WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Clock keeps reseting to 12 April 2016!

Started by sdabbs , Nov 06 2009 04:05 AM

This topic is locked

141 replies to this topic

#106 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:17 AM

ok, I found OTL by going through task manager, do I scan or clean up?

Advertisements

Register to Remove

#107 Raktor

Teacher Emeritus

Authentic Member
3,114 posts

Posted 16 November 2009 - 04:18 AM

Please boot up into Safe Mode with Networking (tap F8 on boot, you know the drill).

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Then download and run OTL (scan).

Edited by Raktor, 16 November 2009 - 04:18 AM.

Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#108 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:32 AM

I just tried to boot up in safe mode with networking but I got the blue screen, so I restarted in normal mode but now I am getting security alerts telling me that my credit card information is being sent to a remote host. Shall I try to run those programs in normal mode?

#109 Raktor

Teacher Emeritus

Authentic Member
3,114 posts

Posted 16 November 2009 - 04:33 AM

Yes, please do.

It sounds like you know how to launch the programs through task manager, good luck.

Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#110 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:36 AM

exehelper is being closed and creates an empty exehelperlog.txt and each time I try to run OTL it keeps on closing (as if something else is closing it) Shall I try to boot in mini windows and try again, then boot up in normal mode to send you the log files?

#111 Raktor

Teacher Emeritus

Authentic Member
3,114 posts

Posted 16 November 2009 - 04:37 AM

Rename exehelper.com to explorer.exe

Edited by Raktor, 16 November 2009 - 04:38 AM.

Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#112 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:41 AM

Each time I try to open the txt file (or any txt file) it closes straight away

#113 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:41 AM

it also does the same to word

#114 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:42 AM

apart from the internet, every program I try to run closes straight away

#115 Raktor

Teacher Emeritus

Authentic Member
3,114 posts

Posted 16 November 2009 - 04:43 AM

If you rename OTL.exe to explorer.exe can you get it to open?

Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

Advertisements

Register to Remove

#116 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:46 AM

#117 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 04:47 AM

I keep getting a pop up from the task bar telling me that every program I try is infected with worm lasas.blaster.keylogger

#118 Raktor

Teacher Emeritus

Authentic Member
3,114 posts

Posted 16 November 2009 - 04:51 AM

Ok then.

Please boot into the Mini XP environment, and get me a log from dds-bootcd.exe.

Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation.

Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#119 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 05:27 AM

Hi,

The system crashed so I booted up in a safe mode (though not safe mode or safe mode with networking)

Here are the log files

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 05/09/2007 18:15:18
System Uptime: 16/11/2009 10:57:17 (1 hours ago)

Motherboard: Dell Inc. | | 0YD479
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 87 GiB total, 31.467 GiB free.
D: is CDROM (CDFS)
E: is CDROM (UDF)
G: is CDROM ()
H: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_NWCWORKSTATION_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_NWCWORKSTATION_XX
Service: NWCWorkstation

