Source = DCOM \| ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 06/07/2009 13:24:51 \| Computer Name = DC59QB2J \| Source = WMPNetworkSvc \| ID = 866306 Description = A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. Error - 06/07/2009 13:25:21 \| Computer Name = DC59QB2J \| Source = DCOM \| ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 06/07/2009 13:25:21 \| Computer Name = DC59QB2J \| Source = WMPNetworkSvc \| ID = 866306 Description = A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. Error - 06/07/2009 13:52:02 \| Computer Name = DC59QB2J \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} < End of report >

sdabbs View Member Profile	Jul 6 2009, 05:16 PM Post #10
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-07 00:14:45 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xF77C5680] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \FileSystem\Fastfat \Fat F6C58D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul@group file system Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul@imagepath \systemroot\system32\drivers\ovfsthkxjxlovrdlmhktitmltfaomlxevtlrpu.sys Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul@inst 0 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main@ver sni060409 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main@cid 01 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main@bid 335787761-1661826239-850354719-2506221119 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main@aid 998 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main@sid 3 Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main@feed 0x22 0x64 0x78 0x36 ... Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main\delete Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main\injector Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main\injector@iexplore.exe ovfsthwi.dll Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main\injector@explorer.exe ovfsthff.dll Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\main\tasks Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\modules Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthkxjxlovrdlmhktitmltfaomlxevtlrpu.sys Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\modules@ovfsth.dll \systemroot\system32\ovfsthmpbiqgqvfjhhbframowupqedlvtqfoto.dll Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\modules@ovfsthlog.dat \systemroot\system32\ovfsthnvhdrxdyymklxxduqskmnkdlrihpujbg.dat Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\modules@ovfsthwi.dll \systemroot\system32\ovfsthrjhbviunioiesmgrtkibcqfexxgdyuyw.dll Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\modules@ovfsthff.dll \systemroot\system32\ovfsthkikcqgyhbcnvhdjkgckvhsuxgcnsnven.dll Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\modules@ovfsth.dat \systemroot\system32\ovfsthbubefxstloqywplfeuewyarmhaewjqpn.dat Reg HKLM\SOFTWARE\Classes\.CorelProject@ CorelPhotoAlbumProject Reg HKLM\SOFTWARE\Classes\.xxx@ Panorama Reg HKLM\SOFTWARE\Classes\.ZTL@ ZTL_auto_file Reg HKLM\SOFTWARE\Classes\Collection@ Collection Reg HKLM\SOFTWARE\Classes\Collection\shell Reg HKLM\SOFTWARE\Classes\Collection\shell\open Reg HKLM\SOFTWARE\Classes\Collection\shell\open\command Reg HKLM\SOFTWARE\Classes\Collection\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\Collection\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\Collection\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject@ Photo Album 6 Project Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell\open Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell\open\command Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum@ Photo Album 6 Upload Album Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\command Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\FavoritePhotos@ FavoritePhotos Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\command Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\Keyword@ Keyword Reg HKLM\SOFTWARE\Classes\Keyword\shell Reg HKLM\SOFTWARE\Classes\Keyword\shell\open Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\command Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\Panorama@ Panorama Reg HKLM\SOFTWARE\Classes\Panorama\shell Reg HKLM\SOFTWARE\Classes\Panorama\shell\open Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\command Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\PhotoTray@ PhotoTray Reg HKLM\SOFTWARE\Classes\PhotoTray\shell Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\command Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6@ WAV Audio Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1 Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1" Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex\ContextMenuHandlers\RealPlayerHandler Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} Reg HKLM\SOFTWARE\Classes\SearchResult@ SearchResult Reg HKLM\SOFTWARE\Classes\SearchResult\shell Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\command Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\ZTL_auto_file@ Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell\open\command@ "C:\Program Files\Pixologic\ZBrush3\ZBrush3.exe" "%1" Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDF62E1F-B0C7-DF00-30CD-A309A58DF012} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDF62E1F-B0C7-DF00-30CD-A309A58DF012}@iakpchifdnlienklca 0x6A 0x61 0x6F 0x6E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDF62E1F-B0C7-DF00-30CD-A309A58DF012}@haebmcdbiekbbhia 0x6A 0x61 0x6F 0x6E ... Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell@WinPos640x480(1).left 44 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell@WinPos640x480(1).top 58 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell@WinPos640x480(1).right 524 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell@WinPos640x480(1).bottom 372 ---- EOF - GMER 1.0.15 ---- thank you

CatByte View Member Profile	Jul 6 2009, 05:36 PM Post #11
Classroom Administrator Group: Classroom Admin Posts: 12,670 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi Please do the following: Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. [2009/07/01 14:28:07 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\FCC07EEAFA184A2191059666603C6885.TMP O33 - MountPoints2\{c6e85d16-5bcd-11dc-92ba-806d6172696f}\Shell\Autoplay\command - "" = icondrv.exe O33 - MountPoints2\{c6e85d16-5bcd-11dc-92ba-806d6172696f}\Shell\AutoRun\command - "" = icondrv.exe O33 - MountPoints2\{c6e85d16-5bcd-11dc-92ba-806d6172696f}\Shell\open\command - "" = icondrv.exe :Services :Reg :Files :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time ) NEXT I would like you to upload a file to be scanned Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: C:\WINDOWS\mfebcdata Click on the Upload button If a pop-up appears saying the file has been scanned already, please select the ReScan button. Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply.