==== System Restore Points ===================

RP1: 15/11/2009 19:23:43 - System Checkpoint

==== Installed Programs ======================

µTorrent
517142 - ZBrush (Windows) (Shared Components)
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Amazon MP3 Downloader 1.0.8
ArtRage 2
ATI Display Driver
Audacity 1.2.6
AusLogics Disk Defrag
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Big Fish Games Client
Bytescout SWF To Video Scout
Candy Land - Dora the Explorer Edition
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CardRecovery 5.20
CLUE Classic
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Support 5.0.0 (630)
Dell System Restore
Digital Line Detect
DivX Content Uploader
DivX Web Player
Dora Backpack
Dora the Explorer - Lost City
Dream Day First Home
Dream Day Wedding
Dream Day Wedding - Viva Las Vegas
Dream Day Wedding - Viva Las Vegas 1.00
DVD Flick
EA Download Manager
EASEUS Data Recovery Wizard Professional 4.3.6
G6 U-DISK Manager Uninstall
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel® PROSet/Wireless Software
Java™ 6 Update 14
Logitech QuickCam
Logitech QuickCam Driver Package
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.5 (build 0268)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Martine à la ferme
mCore
MCU
mDrWiFi
Media Center Extender
MeshLab 1.2.2
mHlpDell
Micro Application - Martine à la montagne
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
mWlsSafe
mWMI
mXML
Mystery Chronicles: Murder Among Friends
mZConfig
Nancy Drew: Warnings at Waverly Academy
Nero 7 Essentials
neroxml
NetWaiting
NVIDIA PureVideo Decoder
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDF Manual NW-E010 Series
PDFCreator
PDFCreator Toolbar
Pen Tablet
Poser Pro
PowerDVD 5.7
ProtectDisc Driver, Version 11
Python 2.6.2
Quick Screen Capture 3.0
QuickTime
Rapport
RealPlayer
RegCure 1.6.0.0
SAGEM F@st 800-840
Search Assist
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype™ 4.1
Sonic Audio Module
Sonic CinePlayer
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic Update Manager
SonicStage 4.3
SpywareBlaster 4.2
Synaptics Pointing Device Driver
The Sims™ 3
TomTom HOME 2.5.2.60
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
UploadScaler 1.1
VAIO music transfer 1.2
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Wanadoo Europe Installer
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
Womens Murder Club a Darker Shade of Grey 1.00
Xvid 1.1.3 final uninstall
XviD MPEG-4 Codec
Yahoo! Toolbar
ZBrush3

==== Event Viewer Messages From Past Week ========

16/11/2009 10:59:34, error: Service Control Manager [7023] - The Remote Access Auto Connection Manager service terminated with the following error: %%2147483720
16/11/2009 10:26:20, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
16/11/2009 10:25:18, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
16/11/2009 09:58:41, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 85a1abf0, parameter3 85a1ad64, parameter4 805d297e.
16/11/2009 09:58:01, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Incorrect function.
16/11/2009 09:57:47, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The operation completed successfully.
16/11/2009 09:57:47, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.
16/11/2009 09:34:36, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
16/11/2009 08:53:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the -- service to connect.
16/11/2009 08:53:49, error: Service Control Manager [7000] - The -- service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

DDS (Ver_09-09-29.01) - NTFSx86 DSREPAIR
Run by fabi at 11:01:33.46 on 16/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.608 [GMT 0:00]

AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\fabi\LOCALS~1\Temp\b.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\msc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\control.exe
C:\Documents and Settings\fabi\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tiscali.co.uk/broadband
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AdobeBridge]
uRun: [rundll32.exe]
uRun: [WAB] c:\documents and settings\fabi\application data\macromedia\common\81d6602c19.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MailBlocker] c:\docume~1\fabi\locals~1\temp\b.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [WinsysMon] c:\program files\common files\openfile.exe
mRun: [Otenowaqifih] rundll32.exe "c:\windows\uhihekevasuqeru.dll",Startup
mRun: [lsdefrag] c:\docume~1\fabi\locals~1\temp\tglm.exe
mRun: [70686633] c:\docume~1\alluse~1\applic~1\70686633\70686633.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\fabi\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: nofolderoptions = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Extract Flash Video with Bytescout... - c:\program files\bytescout swf to video scout\flashextract_ie.html
IE: {11C91DA0-5258-4B2F-96C6-6A531C0E0DD7} - c:\program files\bytescout swf to video scout\flashextract_ie.html
IE: {BBE87EC9-5D71-483A-99E0-DEE4DF3E466C} - c:\program files\bytescout swf to video scout\flashextract_ie.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dream%20Day%20Wedding%20-%20Viva%20Las%20Vegas/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli diepunkv.dll

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-4-22 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-4-22 27656]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-9-14 58856]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-9-14 333928]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2005-8-16 14336]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-9-14 967912]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-4-12 1373480]
S2 CSIScanner;CSIScanner; [x]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\PEV.cfxxe [2009-11-16 260608]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]