sdabbs View Member Profile	Jul 7 2009, 03:25 AM Post #12
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	Hi Catbyte, I was unable to upload the mfebcdata file from my computer, when I pressed the 'upload' button nothing happened (I'm having this problem allot). So I copied the file onto a keyfob and uploaded it with a different computer (the one I'm using now) Here is the result of the scan VirSCAN.org Scanned Report : Scanned time : 2009/07/07 10:13:44 (BST) Scanner results: All Scanners reported not find malware! File Name : mfebcdata File Size : 8212 byte File Type : data MD5 : 36c5584821599fd1758ab035161052a4 SHA1 : 05e5c1af24ab5e12dd5b1babcef0d36dc987fb97 Online report : http://virscan.org/report/aaa5cef650ce5ef4...fcddefbfcf.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.1 20090707013107 2009-07-07 2.89 - AhnLab V3 2009.07.06.02 2009.07.06 2009-07-06 2.01 - AntiVir 8.2.0.204 7.1.4.192 2009-07-07 0.14 - Antiy 2.0.18 20090705.2596636 2009-07-05 0.12 - Arcavir 2009 200907062115 2009-07-06 0.02 - Authentium 5.1.1 200907070054 2009-07-07 1.46 - AVAST! 4.7.4 090706-0 2009-07-06 0.00 - AVG 8.5.286 270.13.7/2222 2009-07-07 3.78 - BitDefender 7.81008.3654552 7.26419 2009-07-07 3.32 - CA (VET) 9.0.0.143 31.6.6596 2009-07-06 3.90 - ClamAV 0.95.2 9539 2009-07-07 0.01 - Comodo 3.9 1538 2009-07-02 0.84 - CP Secure 1.1.0.715 2009.07.07 2009-07-07 11.43 - Dr.Web 4.44.0.9170 2009.07.07 2009-07-07 4.88 - F-Prot 4.4.4.56 20090706 2009-07-06 1.27 - F-Secure 5.51.6100 2009.07.07.02 2009-07-07 0.04 - Fortinet 2.81-3.120 10.577 2009-07-06 0.47 - GData 19.6318/19.388 20090707 2009-07-07 6.77 - ViRobot 20090706 2009.07.06 2009-07-06 0.49 - Ikarus T3.1.01.64 2009.07.07.72991 2009-07-07 4.37 - JiangMin 11.0.800 2009.07.07 2009-07-07 12.13 - Kaspersky 5.5.10 2009.07.07 2009-07-07 0.03 - KingSoft 2009.2.5.15 2009.7.7.14 2009-07-07 6.32 - McAfee 5.3.00 5668 2009-07-06 2.94 - Microsoft 1.4803 2009.07.07 2009-07-07 5.53 - mks_vir 2.01 2009.07.06 2009-07-06 3.54 - Norman 6.01.09 6.01.00 2009-07-06 4.01 - Panda 9.05.01 2009.07.06 2009-07-06 3.01 - Trend Micro 8.700-1004 6.254.01 2009-07-06 0.05 - Quick Heal 10.00 2009.07.07 2009-07-07 1.17 - Rising 20.0 21.37.11.00 2009-07-07 0.28 - Sophos 2.88.0 4.43 2009-07-07 2.73 - Sunbelt 5231 5231 2009-07-06 5.32 - Symantec 1.3.0.24 20090706.016 2009-07-06 0.20 - nProtect 20090706.03 4653306 2009-07-06 7.97 - The Hacker 6.3.4.3 v00364 2009-07-06 0.91 - VBA32 3.12.10.7 20090706.1452 2009-07-06 2.05 - VirusBuster 4.5.11.10 10.107.38/1763041 2009-07-06 2.14 - here is the new OTL log : OTL logfile created on: 07/07/2009 10:07:13 - Run 2 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\fabi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1022.37 Mb Total Physical Memory \| 597.00 Mb Available Physical Memory \| 58.39% Memory free 2.40 Gb Paging File \| 2.10 Gb Available in Paging File \| 87.51% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 87.01 Gb Total Space \| 27.31 Gb Free Space \| 31.39% Space Free \| Partition Type: NTFS Drive D: \| 5.56 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF1.02 Drive E: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 414.48 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive G: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive H: \| 216.14 Mb Total Space \| 126.40 Mb Free Space \| 58.48% Space Free \| Partition Type: FAT I: Drive not present or media not loaded Drive J: \| 713.41 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive K: \| 121.16 Mb Total Space \| 119.38 Mb Free Space \| 98.53% Space Free \| Partition Type: FAT Computer Name: DC59QB2J Current User Name: fabi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation) PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe () PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom) PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\PSIService.exe () PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\Documents and Settings\fabi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\VideoLAN\VLC\vlc.exe () ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Ati HotKey Poller [Auto \| Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CSIScanner [Auto \| Stopped]) -- File not found SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (EvtEng [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (gusvc [Disabled \| Stopped]) -- File not found SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (License Management Service ESD [On_Demand \| Stopped]) -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe () SRV - (mcmscsvc [Auto \| Stopped]) -- File not found SRV - (McNASvc [Auto \| Stopped]) -- File not found SRV - (McODS [On_Demand \| Stopped]) -- File not found SRV - (McProxy [Auto \| Stopped]) -- File not found SRV - (McrdSvc [Auto \| Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) SRV - (McShield [Unknown \| Stopped]) -- File not found SRV - (McSysmon [On_Demand \| Stopped]) -- File not found SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (MpfService [On_Demand \| Stopped]) -- File not found SRV - (MSCSPTISRV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (MSK80Service [Auto \| Stopped]) -- File not found SRV - (NWCWorkstation [Auto \| Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation) SRV - (PACSPTISVR [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (ProtexisLicensing [Auto \| Running]) -- C:\WINDOWS\System32\PSIService.exe () SRV - (RegSrvc [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (rpcapd [On_Demand \| Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (S24EventMonitor [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (SonicStage Back-End Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation) SRV - (SPTISRV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (SSScsiSV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (TabletServicePen [Auto \| Running]) -- C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (WLANKEEPER [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation) SRV - (WMPNetworkSvc [Auto \| Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (61883 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation) DRV - (acedrv11 [Auto \| Running]) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (ADILOADER [Auto \| Stopped]) -- C:\WINDOWS\System32\Drivers\adildr.sys (Analog Deivces) DRV - (adiusbaw [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys (Analog Devices Inc.) DRV - (AegisP [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications) DRV - (AliIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (atksgt [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys () DRV - (Avc [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation) DRV - (bcm4sbxp [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (Cinemsup [System \| Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions) DRV - (CmdIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (drvmcdb [Boot \| Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto \| Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (HDAudBus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HSF_DPV [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (lirsgt [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys () DRV - (mcdbus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV - (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (mferkdk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mraid35x [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (MSDV [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation) DRV - (nm [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation) DRV - (NPF [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies) DRV - (nv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nvport [System \| Running]) -- C:\WINDOWS\System32\Drivers\nvport.sys (NVIDIA Corporation.) DRV - (NwlnkIpx [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation) DRV - (NWRDR [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation) DRV - (omci [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Inc) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (pxscan [Boot \| Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx) DRV - (pxsec [Boot \| Running]) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx) DRV - (ql1080 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (rimmptsk [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC) DRV - (rimsptsk [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC) DRV - (rismxdp [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys (REDC) DRV - (s24trans [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System \| Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System \| Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions) DRV - (STHDA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (symc810 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (tfsnboio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (ultra [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (w39n51 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation) DRV - (wacommousefilter [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wacomvhid.sys (Wacom Technology) DRV - (WacomVKHid [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\WacomVKHid.sys (Wacom Technology) DRV - (winachsf [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (726 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe () O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [DellSupport] File not found O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 04:43:04 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/04/30 03:57:32 \| 00,054,544 \| R--- \| M] (Electronic Arts) - D:\Autorun.exe -- [ UDF1.02 ] O32 - AutoRun File - [2008/10/22 00:48:37 \| 00,000,045 \| R--- \| M] () - D:\Autorun.inf -- [ UDF1.02 ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:08 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:44:48 \| 00,000,156 \| R--- \| M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:01 \| 00,000,158 \| R--- \| M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:08 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:44:48 \| 00,000,156 \| R--- \| M] () - G:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:58:07 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:57:48 \| 00,000,166 \| R--- \| M] () - J:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009/04/13 19:18:26 \| 00,000,195 \| RHS- \| M] () - K:\autorun.inf -- [ FAT ] O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3a14e331-7ab9-11dd-94d1-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{3a14e331-7ab9-11dd-94d1-4d6564696130}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/30 03:57:32 \| 00,054,544 \| R--- \| M] (Electronic Arts) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/07/07 09:52:26 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/07/07 09:49:23 \| 10,721,03424 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/06 20:56:57 \| 00,286,208 \| ---- \| C] () -- C:\Documents and Settings\fabi\Desktop\gmer.exe [2009/07/06 20:55:54 \| 00,278,221 \| ---- \| C] () -- C:\Documents and Settings\fabi\Desktop\gmer.zip [2009/07/06 20:51:24 \| 00,513,536 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\OTL.exe [2009/07/06 18:59:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Avg8 [2009/07/05 22:30:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Application Data\Uniblue [2009/07/04 12:11:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData [2009/07/04 12:11:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009/07/04 12:11:09 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\My Documents\Electronic Arts [2009/07/04 12:09:52 \| 00,000,784 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk [2009/07/04 12:08:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft WSE [2009/07/04 12:07:54 \| 00,001,723 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk [2009/07/04 11:49:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Electronic Arts [2009/07/04 09:07:48 \| 00,008,212 \| ---- \| C] () -- C:\WINDOWS\mfebcdata [2009/07/02 17:11:16 \| 00,006,203 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/07/02 17:04:41 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor(2) [2009/07/02 17:01:00 \| 00,000,338 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/07/02 17:00:59 \| 00,000,330 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/07/02 17:00:43 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee(2) [2009/07/02 17:00:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee(2).com [2009/07/02 17:00:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/07/02 16:54:50 \| 00,034,248 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/07/02 16:47:33 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/07/02 16:32:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/07/02 16:31:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Local Settings\Application Data\Citrix [2009/07/01 15:15:15 \| 00,000,000 \| -H-D \| C] -- C:\Program Files\Uninstall Information [2009/07/01 13:45:16 \| 00,001,825 \| ---- \| C] () -- C:\Documents and Settings\fabi\Desktop\McAfee Virtual Technician.lnk [2009/07/01 13:37:51 \| 00,000,284 \| ---- \| C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/07/01 13:37:47 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/07/01 13:17:42 \| 00,054,156 \| -H-- \| C] () -- C:\WINDOWS\QTFont.qfn [2009/07/01 13:17:42 \| 00,001,409 \| ---- \| C] () -- C:\WINDOWS\QTFont.for [2009/06/30 23:17:37 \| 00,000,005 \| ---- \| C] () -- C:\WINDOWS\System32\_id.dat [2009/06/19 13:33:06 \| 00,019,164 \| ---- \| C] () -- C:\Documents and Settings\fabi\My Documents\modeller_briefing_090610.pdf [2009/06/18 12:48:29 \| 00,025,088 \| ---- \| C] () -- C:\Documents and Settings\fabi\My Documents\Hi Dad.doc [2009/06/17 18:52:16 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Desktop\New Folder [2009/06/17 18:51:19 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2009/06/17 18:51:18 \| 00,159,232 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2009/05/21 11:19:39 \| 00,043,520 \| ---- \| C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008/12/17 11:57:46 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\Fast800.ini [2008/12/17 11:57:38 \| 00,000,342 \| ---- \| C] () -- C:\WINDOWS\adiras.ini [2008/12/17 11:57:38 \| 00,000,154 \| ---- \| C] () -- C:\WINDOWS\adidsl.ini [2008/12/17 11:57:35 \| 00,106,496 \| ---- \| C] () -- C:\WINDOWS\System32\coclassfast.dll [2008/12/17 11:57:34 \| 00,046,892 \| ---- \| C] () -- C:\WINDOWS\System32\adadix16.dll [2008/12/11 18:33:14 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\NDCurses.INI [2008/11/27 15:41:20 \| 00,000,069 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2008/11/21 13:12:36 \| 00,116,224 \| ---- \| C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008/07/20 12:44:24 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PROTOCOL.INI [2008/06/10 21:11:57 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PhantomOfVenice.INI [2008/05/28 21:54:48 \| 00,278,984 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008/05/28 21:54:48 \| 00,025,416 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008/05/08 18:46:14 \| 00,000,361 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2008/04/16 08:42:57 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2007/12/01 17:48:12 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\musicmv.INI [2007/12/01 13:59:59 \| 00,237,568 \| ---- \| C] () -- C:\WINDOWS\System32\lame_enc.dll [2007/12/01 13:59:50 \| 00,000,001 \| ---- \| C] () -- C:\WINDOWS\gaminon.dll [2007/12/01 12:42:28 \| 00,532,480 \| ---- \| C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2007/11/25 14:29:18 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\game.INI [2007/10/15 08:28:46 \| 00,001,301 \| ---- \| C] () -- C:\WINDOWS\script95.ini [2007/10/04 14:39:42 \| 00,000,168 \| RHS- \| C] () -- C:\WINDOWS\System32\973D450A65.sys [2007/09/07 22:50:47 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2007/09/05 21:56:12 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\650A453D97.sys [2007/09/05 21:56:05 \| 00,007,518 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/07/25 14:24:30 \| 01,559,040 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/01/25 18:31:36 \| 00,053,299 \| ---- \| C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/01/10 07:44:26 \| 01,457,024 \| R--- \| C] () -- C:\WINDOWS\System32\SSCProt.dll [2006/06/27 22:40:02 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006/06/27 22:31:04 \| 00,000,185 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2006/06/27 21:59:17 \| 00,016,480 \| ---- \| C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/06/27 21:58:01 \| 00,000,473 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/02/26 15:08:28 \| 00,585,728 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2005/08/16 04:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 04:18:43 \| 00,000,661 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 04:18:41 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 14:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/12/20 22:25:17 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2003/12/19 02:00:00 \| 00,013,387 \| ---- \| C] () -- C:\WINDOWS\System32\CinemSup.sys [2002/09/10 16:10:05 \| 00,495,616 \| ---- \| C] () -- C:\WINDOWS\System32\xvid.dll ========== Files - Modified Within 30 Days ========== [2009/07/07 10:03:45 \| 00,000,436 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/07/07 10:03:42 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/07/07 10:03:39 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/07/07 10:03:36 \| 10,721,03424 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/06 20:52:22 \| 00,278,221 \| ---- \| M] () -- C:\Documents and Settings\fabi\Desktop\gmer.zip [2009/07/06 20:49:48 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\OTL.exe [2009/07/06 18:37:49 \| 00,000,661 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/07/06 18:37:49 \| 00,000,246 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/07/06 18:37:49 \| 00,000,210 \| -HS- \| M] () -- C:\boot.ini [2009/07/04 12:09:52 \| 00,000,784 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk [2009/07/04 12:07:55 \| 00,001,723 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk [2009/07/04 11:39:57 \| 00,054,156 \| -H-- \| M] () -- C:\WINDOWS\QTFont.qfn [2009/07/04 11:36:19 \| 00,027,656 \| ---- \| M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys [2009/07/04 11:36:19 \| 00,022,024 \| ---- \| M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2009/07/04 11:36:06 \| 00,000,185 \| ---- \| M] () -- C:\WINDOWS\wininit.ini [2009/07/04 10:52:28 \| 00,000,394 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\Shortcut to Shared Documents.lnk [2009/07/04 09:10:08 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/07/04 09:07:48 \| 00,008,212 \| ---- \| M] () -- C:\WINDOWS\mfebcdata [2009/07/04 09:07:47 \| 00,006,203 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/07/02 17:01:01 \| 00,000,338 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/07/02 17:00:59 \| 00,000,330 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\WindowsShell.Manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2009/07/01 14:31:57 \| 00,002,409 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2009/07/01 13:45:16 \| 00,001,825 \| ---- \| M] () -- C:\Documents and Settings\fabi\Desktop\McAfee Virtual Technician.lnk [2009/07/01 13:37:51 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/07/01 13:17:50 \| 00,001,409 \| ---- \| M] () -- C:\WINDOWS\QTFont.for [2009/06/30 23:17:43 \| 00,000,005 \| ---- \| M] () -- C:\WINDOWS\System32\_id.dat [2009/06/30 21:11:38 \| 00,000,069 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/06/30 16:40:26 \| 00,155,136 \| ---- \| M] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/20 09:37:38 \| 00,000,361 \| ---- \| M] () -- C:\WINDOWS\cdplayer.ini [2009/06/19 13:33:06 \| 00,019,164 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\modeller_briefing_090610.pdf [2009/06/18 12:57:52 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\Hi Dad.doc < End of report >