=============== Created Last 30 ================

2009-11-16 10:58 246,784 a------- c:\windows\msc.exe
2009-11-16 10:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\70686633
2009-11-16 09:59 246,784 a------- c:\windows\msb.exe
2009-11-16 09:36 <DIR> --ds---- C:\ComboFix
2009-11-16 08:52 250,368 a------- c:\windows\msa.exe
2009-11-15 00:37 50,176 a------- c:\windows\system32\proquota.exe
2009-11-15 00:37 50,176 a------- c:\windows\system32\dllcache\proquota.exe
2009-11-14 23:48 <DIR> a-dshr-- C:\cmdcons
2009-11-14 23:22 118 a------- c:\windows\system32\MRT.INI
2009-11-13 20:52 389,120 a------- c:\windows\system32\cmd.execf
2009-11-13 18:44 96,512 a------- c:\windows\system32\drivers\atapi.sys.vir
2009-11-07 14:10 56,320 a------- c:\windows\system32\OLDC.tmp
2009-11-07 14:05 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 14:05 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-11-07 14:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 14:03 77,312 a------- c:\windows\MBR.exe
2009-11-07 14:03 260,608 a------- c:\windows\PEV.exe
2009-11-07 14:03 161,792 a------- c:\windows\SWREG.exe
2009-11-07 14:03 98,816 a------- c:\windows\sed.exe
2009-11-07 13:34 36 a------- c:\windows\rasqervy.dll
2009-11-07 13:33 7 a------- c:\windows\sdfinacs.dll
2009-11-07 00:05 5 a------- c:\windows\sdfixwcs.dll
2009-11-06 22:03 0 a----r-- c:\windows\Mtabimeqaguvimup.bin
2009-11-06 22:03 120 a------- c:\windows\Rsupiqefameteqar.dat
2009-11-06 21:58 0 a----r-- c:\windows\win32k.sys
2009-11-06 21:57 32,768 a------- C:\didx.exe
2009-11-06 21:57 91,648 a------- C:\dnpevj.exe
2009-11-06 21:57 21,504 ---sh--- c:\docume~1\fabi\applic~1\sysint.exe
2009-11-06 21:57 98,304 ---sh--- c:\docume~1\fabi\applic~1\excom.exe
2009-11-06 09:03 99,486 ---sh--- c:\docume~1\fabi\applic~1\vnsys.exe
2009-11-06 09:03 101,396 ---sh--- c:\docume~1\fabi\applic~1\updateset.exe
2009-11-06 09:03 126,119 ---sh--- c:\docume~1\fabi\applic~1\sysdrive.exe
2009-11-06 09:03 165,796 ---sh--- c:\docume~1\fabi\applic~1\opdriver.exe
2009-11-06 09:03 105,019 ---sh--- c:\docume~1\fabi\applic~1\gload.exe
2009-11-05 17:16 <DIR> --d----- c:\program files\Big City Adventure - New York City
2009-11-04 12:37 54,156 a---h--- c:\windows\QTFont.qfn
2009-11-04 12:37 1,409 a------- c:\windows\QTFont.for
2009-10-27 01:31 143,360 ---sh--- c:\program files\common files\openfile.exe
2009-10-19 12:54 <DIR> --d----- C:\multiAVCHD