CatByte View Member Profile	Jul 7 2009, 05:12 AM Post #13
Classroom Administrator Group: Classroom Admin Posts: 12,670 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi Please do the following: Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) :Reg [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul] :Commands [purity] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the results log NEXT Please run GMER once again, using these instructions. Double click GMER.exe. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then proceed as indicated below to set it up for a more complete scan. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop, and copy/paste it into your reply. Caution Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Also, Please advise how your computer is running now and if there are any outstanding issues

sdabbs View Member Profile	Jul 7 2009, 08:02 AM Post #14
Authentic Member Group: Authentic Member Posts: 96 Joined: 6-July 09 Member No.: 86,576 Operating System: windows xp	Cheers, My computer seems to be running fine at the moment, no slow down or system crash's. Just the same problems : windows search and windows system restore load but have a blank screen (no error message). Flash player doesn't seem to work - no streaming videos. Internet buttons do not work. Searching google images does not work - the search works but no images appear (but other internet images do) Blank screen when I try to go onto my e-mail (hotmail). When I noticed programs on my computer started to play up I installed AVG - Is it possible that AVG removed the virus after it caused a bit of damage? I will let you know if I notice anything else. The results for the OST were : (find results to GMER scan below also) All processes killed ========== OTL ========== No active process named explorer.exe was found! ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ovfsthyabaygocbpjcvvkiijdrpqjwpynpqrul\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: fabi ->Temp folder emptied: 61237 bytes ->Temporary Internet Files folder emptied: 275666 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 496 bytes ->Temporary Internet Files folder emptied: 0 bytes User: sean User: sean.DC59QB2J ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 49632 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0.37 mb OTL by OldTimer - Version 3.0.6.5 log created on 07072009_122103 Files\Folders moved on Reboot... Registry entries deleted on Reboot... And this is a new OTL log: OTL logfile created on: 07/07/2009 12:29:17 - Run 3 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\fabi\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1022.37 Mb Total Physical Memory \| 638.67 Mb Available Physical Memory \| 62.47% Memory free 2.40 Gb Paging File \| 2.14 Gb Available in Paging File \| 89.16% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 87.01 Gb Total Space \| 27.31 Gb Free Space \| 31.39% Space Free \| Partition Type: NTFS Drive D: \| 5.56 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive E: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF Drive F: \| 414.48 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive G: \| 1.03 Gb Total Space \| 0.00 Gb Free Space \| 0.00% Space Free \| Partition Type: UDF1.02 Drive H: \| 216.14 Mb Total Space \| 126.31 Mb Free Space \| 58.44% Space Free \| Partition Type: FAT I: Drive not present or media not loaded Drive J: \| 713.41 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive K: \| 121.16 Mb Total Space \| 119.38 Mb Free Space \| 98.53% Space Free \| Partition Type: FAT Computer Name: DC59QB2J Current User Name: fabi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation) PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe () PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom) PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) PRC - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\PSIService.exe () PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\Documents and Settings\fabi\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Ati HotKey Poller [Auto \| Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CSIScanner [Auto \| Stopped]) -- File not found SRV - (ehRecvr [Auto \| Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto \| Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (EvtEng [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (gusvc [Disabled \| Stopped]) -- File not found SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (License Management Service ESD [On_Demand \| Stopped]) -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe () SRV - (mcmscsvc [Auto \| Stopped]) -- File not found SRV - (McNASvc [Auto \| Stopped]) -- File not found SRV - (McODS [On_Demand \| Stopped]) -- File not found SRV - (McProxy [Auto \| Stopped]) -- File not found SRV - (McrdSvc [Auto \| Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation) SRV - (McShield [Unknown \| Stopped]) -- File not found SRV - (McSysmon [On_Demand \| Stopped]) -- File not found SRV - (MHN [On_Demand \| Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (MpfService [On_Demand \| Stopped]) -- File not found SRV - (MSCSPTISRV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (MSK80Service [Auto \| Stopped]) -- File not found SRV - (NWCWorkstation [Auto \| Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation) SRV - (PACSPTISVR [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (ProtexisLicensing [Auto \| Running]) -- C:\WINDOWS\System32\PSIService.exe () SRV - (RegSrvc [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (rpcapd [On_Demand \| Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (S24EventMonitor [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (SonicStage Back-End Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation) SRV - (SPTISRV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (SSScsiSV [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (TabletServicePen [Auto \| Running]) -- C:\WINDOWS\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (WLANKEEPER [Auto \| Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation) SRV - (WMPNetworkSvc [Auto \| Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (61883 