==================== Find3M ====================

2009-10-21 04:08 3,598,336 -------- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 14:02 19,944 a------- c:\program files\common files\fufuwubuha._dl
2009-10-01 14:02 19,428 a------- c:\program files\common files\iluqic.ban
2009-10-01 14:02 17,957 a------- c:\windows\system32\bysebiz.pif
2009-10-01 14:02 17,513 a------- c:\program files\common files\ybecawy.db
2009-10-01 14:02 17,247 a------- c:\docume~1\alluse~1\applic~1\mizasy.bin
2009-10-01 14:02 14,939 a------- c:\windows\system32\yzyn.scr
2009-10-01 14:02 14,503 a------- c:\program files\common files\utylimykow.dat
2009-10-01 14:02 13,432 a------- c:\windows\oposydy.bin
2009-10-01 14:02 11,590 a------- c:\windows\system32\ynof.dat
2009-10-01 14:02 10,462 a------- c:\windows\system32\limuhemor.exe
2009-10-01 08:32 18,693 a------- c:\docume~1\alluse~1\applic~1\esam.pif
2009-10-01 08:32 19,336 a------- c:\program files\common files\emiquxut.ban
2009-10-01 08:32 14,618 a------- c:\program files\common files\etena.dl
2009-10-01 08:32 11,921 a------- c:\docume~1\fabi\applic~1\qijufofoci.bin
2009-10-01 08:32 10,625 a------- c:\windows\wozem.dat
2009-10-01 08:32 19,496 a------- c:\program files\common files\ovamovi.bin
2009-10-01 08:32 18,044 a------- c:\windows\ovap.bin
2009-10-01 08:32 13,549 a------- c:\windows\tifupacov.bin
2009-09-30 19:47 37,824 ac------ c:\docume~1\fabi\applic~1\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-01 16:01 278,528 a------- c:\windows\SYCLicense_090901.dll
2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-07-15 21:23 134 a---h--- c:\docume~1\fabi\applic~1\lakerda1967.sys
2009-03-21 14:06 129,024 ---sh--- c:\docume~1\fabi\applic~1\rnfiles.exe
2009-03-21 14:06 105,019 ---sh--- c:\docume~1\fabi\applic~1\loader.exe
2009-03-21 14:06 99,840 ---sh--- c:\docume~1\fabi\applic~1\driverload.exe
2008-03-02 21:55 0 ac------ c:\program files\temp01

============= FINISH: 11:01:49.18 ===============
OTL logfile created on: 16/11/2009 11:02:32 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\fabi\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.37 Mb Total Physical Memory | 607.96 Mb Available Physical Memory | 59.47% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.01 Gb Total Space | 31.47 Gb Free Space | 36.16% Space Free | Partition Type: NTFS
Drive D: | 186.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 518.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 216.14 Mb Total Space | 199.82 Mb Free Space | 92.45% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: DC59QB2J
Current User Name: fabi
Logged in as Administrator.

Cannot determine boot mode.
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2016/04/12 00:00:14 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\fabi\Local Settings\temp\b.exe
PRC - [2009/11/16 10:13:11 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
PRC - [2009/11/16 09:59:10 | 00,246,784 | ---- | M] () -- C:\WINDOWS\msc.exe
PRC - [2009/09/14 19:38:34 | 01,422,568 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2009/09/14 19:38:32 | 00,967,912 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/07/07 15:21:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 10:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/02/06 10:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/16 20:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/07 18:16:50 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2007/09/07 18:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2007/09/07 18:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/10/20 18:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe
PRC - [2005/10/20 18:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe
PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2004/08/10 04:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\control.exe

========== Modules (SafeList) ==========

MOD - [2009/11/16 10:13:11 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
MOD - [2009/09/14 19:38:40 | 00,341,224 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/14 19:38:36 | 00,632,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll
MOD - [2008/12/16 20:59:28 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:12:08 | 00,176,640 | ---- | M] () -- C:\WINDOWS\uhihekevasuqeru.dll
MOD - [2008/04/14 00:12:05 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll
MOD - [2008/04/14 00:11:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 00:11:48 | 01,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (PEVSystemStart)
SRV - File not found -- -- (CSIScanner)
SRV - [2009/09/14 19:38:32 | 00,967,912 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/07/07 15:21:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/16 20:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/03/27 12:08:26 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe -- (License Management Service ESD)
SRV - [2007/09/07 18:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/09/06 07:18:52 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/02/05 10:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/25 17:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/20 18:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe -- (McrdSvc)
SRV - [2005/10/20 18:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe -- (RMSvc)
SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2004/08/10 04:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipxsap.dll -- (NwSapAgent)

========== Driver Services (SafeList) ==========

DRV - [2009/09/14 19:38:40 | 00,333,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2009/09/14 19:38:40 | 00,058,856 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/07/04 10:36:19 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2009/07/04 10:36:19 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2008/12/17 06:02:08 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 06:01:44 | 06,364,440 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/12/17 06:01:22 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 06:00:14 | 00,768,024 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/17 05:53:46 | 02,686,104 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/12/16 20:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/28 16:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/28 20:54:48 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/05/28 20:54:48 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 18:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 18:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 18:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 18:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 17:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/23 08:19:44 | 00,501,560 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/02/16 19:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 18:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/16 00:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007/01/25 17:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/06/27 21:26:17 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2006/03/24 15:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 10:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/15 22:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/28 12:22:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 08:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 23:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/11/30 23:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/11/30 23:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/04 20:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/05 08:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 15:58:14 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 14:28:38 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 16:00:30 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/06/30 12:23:34 | 00,004,608 | ---- | M] (NVIDIA Corporation.) -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2005/06/13 16:27:56 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/10 04:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 04:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/03/02 08:26:58 | 00,050,007 | ---- | M] (Analog Deivces) -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER)
DRV - [2004/03/02 08:24:16 | 00,127,065 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2004/02/13 08:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/19 01:00:00 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...&...&channel=uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...&...&channel=uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/07 15:21:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 13:52:56 | 00,000,000 | ---D | M]

[2009/04/16 15:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fabi\Application Data\Mozilla\Extensions
[2008/12/26 13:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\fabi\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: (759 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [70686633] C:\Documents and Settings\All Users\Application Data\70686633\70686633.exe ()
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [lsdefrag] C:\Documents and Settings\fabi\Local Settings\temp\tglm.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Otenowaqifih] C:\WINDOWS\uhihekevasuqeru.DLL ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinsysMon] C:\Program Files\Common Files\openfile.exe ( )
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [MailBlocker] C:\Documents and Settings\fabi\Local Settings\temp\b.exe ()
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [rundll32.exe] File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WAB] C:\Documents and Settings\fabi\Application Data\Macromedia\Common\81d6602c19.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\fabi\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nofolderoptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Extract Flash Video with Bytescout... - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html ()
O9 - Extra 'Tools' menuitem : Extract Flash Video with Bytescout... - {11C91DA0-5258-4B2F-96C6-6A531C0E0DD7} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Extract Flash Video with Bytescout... - {BBE87EC9-5D71-483A-99E0-DEE4DF3E466C} - C:\Program Files\Bytescout SWF To Video Scout\flashextract_ie.html ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Dream%20Day%20Wedding%20-%20Viva%20Las%20Vegas/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/29 20:59:46 | 00,000,199 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/09/10 00:18:33 | 00,052,896 | R--- | M] (Her Interactive, Inc.) - E:\autorun2.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/10 00:05:38 | 00,000,046 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/16 11:01:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\fabi\Desktop\dds
[2009/11/16 10:13:11 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
[2009/11/16 10:01:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\70686633
[2009/11/16 09:36:33 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/15 00:37:10 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/11/15 00:37:10 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/11/14 23:48:36 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/13 20:52:19 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/11/07 14:05:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 14:05:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 14:05:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/07 14:03:31 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/07 14:03:27 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/07 14:03:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/07 14:03:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/07 14:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/07 13:58:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/05 17:16:50 | 00,000,000 | ---D | C] -- C:\Program Files\Big City Adventure - New York City
[2009/10/27 01:31:36 | 00,143,360 | -HS- | C] ( ) -- C:\Program Files\Common Files\openfile.exe
[2009/10/19 12:54:24 | 00,000,000 | ---D | C] -- C:\multiAVCHD
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/04/12 00:00:00 | 00,099,486 | -HS- | M] () -- C:\Documents and Settings\fabi\Application Data\vnsys.exe
[2009/11/16 10:59:09 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/11/16 10:58:42 | 00,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/11/16 10:58:29 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/11/16 10:58:23 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/11/16 10:58:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 10:57:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 10:57:34 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/16 10:53:30 | 11,010,048 | ---- | M] () -- C:\Documents and Settings\fabi\ntuser.dat
[2009/11/16 10:53:30 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\fabi\ntuser.ini
[2009/11/16 10:25:54 | 00,000,870 | ---- | M] () -- C:\Documents and Settings\fabi\Desktop\Security Tool.lnk
[2009/11/16 10:20:24 | 00,288,256 | ---- | M] () -- C:\Documents and Settings\fabi\Desktop\explorer.exe.com
[2009/11/16 10:13:11 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fabi\Desktop\explorer.exe.exe
[2009/11/16 09:59:10 | 00,246,784 | ---- | M] () -- C:\WINDOWS\msc.exe
[2009/11/16 09:59:10 | 00,246,784 | ---- | M] () -- C:\WINDOWS\msb.exe
[2009/11/16 08:53:52 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Rsupiqefameteqar.dat
[2009/11/16 08:52:50 | 00,250,368 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/11/15 22:30:11 | 01,579,328 | -H-- | M] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\IconCache.db
[2009/11/15 22:26:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/15 19:54:15 | 00,190,976 | ---- | M] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/15 19:19:03 | 03,560,550 | R--- | M] () -- C:\Documents and Settings\fabi\Desktop\ComboFix.exe
[2009/11/15 16:06:07 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\fabi\Desktop\dds.com
[2009/11/15 11:23:12 | 00,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/11/15 00:46:58 | 02,226,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/15 00:46:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/14 23:57:43 | 00,000,005 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2009/11/14 23:48:54 | 00,000,308 | RHS- | M] () -- C:\boot.ini
[2009/11/14 23:47:50 | 00,000,007 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
[2009/11/14 23:22:17 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 20:52:19 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009/11/13 20:27:59 | 00,000,437 | ---- | M] () -- C:\Documents and Settings\fabi\My Documents\Shortcut to Shared Documents.lnk
[2009/11/11 12:06:01 | 00,000,244 | ---- | M] () -- C:\Boot.bak
[2009/11/07 14:05:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 13:34:09 | 00,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
[2009/11/07 12:36:56 | 00,000,000 | R--- | M] () -- C:\WINDOWS\win32k.sys
[2009/11/07 00:04:51 | 00,000,000 | R--- | M] () -- C:\WINDOWS\Mtabimeqaguvimup.bin
[2009/11/06 21:57:48 | 00,032,768 | ---- | M] () -- C:\didx.exe
[2009/11/06 21:57:46 | 00,091,648 | ---- | M] () -- C:\dnpevj.exe
[2009/11/06 21:57:15 | 00,021,504 | -HS- | M] () -- C:\Documents and Settings\fabi\Application Data\sysint.exe
[2009/11/06 21:57:02 | 00,098,304 | -HS- | M] () -- C:\Documents and Settings\fabi\Application Data\excom.exe
[2009/11/06 20:46:06 | 00,472,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/06 20:46:05 | 00,085,898 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/06 20:46:04 | 00,568,618 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/06 09:03:16 | 00,101,396 | -HS- | M] () -- C:\Documents and Settings\fabi\Application Data\updateset.exe
[2009/11/06 09:03:14 | 00,126,119 | -HS- | M] () -- C:\Documents and Settings\fabi\Application Data\sysdrive.exe
[2009/11/06 09:03:12 | 00,165,796 | -HS- | M] () -- C:\Documents and Settings\fabi\Application Data\opdriver.exe
[2009/11/06 09:03:07 | 00,105,019 | -HS- | M] () -- C:\Documents and Settings\fabi\Application Data\gload.exe
[2009/11/05 17:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 12:58:37 | 00,004,482 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/11/04 12:37:54 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/04 12:37:54 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/03 17:01:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 12:36:19 | 00,133,875 | ---- | M] () -- C:\Documents and Settings\fabi\My Documents\StockIllustrationsContractSept09[1].pdf
[2009/10/31 20:02:38 | 00,871,936 | ---- | M] () -- C:\Documents and Settings\fabi\My Documents\Nancy Drew 21.doc
[2009/10/27 01:29:52 | 00,143,360 | -HS- | M] ( ) -- C:\Program Files\Common Files\openfile.exe
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/21 04:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/21 04:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/19 09:32:28 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/16 10:58:26 | 00,246,784 | ---- | C] () -- C:\WINDOWS\msc.exe
[2009/11/16 10:20:20 | 00,288,256 | ---- | C] () -- C:\Documents and Settings\fabi\Desktop\explorer.exe.com
[2009/11/16 10:09:50 | 00,000,870 | ---- | C] () -- C:\Documents and Settings\fabi\Desktop\Security Tool.lnk
[2009/11/16 09:59:18 | 00,246,784 | ---- | C] () -- C:\WINDOWS\msb.exe
[2009/11/16 08:52:58 | 00,250,368 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/11/15 16:06:03 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\fabi\Desktop\dds.com
[2009/11/15 13:53:26 | 03,560,550 | R--- | C] () -- C:\Documents and Settings\fabi\Desktop\ComboFix.exe
[2009/11/14 23:48:53 | 00,000,244 | ---- | C] () -- C:\Boot.bak
[2009/11/14 23:48:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/14 23:22:17 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/13 18:44:25 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys.vir
[2009/11/07 14:05:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/07 14:03:31 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/07 14:03:27 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/07 14:03:26 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/07 14:03:26 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/07 14:03:26 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/07 13:34:09 | 00,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009/11/07 13:33:49 | 00,000,007 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009/11/07 00:05:24 | 00,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/11/06 22:03:38 | 00,000,000 | R--- | C] () -- C:\WINDOWS\Mtabimeqaguvimup.bin
[2009/11/06 22:03:35 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Rsupiqefameteqar.dat
[2009/11/06 21:58:57 | 00,000,000 | R--- | C] () -- C:\WINDOWS\win32k.sys
[2009/11/06 21:57:47 | 00,032,768 | ---- | C] () -- C:\didx.exe
[2009/11/06 21:57:33 | 00,091,648 | ---- | C] () -- C:\dnpevj.exe
[2009/11/06 21:57:21 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/11/06 21:57:14 | 00,021,504 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\sysint.exe
[2009/11/06 21:57:05 | 00,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/11/06 21:57:02 | 00,098,304 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\excom.exe
[2009/11/06 09:03:18 | 00,099,486 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\vnsys.exe
[2009/11/06 09:03:16 | 00,101,396 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\updateset.exe
[2009/11/06 09:03:14 | 00,126,119 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\sysdrive.exe
[2009/11/06 09:03:11 | 00,165,796 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\opdriver.exe
[2009/11/06 09:03:06 | 00,105,019 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\gload.exe
[2009/11/04 12:37:52 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/04 12:37:52 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/02 12:36:19 | 00,133,875 | ---- | C] () -- C:\Documents and Settings\fabi\My Documents\StockIllustrationsContractSept09[1].pdf
[2009/10/28 20:36:33 | 00,871,936 | ---- | C] () -- C:\Documents and Settings\fabi\My Documents\Nancy Drew 21.doc
[2009/10/14 17:35:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/10/01 14:02:24 | 00,019,944 | ---- | C] () -- C:\Program Files\Common Files\fufuwubuha._dl
[2009/10/01 14:02:24 | 00,019,428 | ---- | C] () -- C:\Program Files\Common Files\iluqic.ban
[2009/10/01 14:02:24 | 00,017,513 | ---- | C] () -- C:\Program Files\Common Files\ybecawy.db
[2009/10/01 14:02:24 | 00,017,247 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mizasy.bin
[2009/10/01 14:02:24 | 00,014,503 | ---- | C] () -- C:\Program Files\Common Files\utylimykow.dat
[2009/10/01 14:02:24 | 00,013,913 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\oxih.dat
[2009/10/01 14:02:24 | 00,011,980 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\figidakahi.bin
[2009/10/01 14:02:24 | 00,010,733 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\opozatixe.lib
[2009/10/01 08:32:43 | 00,018,693 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\esam.pif
[2009/10/01 08:32:42 | 00,019,336 | ---- | C] () -- C:\Program Files\Common Files\emiquxut.ban
[2009/10/01 08:32:42 | 00,014,618 | ---- | C] () -- C:\Program Files\Common Files\etena.dl
[2009/10/01 08:32:42 | 00,011,921 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\qijufofoci.bin
[2009/10/01 08:32:41 | 00,019,496 | ---- | C] () -- C:\Program Files\Common Files\ovamovi.bin
[2009/09/05 21:23:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/07/21 20:57:16 | 00,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/07/18 08:08:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/07/12 17:31:04 | 00,000,134 | -H-- | C] () -- C:\Documents and Settings\fabi\Application Data\lakerda1967.sys
[2009/07/12 17:30:37 | 00,010,584 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\docXConverter (3).ini
[2009/06/22 16:39:28 | 00,000,295 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/22 16:34:13 | 00,005,002 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amjmwaey.gaf
[2009/05/21 10:19:39 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/17 10:57:46 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2008/12/17 10:57:38 | 00,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/12/17 10:57:38 | 00,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/12/17 10:57:35 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2008/12/17 10:57:34 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2008/12/16 20:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/11 17:33:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDCurses.INI
[2008/11/27 14:41:20 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/21 12:12:36 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/07/20 11:44:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/06/20 17:11:39 | 01,579,328 | -H-- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\IconCache.db
[2008/06/10 20:11:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2008/05/28 20:54:48 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/05/28 20:54:48 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/05/08 17:46:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/16 07:42:57 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/02 21:55:17 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/12/01 16:48:12 | 00,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/12/01 12:59:59 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/12/01 12:59:50 | 00,000,001 | ---- | C] () -- C:\WINDOWS\gaminon.dll
[2007/12/01 11:42:28 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/11/25 13:29:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2007/11/05 11:32:01 | 00,004,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/15 07:28:46 | 00,001,301 | ---- | C] () -- C:\WINDOWS\script95.ini
[2007/10/04 13:39:42 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\973D450A65.sys
[2007/09/30 13:21:22 | 00,190,976 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/10 22:19:33 | 00,037,824 | ---- | C] () -- C:\Documents and Settings\fabi\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/07 21:50:47 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/05 20:56:29 | 00,037,824 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/09/05 20:56:12 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\650A453D97.sys
[2007/09/05 20:56:05 | 00,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/05 17:15:59 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\fabi\Local Settings\Application Data\fusioncache.dat
[2007/09/05 17:15:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\desktop.ini
[2007/07/25 13:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/25 17:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/01/10 06:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/27 21:40:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/27 21:31:04 | 00,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/27 20:59:17 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/27 20:58:01 | 00,000,473 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/26 14:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 03:18:43 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 03:18:42 | 00,176,640 | ---- | C] () -- C:\WINDOWS\uhihekevasuqeru.dll
[2005/08/16 03:18:41 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/16 03:18:21 | 00,129,024 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\rnfiles.exe
[2005/08/16 03:18:21 | 00,105,019 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\loader.exe
[2005/08/16 03:18:21 | 00,099,840 | -HS- | C] () -- C:\Documents and Settings\fabi\Application Data\driverload.exe
[2005/08/16 03:18:16 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/20 21:25:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/12/19 01:00:00 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2002/09/10 15:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88050731
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E5E0A4D
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2AAF611
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41A00CF0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60B38AF3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF09BC9E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB64EAA8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B8B2AF8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B5038B1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60516BC3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCCEABB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9E9471A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BB2EC84
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:331B76C7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D41AB8D0
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C9F690
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1BCFD4A
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
< End of report >

#120 sdabbs

Authentic Member

Authentic Member
97 posts

Posted 16 November 2009 - 05:27 AM

Body Background

skin color theme