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\61883.sys (Microsoft Corporation) DRV - (acedrv11 [Auto \| Running]) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (ADILOADER [Auto \| Stopped]) -- C:\WINDOWS\System32\Drivers\adildr.sys (Analog Deivces) DRV - (adiusbaw [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys (Analog Devices Inc.) DRV - (AegisP [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications) DRV - (AliIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (atksgt [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys () DRV - (Avc [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\avc.sys (Microsoft Corporation) DRV - (bcm4sbxp [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation) DRV - (Cinemsup [System \| Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions) DRV - (CmdIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (drvmcdb [Boot \| Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto \| Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (HDAudBus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HSF_DPV [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (lirsgt [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys () DRV - (mcdbus [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV - (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (mferkdk [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mraid35x [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (MSDV [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\msdv.sys (Microsoft Corporation) DRV - (nm [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation) DRV - (NPF [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies) DRV - (nv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (nvport [System \| Running]) -- C:\WINDOWS\System32\Drivers\nvport.sys (NVIDIA Corporation.) DRV - (NwlnkIpx [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation) DRV - (NWRDR [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation) DRV - (omci [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Inc) DRV - (pfc [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (pxscan [Boot \| Running]) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx) DRV - (pxsec [Boot \| Running]) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx) DRV - (ql1080 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (rimmptsk [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC) DRV - (rimsptsk [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC) DRV - (rismxdp [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys (REDC) DRV - (s24trans [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sscdbhk5 [System \| Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System \| Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions) DRV - (STHDA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (symc810 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (tfsnboio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsncofs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsndrct [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions) DRV - (tfsnifs [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsnopio [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsnudf [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnudfa [Auto \| Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (ultra [Disabled \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (w39n51 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation) DRV - (wacommousefilter [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\wacomvhid.sys (Wacom Technology) DRV - (WacomVKHid [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\WacomVKHid.sys (Wacom Technology) DRV - (winachsf [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&...&channel=uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (726 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe () O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [DellSupport] File not found O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Escape%20Rosecliff%20Island/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 04:43:04 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/04/30 03:57:32 \| 00,054,544 \| R--- \| M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008/10/22 00:48:37 \| 00,000,045 \| R--- \| M] () - D:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:45:08 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ] O32 - AutoRun File - [2008/07/26 15:44:48 \| 00,000,156 \| R--- \| M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:19 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2008/05/27 23:29:01 \| 00,000,158 \| R--- \| M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF1.02 ] O32 - AutoRun File - [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ UDF1.02 ] O32 - AutoRun File - [2008/07/26 15:45:08 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ UDF1.02 ] O32 - AutoRun File - [2008/07/26 15:44:48 \| 00,000,156 \| R--- \| M] () - G:\autorun.inf -- [ UDF1.02 ] O32 - AutoRun File - [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:58:07 \| 00,662,592 \| R--- \| M] (Electronic Arts Inc.) - J:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2008/10/24 00:57:48 \| 00,000,166 \| R--- \| M] () - J:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009/04/13 19:18:26 \| 00,000,195 \| RHS- \| M] () - K:\autorun.inf -- [ FAT ] O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3a14e331-7ab9-11dd-94d1-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{3a14e331-7ab9-11dd-94d1-4d6564696130}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/30 03:57:32 \| 00,054,544 \| R--- \| M] (Electronic Arts) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008/05/27 23:29:19 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008/07/26 15:45:07 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2008/10/24 00:58:06 \| 00,703,552 \| R--- \| M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/07/07 09:52:26 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/07/07 09:49:23 \| 10,721,03424 \| -HS- \| C] () -- C:\hiberfil.sys [2009/07/06 20:56:57 \| 00,286,208 \| ---- \| C] () -- C:\Documents and Settings\fabi\Desktop\gmer.exe [2009/07/06 20:55:54 \| 00,278,221 \| ---- \| C] () -- C:\Documents and Settings\fabi\Desktop\gmer.zip [2009/07/06 20:51:24 \| 00,513,536 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\OTL.exe [2009/07/06 18:59:17 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Avg8 [2009/07/05 22:30:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Application Data\Uniblue [2009/07/04 12:11:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData [2009/07/04 12:11:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009/07/04 12:11:09 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\My Documents\Electronic Arts [2009/07/04 12:09:52 \| 00,000,784 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk [2009/07/04 12:08:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft WSE [2009/07/04 12:07:54 \| 00,001,723 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk [2009/07/04 11:49:07 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Electronic Arts [2009/07/04 09:07:48 \| 00,008,212 \| ---- \| C] () -- C:\WINDOWS\mfebcdata [2009/07/02 17:11:16 \| 00,006,203 \| ---- \| C] () -- C:\WINDOWS\System32\Config.MPF [2009/07/02 17:04:41 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor(2) [2009/07/02 17:01:00 \| 00,000,338 \| ---- \| C] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/07/02 17:00:59 \| 00,000,330 \| ---- \| C] () -- C:\WINDOWS\tasks\McQcTask.job [2009/07/02 17:00:43 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\McAfee(2) [2009/07/02 17:00:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee(2).com [2009/07/02 17:00:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\McAfee [2009/07/02 16:54:50 \| 00,034,248 \| ---- \| C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys [2009/07/02 16:47:33 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2009/07/02 16:32:57 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/07/02 16:31:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Local Settings\Application Data\Citrix [2009/07/01 15:15:15 \| 00,000,000 \| -H-D \| C] -- C:\Program Files\Uninstall Information [2009/07/01 13:45:16 \| 00,001,825 \| ---- \| C] () -- C:\Documents and Settings\fabi\Desktop\McAfee Virtual Technician.lnk [2009/07/01 13:37:51 \| 00,000,284 \| ---- \| C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/07/01 13:37:47 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/07/01 13:17:42 \| 00,054,156 \| -H-- \| C] () -- C:\WINDOWS\QTFont.qfn [2009/07/01 13:17:42 \| 00,001,409 \| ---- \| C] () -- C:\WINDOWS\QTFont.for [2009/06/30 23:17:37 \| 00,000,005 \| ---- \| C] () -- C:\WINDOWS\System32\_id.dat [2009/06/19 13:33:06 \| 00,019,164 \| ---- \| C] () -- C:\Documents and Settings\fabi\My Documents\modeller_briefing_090610.pdf [2009/06/18 12:48:29 \| 00,025,088 \| ---- \| C] () -- C:\Documents and Settings\fabi\My Documents\Hi Dad.doc [2009/06/17 18:52:16 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\fabi\Desktop\New Folder [2009/06/17 18:51:19 \| 00,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2009/06/17 18:51:18 \| 00,159,232 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2009/05/21 11:19:39 \| 00,043,520 \| ---- \| C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008/12/17 11:57:46 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\Fast800.ini [2008/12/17 11:57:38 \| 00,000,342 \| ---- \| C] () -- C:\WINDOWS\adiras.ini [2008/12/17 11:57:38 \| 00,000,154 \| ---- \| C] () -- C:\WINDOWS\adidsl.ini [2008/12/17 11:57:35 \| 00,106,496 \| ---- \| C] () -- C:\WINDOWS\System32\coclassfast.dll [2008/12/17 11:57:34 \| 00,046,892 \| ---- \| C] () -- C:\WINDOWS\System32\adadix16.dll [2008/12/11 18:33:14 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\NDCurses.INI [2008/11/27 15:41:20 \| 00,000,069 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2008/11/21 13:12:36 \| 00,116,224 \| ---- \| C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008/07/20 12:44:24 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PROTOCOL.INI [2008/06/10 21:11:57 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\PhantomOfVenice.INI [2008/05/28 21:54:48 \| 00,278,984 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008/05/28 21:54:48 \| 00,025,416 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008/05/08 18:46:14 \| 00,000,361 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2008/04/16 08:42:57 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2007/12/01 17:48:12 \| 00,000,020 \| ---- \| C] () -- C:\WINDOWS\musicmv.INI [2007/12/01 13:59:59 \| 00,237,568 \| ---- \| C] () -- C:\WINDOWS\System32\lame_enc.dll [2007/12/01 13:59:50 \| 00,000,001 \| ---- \| C] () -- C:\WINDOWS\gaminon.dll [2007/12/01 12:42:28 \| 00,532,480 \| ---- \| C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2007/11/25 14:29:18 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\game.INI [2007/10/15 08:28:46 \| 00,001,301 \| ---- \| C] () -- C:\WINDOWS\script95.ini [2007/10/04 14:39:42 \| 00,000,168 \| RHS- \| C] () -- C:\WINDOWS\System32\973D450A65.sys [2007/09/07 22:50:47 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2007/09/05 21:56:12 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\650A453D97.sys [2007/09/05 21:56:05 \| 00,007,518 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/07/25 14:24:30 \| 01,559,040 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/01/25 18:31:36 \| 00,053,299 \| ---- \| C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/01/10 07:44:26 \| 01,457,024 \| R--- \| C] () -- C:\WINDOWS\System32\SSCProt.dll [2006/06/27 22:40:02 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006/06/27 22:31:04 \| 00,000,185 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2006/06/27 21:59:17 \| 00,016,480 \| ---- \| C] () -- C:\WINDOWS\System32\rixdicon.dll [2006/06/27 21:58:01 \| 00,000,473 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/02/26 15:08:28 \| 00,585,728 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2005/08/16 04:37:24 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 04:18:43 \| 00,000,661 \| ---- \| C] () -- C:\WINDOWS\win.ini [2005/08/16 04:18:41 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\system.ini [2005/08/05 14:01:54 \| 00,235,008 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/12/20 22:25:17 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2003/12/19 02:00:00 \| 00,013,387 \| ---- \| C] () -- C:\WINDOWS\System32\CinemSup.sys [2002/09/10 16:10:05 \| 00,495,616 \| ---- \| C] () -- C:\WINDOWS\System32\xvid.dll ========== Files - Modified Within 30 Days ========== [2009/07/07 12:24:04 \| 00,000,436 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/07/07 12:24:02 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/07/07 12:23:59 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/07/07 12:23:55 \| 10,721,03424 \| -HS- \| M] () -- C:\hiberfil.sys [2009/07/06 20:52:22 \| 00,278,221 \| ---- \| M] () -- C:\Documents and Settings\fabi\Desktop\gmer.zip [2009/07/06 20:49:48 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\OTL.exe [2009/07/06 18:37:49 \| 00,000,661 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009/07/06 18:37:49 \| 00,000,246 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/07/06 18:37:49 \| 00,000,210 \| -HS- \| M] () -- C:\boot.ini [2009/07/04 12:09:52 \| 00,000,784 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk [2009/07/04 12:07:55 \| 00,001,723 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk [2009/07/04 11:39:57 \| 00,054,156 \| -H-- \| M] () -- C:\WINDOWS\QTFont.qfn [2009/07/04 11:36:19 \| 00,027,656 \| ---- \| M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys [2009/07/04 11:36:19 \| 00,022,024 \| ---- \| M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2009/07/04 11:36:06 \| 00,000,185 \| ---- \| M] () -- C:\WINDOWS\wininit.ini [2009/07/04 10:52:28 \| 00,000,394 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\Shortcut to Shared Documents.lnk [2009/07/04 09:10:08 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/07/04 09:07:48 \| 00,008,212 \| ---- \| M] () -- C:\WINDOWS\mfebcdata [2009/07/04 09:07:47 \| 00,006,203 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/07/02 17:01:01 \| 00,000,338 \| ---- \| M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/07/02 17:00:59 \| 00,000,330 \| ---- \| M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\WindowsShell.Manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2009/07/01 15:33:36 \| 00,000,749 \| RH-- \| M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2009/07/01 14:31:57 \| 00,002,409 \| ---- \| M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2009/07/01 13:45:16 \| 00,001,825 \| ---- \| M] () -- C:\Documents and Settings\fabi\Desktop\McAfee Virtual Technician.lnk [2009/07/01 13:37:51 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/07/01 13:17:50 \| 00,001,409 \| ---- \| M] () -- C:\WINDOWS\QTFont.for [2009/06/30 23:17:43 \| 00,000,005 \| ---- \| M] () -- C:\WINDOWS\System32\_id.dat [2009/06/30 21:11:38 \| 00,000,069 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2009/06/30 16:40:26 \| 00,155,136 \| ---- \| M] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/20 09:37:38 \| 00,000,361 \| ---- \| M] () -- C:\WINDOWS\cdplayer.ini [2009/06/19 13:33:06 \| 00,019,164 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\modeller_briefing_090610.pdf [2009/06/18 12:57:52 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\fabi\My Documents\Hi Dad.doc < End of report > Results of GMER scan: GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-07 14:56:52 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xF77C5680] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\.CorelProject@ CorelPhotoAlbumProject Reg HKLM\SOFTWARE\Classes\.xxx@ Panorama Reg HKLM\SOFTWARE\Classes\.ZTL@ ZTL_auto_file Reg HKLM\SOFTWARE\Classes\Collection@ Collection Reg HKLM\SOFTWARE\Classes\Collection\shell Reg HKLM\SOFTWARE\Classes\Collection\shell\open Reg HKLM\SOFTWARE\Classes\Collection\shell\open\command Reg HKLM\SOFTWARE\Classes\Collection\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\Collection\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\Collection\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject@ Photo Album 6 Project Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell\open Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell\open\command Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumProject\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum@ Photo Album 6 Upload Album Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\command Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\CorelPhotoAlbumUploadAlbum\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\FavoritePhotos@ FavoritePhotos Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\command Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\FavoritePhotos\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\Keyword@ Keyword Reg HKLM\SOFTWARE\Classes\Keyword\shell Reg HKLM\SOFTWARE\Classes\Keyword\shell\open Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\command Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\Keyword\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\Panorama@ Panorama Reg HKLM\SOFTWARE\Classes\Panorama\shell Reg HKLM\SOFTWARE\Classes\Panorama\shell\open Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\command Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\Panorama\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\PhotoTray@ PhotoTray Reg HKLM\SOFTWARE\Classes\PhotoTray\shell Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\command Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\PhotoTray\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6@ WAV Audio Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1 Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1" Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex\ContextMenuHandlers\RealPlayerHandler Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} Reg HKLM\SOFTWARE\Classes\SearchResult@ SearchResult Reg HKLM\SOFTWARE\Classes\SearchResult\shell Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\command Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\command@ C:\PROGRA~1\Corel\CORELP~1\PHOTOA~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\SearchResult\shell\open\ddeexec@ [open("%1")] Reg HKLM\SOFTWARE\Classes\ZTL_auto_file@ Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\ZTL_auto_file\shell\open\command@ "C:\Program Files\Pixologic\ZBrush3\ZBrush3.exe" "%1" Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDF62E1F-B0C7-DF00-30CD-A309A58DF012} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDF62E1F-B0C7-DF00-30CD-A309A58DF012}@iakpchifdnlienklca 0x6A 0x61 0x6F 0x6E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDF62E1F-B0C7-DF00-30CD-A309A58DF012}@haebmcdbiekbbhia 0x6A 0x61 0x6F 0x6E ... ---- EOF - GMER 1.0.15 ----

CatByte View Member Profile	Jul 7 2009, 08:13 AM Post #15
Classroom Administrator Group: Classroom Admin Posts: 12,670 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: xp sp3	Hi, Please do the following: Go Start > Run and copy/paste the following single-line command into the Run box and click OK: QUOTE cmd /c del /f/a/s "C:\Documents and Settings\fabi\Application Data\pidle" NEXT go to start, then run. Type the following commands into the run box one after the other: first type> regsvr32 jscript.dll > hit enter now type> regsvr32 vbscript.dll > hit enter advise if anything has changed

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 2nd September 2010 - 10:20 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy