Something weird in the registry [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Something weird in the registry [Solved], ...that might be spy/adware related

Options

tohtorizorro View Member Profile	Sep 1 2009, 06:46 AM Post #1
Member Posts: 11 OS: Windows XP pro 32 bit	Hi, My original problem is that Google SketchUp 7 installer returns with error: CODE Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID Verify that you have sufficient access to that key, or contact your support personnel ...and a user called Malakai instructed me that this key might be spy/adware related and that I should post the issue here also. Now, I have run the steps in the 'Malware and Spyware Cleaning Guide' except that I wasn't able to run the scan on RootkitRepeal. I triple-checked that I was doing everything as told in the guide but everytime after hitting 'Scan' the program didn't seem to do anything and froze when trying to shut it down and eventually froze whole windows. MBAM seemed to find something which it also seemed to gotten rid of. EDIT: I got Google SketchUp working by deleting the keys the installer was whining about and so far everything seems to be fine. BUT as I wasn't able to run RootRepeal and MBAM found something It would be nice to check the system thoroughly. Thanks in advance for all the effort to solve this. Here are the logs: Malwarebytes' Anti-Malware 1.40 Database version: 2724 Windows 5.1.2600 Service Pack 3 1.9.2009 13:34:37 mbam-log-2009-09-01 (13-34-37).txt Scan type: Quick Scan Objects scanned: 97433 Time elapsed: 2 minute(s), 58 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: C:\Documents and Settings\Studio\Local Settings\TempImages\sdd1035.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Studio\Local Settings\TempImages\sdd1035.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\jvxoggvr.dllOLD (Trojan.Vundo) -> Quarantined and deleted successfully. --------------------------------- OTL logfile created on: 1.9.2009 14:55:29 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Firefox Download Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040B \| Country: Finland \| Language: FIN \| Date Format: d.M.yyyy 2,00 Gb Total Physical Memory \| 2,00 Gb Available Physical Memory \| 100,00% Memory free 4,00 Gb Paging File \| 4,00 Gb Available in Paging File \| 100,00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 465,75 Gb Total Space \| 116,74 Gb Free Space \| 25,07% Space Free \| Partition Type: NTFS Drive D: \| 298,09 Gb Total Space \| 171,91 Gb Free Space \| 57,67% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: \| 931,51 Gb Total Space \| 446,71 Gb Free Space \| 47,96% Space Free \| Partition Type: NTFS Computer Name: M9062 Current User Name: Studio Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009.07.25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007.08.28 01:59:00 \| 00,155,716 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2008.04.14 03:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2005.05.11 02:46:02 \| 00,200,069 \| ---- \| M] (Team H2O) -- C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe PRC - [2008.03.20 15:35:04 \| 00,023,040 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE PRC - [2008.04.29 13:25:50 \| 00,671,863 \| ---- \| M] (E-MU Systems) -- C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe PRC - [2005.02.02 17:44:24 \| 00,061,440 \| ---- \| M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE PRC - [2009.02.03 09:32:14 \| 18,085,888 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009.07.25 05:23:12 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2008.04.01 12:39:48 \| 00,486,856 \| ---- \| M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2008.12.16 20:10:40 \| 00,342,848 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2009.03.05 16:07:20 \| 02,260,480 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.09.01 14:54:18 \| 00,514,048 \| ---- \| M] (OldTimer Tools) -- C:\Firefox Download\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008.04.14 03:11:48 \| 00,100,352 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto \| Running]) SRV - [2008.06.03 16:38:55 \| 00,072,704 \| ---- \| M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand \| Stopped]) SRV - [2008.07.25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008.07.25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008.07.29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008.04.14 03:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2005.04.04 01:41:10 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2008.07.29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2009.07.25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2002.12.17 17:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Steinberg\VstPlugins\Sony Shared Plug-ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand \| Stopped]) SRV - [2002.12.17 17:23:30 \| 00,066,112 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2008.07.29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2007.08.28 01:59:00 \| 00,155,716 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto \| Running]) SRV - [2008.11.11 10:38:06 \| 00,620,544 \| ---- \| M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand \| Stopped]) SRV - [2002.12.17 17:23:30 \| 00,311,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Steinberg\VstPlugins\Sony Shared Plug-ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand \| Stopped]) SRV - [2007.10.18 11:31:54 \| 00,098,328 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand \| Stopped]) SRV - [2007.10.25 15:27:54 \| 00,266,240 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand \| Stopped]) SRV - [2006.10.18 20:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand \| Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.fi/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.5 FF - prefs.js..extensions.enabledItems: fi@dictionaries.addons.mozilla.org:0.11.0 FF - prefs.js..extensions.enabledItems: {246B0AC1-31AB-4786-A4CC-A6AF89647D7F}:0.3.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2008.12.31 18:50:18 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.31 21:52:35 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008.12.14 23:25:38 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.31 21:23:40 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.08.31 21:23:40 \| 00,000,000 \| ---D \| M] [2008.08.27 19:01:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\mozilla\Extensions [2008.08.27 19:01:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.08.31 22:07:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\mozilla\Firefox\Profiles\jsks0j4s.default\extensions [2009.08.31 22:07:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\mozilla\Firefox\Profiles\jsks0j4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.07.16 23:26:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\mozilla\Firefox\Profiles\jsks0j4s.default\extensions\{246B0AC1-31AB-4786-A4CC-A6AF89647D7F} [2009.06.17 16:14:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\mozilla\Firefox\Profiles\jsks0j4s.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D} [2009.03.30 13:16:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\mozilla\Firefox\Profiles\jsks0j4s.default\extensions\fi@dictionaries.addons.mozilla.org [2009.06.30 11:14:16 \| 00,002,235 \| ---- \| M] () -- C:\Documents and Settings\Studio\Application Data\Mozilla\FireFox\Profiles\jsks0j4s.default\searchplugins\askcom.xml [2009.08.30 15:45:23 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009.08.21 09:16:42 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008.09.08 03:48:02 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2008.05.30 18:06:06 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [2008.07.14 11:25:25 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.12.14 23:25:49 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.16 03:01:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.15 11:08:58 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.07.31 02:39:43 \| 00,023,544 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009.07.31 02:39:43 \| 00,137,208 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007.04.10 17:21:08 \| 00,163,256 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2008.09.04 03:11:24 \| 00,054,600 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2009.07.25 05:23:01 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008.06.27 16:03:12 \| 01,446,440 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009.07.31 02:39:43 \| 00,065,016 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008.06.30 22:02:00 \| 00,663,072 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2008.10.14 22:33:30 \| 00,095,600 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008.10.03 16:30:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008.10.03 16:30:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008.10.03 16:30:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008.10.03 16:30:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008.10.03 16:30:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009.07.31 01:24:36 \| 00,001,538 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009.07.31 02:39:40 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009.07.31 01:24:36 \| 00,000,947 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009.07.31 02:39:40 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009.07.31 01:24:36 \| 00,000,769 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009.07.31 02:39:40 \| 00,002,371 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009.07.31 02:39:40 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009.07.31 01:24:36 \| 00,000,831 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (74 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [sdd1034] C:\DOCUME~1\Studio\LOCALS~1\TempImages\sdd1035.exe File not found O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\System32\MIDIDef.exe (Creative Technology Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\Studio\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O20 - AppInit_DLLs: (wkhhut.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.29 04:08:01 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.11.25 09:47:52 \| 00,000,000 \| ---D \| M] - K:\AUTORUN -- [ NTFS ] O32 - AutoRun File - [2004.01.22 16:47:32 \| 00,000,038 \| R--- \| M] () - K:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found NetSvcs: 6to4 - C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation) NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009.09.01 13:30:07 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Application Data\Malwarebytes [2009.09.01 13:30:05 \| 00,000,743 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009.09.01 13:30:03 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009.09.01 13:30:02 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009.09.01 13:30:01 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009.09.01 13:30:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009.09.01 13:20:39 \| 00,000,658 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\NTREGOPT.lnk [2009.09.01 13:20:39 \| 00,000,639 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\ERUNT.lnk [2009.09.01 13:20:39 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009.09.01 11:34:16 \| 00,000,779 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\MyVirtualHome.lnk [2009.09.01 11:34:11 \| 00,000,000 \| ---D \| C] -- C:\Program Files\MyVirtualHome [2009.09.01 11:34:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\My Documents\MyVirtualHome [2009.09.01 11:34:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Application Data\MyVirtualHome [2009.09.01 11:34:11 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome [2009.09.01 10:58:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Python26 [2009.09.01 10:54:09 \| 00,001,575 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\Blender.lnk [2009.09.01 10:54:00 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Application Data\Blender Foundation [2009.09.01 10:53:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Blender [2009.09.01 09:44:47 \| 00,000,356 \| ---- \| C] () -- C:\Documents and Settings\Studio\My Documents\error.rtf [2009.09.01 09:42:06 \| 00,012,759 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\Error.JPG [2009.08.31 23:15:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Application Data\EmuPatchMixDSP [2009.08.31 23:09:11 \| 00,746,386 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\ENNEN CC CLEANERIA B�KUP.reg [2009.08.31 23:01:11 \| 00,001,595 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\CCleaner.lnk [2009.08.31 23:01:11 \| 00,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2009.08.31 22:07:57 \| 00,000,980 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\Spybot - Search & Destroy.lnk [2009.08.31 22:03:32 \| 16,409,960 \| ---- \| C] (Safer Networking Limited ) -- C:\Documents and Settings\Studio\Desktop\setup-spybotsd162.exe [2009.08.31 21:23:42 \| 00,000,000 \| ---D \| C] -- C:\Program Files\videofixer [2009.08.31 21:23:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Local Settings\Application Data\Thinstall [2009.08.30 22:07:21 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Desktop\ResoDrumPC [2009.08.25 02:43:03 \| 00,002,263 \| ---- \| C] () -- C:\Documents and Settings\Studio\My Documents\New Database2.odb [2009.08.25 02:41:26 \| 00,002,179 \| ---- \| C] () -- C:\Documents and Settings\Studio\My Documents\New Database1.odb [2009.08.25 02:41:07 \| 00,001,565 \| ---- \| C] () -- C:\Documents and Settings\Studio\My Documents\New Database.odb [2009.08.24 22:13:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Desktop\Nikolai [2009.08.24 18:42:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Desktop\VirtualDub [2009.08.21 22:19:24 \| 00,723,787 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\Ei muistu ei2.2.cpr [2009.08.21 17:27:47 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Desktop\AviFixed [2009.08.21 17:27:22 \| 00,000,000 \| ---D \| C] -- C:\Firefox Download [2009.08.21 17:23:54 \| 00,000,010 \| -H-- \| C] () -- C:\xrjmns.tce [2009.08.21 09:16:45 \| 00,001,649 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009.08.21 05:40:34 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Application Data\Thinstall [2009.08.21 05:40:30 \| 01,452,832 \| ---- \| C] (Matsushita Electric Industrial Co., Ltd.) -- C:\Documents and Settings\Studio\Desktop\Portable SD Card Formating Software 2.0.exe [2009.08.20 01:28:03 \| 07,872,680 \| ---- \| C] (Mozilla) -- C:\Documents and Settings\Studio\Desktop\Firefox Setup 3.5.2.exe [2009.08.19 22:36:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Desktop\Jannen Posse Piisit [2009.08.19 14:25:37 \| 00,000,301 \| ---- \| C] () -- C:\Documents and Settings\Studio\Desktop\Sounds and Audio Devices.lnk [2009.08.18 20:20:58 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\My Documents\Adobe [2009.08.18 20:18:47 \| 00,034,308 \| ---- \| C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009.08.18 20:16:40 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Adobe Audition 3.0 [2009.08.18 20:14:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Studio\Desktop\Adobe Audition 3.0 ========== Files - Modified Within 14 Days ========== [2009.09.01 14:48:14 \| 00,000,087 \| ---- \| M] () -- C:\WINDOWS\System32\ssprs.tgz [2009.09.01 14:48:14 \| 00,000,073 \| ---- \| M] () -- C:\WINDOWS\System32\ssprs.dll [2009.09.01 14:46:11 \| 00,000,219 \| ---- \| M] () -- C:\WINDOWS\System32\lsprst7.tgz [2009.09.01 14:46:11 \| 00,000,205 \| ---- \| M] () -- C:\WINDOWS\System32\lsprst7.dll [2009.09.01 14:06:40 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009.09.01 14:05:31 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009.09.01 14:04:28 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009.09.01 13:35:34 \| 00,011,564 \| ---- \| M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-0000000A-00001102-00000004-40011102}.rfx [2009.09.01 13:35:34 \| 00,001,704 \| ---- \| M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-40011102}.rfx [2009.09.01 13:35:34 \| 00,001,704 \| ---- \| M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-40011102}.rfx [2009.09.01 13:35:34 \| 00,000,064 \| ---- \| M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-40011102}.rfx [2009.09.01 13:35:34 \| 00,000,064 \| ---- \| M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-0000000A-00001102-00000004-40011102}.rfx [2009.09.01 13:30:05 \| 00,000,743 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009.09.01 13:20:39 \| 00,000,658 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\NTREGOPT.lnk [2009.09.01 13:20:39 \| 00,000,639 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\ERUNT.lnk [2009.09.01 11:34:16 \| 00,000,779 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\MyVirtualHome.lnk [2009.09.01 10:54:09 \| 00,001,575 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\Blender.lnk [2009.09.01 09:44:47 \| 00,000,356 \| ---- \| M] () -- C:\Documents and Settings\Studio\My Documents\error.rtf [2009.09.01 09:42:21 \| 00,012,759 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\Error.JPG [2009.08.31 23:09:32 \| 00,746,386 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\ENNEN CC CLEANERIA B�KUP.reg [2009.08.31 23:01:11 \| 00,001,595 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\CCleaner.lnk [2009.08.31 22:07:57 \| 00,000,980 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\Spybot - Search & Destroy.lnk [2009.08.31 22:06:02 \| 16,409,960 \| ---- \| M] (Safer Networking Limited ) -- C:\Documents and Settings\Studio\Desktop\setup-spybotsd162.exe [2009.08.31 21:30:08 \| 00,181,760 \| ---- \| M] () -- C:\Documents and Settings\Studio\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.31 21:26:09 \| 02,338,088 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.08.26 16:09:15 \| 00,000,961 \| ---- \| M] () -- C:\WINDOWS\win.ini [2009.08.26 15:26:42 \| 00,000,004 \| ---- \| M] () -- C:\WINDOWS\Twain001.Mtx [2009.08.26 15:26:39 \| 00,000,156 \| ---- \| M] () -- C:\WINDOWS\Twunk001.MTX [2009.08.25 15:13:03 \| 01,895,698 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\Looop.mp3 [2009.08.25 02:46:35 \| 00,002,263 \| ---- \| M] () -- C:\Documents and Settings\Studio\My Documents\New Database2.odb [2009.08.25 02:42:22 \| 00,002,179 \| ---- \| M] () -- C:\Documents and Settings\Studio\My Documents\New Database1.odb [2009.08.25 02:41:08 \| 00,001,565 \| ---- \| M] () -- C:\Documents and Settings\Studio\My Documents\New Database.odb [2009.08.25 00:33:50 \| 00,000,480 \| ---- \| M] () -- C:\Documents and Settings\Studio\My Documents\spider.sav [2009.08.21 22:19:24 \| 00,723,787 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\Ei muistu ei2.2.cpr [2009.08.21 17:23:54 \| 00,000,010 \| -H-- \| M] () -- C:\xrjmns.tce [2009.08.21 17:09:39 \| 00,000,754 \| ---- \| M] () -- C:\WINDOWS\WORDPAD.INI [2009.08.21 09:16:45 \| 00,001,649 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009.08.20 23:38:36 \| 00,000,597 \| ---- \| M] () -- C:\Documents and Settings\Studio\Application Data\AutoGK.ini [2009.08.20 02:53:53 \| 00,446,794 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\jklj3 bassotestaus.cpr [2009.08.20 01:29:45 \| 07,872,680 \| ---- \| M] (Mozilla) -- C:\Documents and Settings\Studio\Desktop\Firefox Setup 3.5.2.exe [2009.08.19 22:52:26 \| 00,072,120 \| ---- \| M] () -- C:\Documents and Settings\Studio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009.08.19 14:25:37 \| 00,000,301 \| ---- \| M] () -- C:\Documents and Settings\Studio\Desktop\Sounds and Audio Devices.lnk [2009.08.18 20:19:20 \| 00,034,308 \| ---- \| M] () -- C:\WINDOWS\System32\BASSMOD.dll ========== LOP Check ========== [2009.09.01 13:30:02 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009.06.12 19:41:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios [2009.06.24 17:40:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Boss Media [2008.06.01 14:34:30 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2008.11.11 06:36:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2008.12.31 19:34:08 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Installations [2009.09.01 11:34:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome [2008.12.31 19:35:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2008.12.31 18:52:55 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008.07.10 10:29:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI [2008.06.04 23:25:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software [2009.06.14 19:03:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2008.06.10 21:11:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Smaart [2008.06.05 02:15:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Sony [2009.08.31 05:38:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Soulseek [2009.07.26 20:34:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008.07.22 23:42:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2009.09.01 13:30:07 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\Studio\Application Data [2009.01.07 16:18:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Ableton [2009.01.19 03:41:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Acreon [2008.06.20 13:24:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Ahead [2009.06.30 13:56:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\AlesisFirewire [2009.08.31 21:23:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\AVI ReComp [2008.06.26 10:52:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Bioshock [2009.08.31 21:24:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\BitTorrent [2009.09.01 10:54:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Blender Foundation [2008.07.12 17:38:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\BSplayer PRO [2009.03.23 21:24:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Canon [2009.06.16 21:10:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\CCS64 [2009.06.07 23:20:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Cycling '74 [2008.05.30 04:29:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\DAEMON Tools [2009.09.01 14:47:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\DNA [2009.09.01 09:46:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\EmuPatchMixDSP [2009.01.30 04:16:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\FileZilla [2009.08.04 01:28:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\LucasArts [2009.08.17 01:11:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\MeldaProduction MDrummer L [2009.09.01 11:34:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\MyVirtualHome [2008.05.30 21:14:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\NetMedia Providers [2008.12.31 18:54:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Nokia [2009.06.12 01:29:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\OpenOffice.org [2009.06.11 12:44:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\OpenOffice.org2 [2009.01.24 16:51:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Opera [2009.04.05 16:41:41 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\PC Suite [2008.06.04 23:31:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Propellerhead Software [2008.05.30 21:14:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Publish Providers [2008.10.08 17:54:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\REAPER [2009.04.20 08:05:33 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Renoise [2009.08.10 16:04:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\ScummVM [2008.06.21 21:26:52 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Studio\Application Data\SecuROM [2008.06.10 21:11:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Smaart [2008.06.05 02:18:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Sony [2008.05.30 02:40:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Steinberg [2009.08.21 05:40:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Thinstall [2009.04.16 01:06:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Tilted Mill [2009.02.23 22:08:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\U3 [2009.08.31 21:23:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\uTorrent [2008.05.30 04:45:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Waves Audio [2008.12.02 18:47:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\WinBatch [2008.09.11 03:32:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\Windows Search [2009.07.25 19:51:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Studio\Application Data\VirSyn Software Synthesizer [2001.08.23 15:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009.09.01 14:05:31 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > [2009.08.31 20:45:37 \| 34,228,856 \| ---- \| M] (Google) -- C:\GoogleSketchUpWEN.exe < %systemroot%\system32\eventlog.dll > [2008.04.14 03:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll < %systemroot%\system32\scecli.dll > [2008.04.14 03:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll < %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C6D843F @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81523426 < End of report > -------------------------------- OTL Extras logfile created on: 1.9.2009 14:55:29 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Firefox Download Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040B \| Country: Finland \| Language: FIN \| Date Format: d.M.yyyy 2,00 Gb Total Physical Memory \| 2,00 Gb Available Physical Memory \| 100,00% Memory free 4,00 Gb Paging File \| 4,00 Gb Available in Paging File \| 100,00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 465,75 Gb Total Space \| 116,74 Gb Free Space \| 25,07% Space Free \| Partition Type: NTFS Drive D: \| 298,09 Gb Total Space \| 171,91 Gb Free Space \| 57,67% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: \| 931,51 Gb Total Space \| 446,71 Gb Free Space \| 47,96% Space Free \| Partition Type: NTFS Computer Name: M9062 Current User Name: Studio Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect "139:TCP" = 139:TCP::Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP::Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP::Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP::Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "15000:TCP" = 15000:TCP::Enabled:bittorrent port 15000 TCP "15000:UDP" = 15000:UDP::Enabled:bittorrent port 15000 UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA -- File not found "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe::Enabled:PnkBstrB -- File not found "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe::Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "C:\Program Files\Mass Effect\Binaries\MassEffect.exe" = C:\Program Files\Mass Effect\Binaries\MassEffect.exe::Enabled:Mass Effect Game -- (BioWare) "C:\Program Files\Mass Effect\MassEffectLauncher.exe" = C:\Program Files\Mass Effect\MassEffectLauncher.exe::Enabled:Mass Effect Launcher -- (BioWare) "C:\Program Files\Microsoft Games\Halo 2\halo2.exe" = C:\Program Files\Microsoft Games\Halo 2\halo2.exe::Enabled:Halo 2 -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour -- File not found "C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe::Enabled:SoulSeek -- () "C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe::Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation) "C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe::Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe::Enabled:Nokia Software Updater -- (Nokia Corporation) "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe::Enabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe::Enabled:EA Download Manager -- File not found "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\Dead Space\Dead Space.exe" = C:\Program Files\Dead Space\Dead Space.exe::Disabled:Dead Space ™ -- File not found "C:\Program Files\Black & White\runblack.exe" = C:\Program Files\Black & White\runblack.exe::Disabled:lh -- File not found "C:\Documents and Settings\Studio\Desktop\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\Studio\Desktop\Left 4 Dead\left4dead.exe::Disabled:left4dead -- File not found "C:\Program Files\Far Cry 2\bin\FarCry2.exe" = C:\Program Files\Far Cry 2\bin\FarCry2.exe::Enabled:Far Cry 2 -- (Ubisoft Entertainment) "C:\Program Files\Far Cry 2\bin\FC2Launcher.exe" = C:\Program Files\Far Cry 2\bin\FC2Launcher.exe::Enabled:Far Cry 2 Updater -- (Ubisoft) "C:\Program Files\Far Cry 2\bin\FC2Editor.exe" = C:\Program Files\Far Cry 2\bin\FC2Editor.exe::Enabled:Editor -- (Ubisoft Entertainment) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe::Enabled:Sid Meier's Civilization 4 -- (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe::Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe::Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe::Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games) "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe::Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0 "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series "{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2 "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15 "{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}" = Sony ACID Pro 6.0 "{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars�: Knights of the Old Republic ™ "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7 "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B85CF65-FC3A-4C81-99DF-5C902D2A0180}" = PCR Editor "{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite "{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders "{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0 "{97370293-96EC-11D4-9DEF-00104B70C5FB}" = Giants "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}" = VOCALOID2 VSTi V2.0.2.0 "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard) "{B6B45398-B8E9-4BA2-ACD8-65D61C65B8AE}" = MyVirtualHome "{B7197A7E-AE3B-4575-90CA-6820EC7E7631}" = VOCALOID2 Voice DB (SweetANN) "{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.7 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome "{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution "{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver "{E08A64DC-D62E-4F25-8928-4F422D59F64D}" = CircuitMaker 2000 (Standard Edition) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition "{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.2.3 "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1) "6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9) "Adobe Audition 2.0" = Adobe Audition 2.0 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Alesis Firewire_is1" = Alesis Firewire 3.4.1.5782 "Alesis iO Hardware Direct Monitoring_is1" = Alesis iO Hardware Direct Monitoring 3.4.1.5782 "AutoGK" = Auto Gordian Knot 2.45 "AVI ReComp" = AVI ReComp 1.4.5 "Avisynth" = AviSynth 2.5 "Blender" = Blender (remove only) "BSPlayerp" = BS.Player PRO "CCleaner" = CCleaner (remove only) "Ceville_is1" = Ceville 1.0 "CodeStuff Starter" = CodeStuff Starter "DatePad" = DatePad "Deus Ex" = Deus Ex "Drumagog 4 Platinum4.10" = Drumagog 4 "Dubmaster Liquid Delay_is1" = G-Sonique Dubmaster Liquid Delay VST 1.0 "Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03 "E-MU Audio Drivers Hotfix" = E-MU Audio Drivers "EMU PatchMix DSP" = E-muPatchMix DSP "ERUNT_is1" = ERUNT 1.1j "Festo Fluidsim_is1" = Festo FluidSim 3.6 "ffdshow_is1" = ffdshow [rev 1977] [2008-05-28] "FileZilla Client" = FileZilla Client 3.2.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Kain 2" = Legacy of Kain: Soul Reaver "Korg Legacy Collection v1.0.0.2" = Korg Legacy Collection v1.0.0.2 "Legacy of Kain: Defiance" = Legacy of Kain: Defiance 1.0 "Live 7.0.3" = Live 7.0.3 "Loud Technologies EAW Smaart_is1" = Loud Technologies EAW Smaart v6.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MaxMSP 4.5.7" = MaxMSP 4.5.7 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Native Instruments Absynth 4" = Native Instruments Absynth 4 "Native Instruments B4 II" = Native Instruments B4 II "Native Instruments Battery 3" = Native Instruments Battery 3 "Native Instruments Battery VSTi DXi RTAS v2.1.5 Incl Keygen" = Native Instruments Battery VSTi DXi RTAS v2.1.5 Incl Keygen "Native Instruments FM8" = Native Instruments FM8 "Native Instruments Pro-53 v3.02" = Native Instruments Pro-53 v3.02 "Native Instruments Vokator v1.0" = Native Instruments Vokator v1.0 "nLite_is1" = nLite 1.4.9.1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "Novation V-Station for Cubase SX3 VSTi v1.41" = Novation V-Station for Cubase SX3 VSTi v1.41 "NVIDIA Drivers" = NVIDIA Drivers "Ogg Codecs" = Ogg Codecs 0.81.15562 "OpenAL" = OpenAL "PAF Diamond Poker" = PAF Diamond Poker "PAFPoker" = PAF POKER (remove only) "Pianoteq22" = Pianoteq v2.2.0 "Pluggo 3.5.4" = Pluggo 3.5.4 "QuicktimeAlt_is1" = QuickTime Alternative 2.7.0 "REAPER" = REAPER "Reason4_is1" = Reason 4.0 "Redshiftaudio Drumular VSTi_is1" = Redshiftaudio Drumular VSTi v1.1.0.1 "reFX quadraSID 1.6.0_is1" = reFX quadraSID 1.6.0 "Renoise 1.9.1_is1" = Renoise 1.9.1 "Soulseek2" = SoulSeek 157 NS 13c "Steinberg Cubase SX v3.0.2.623" = Steinberg Cubase SX v3.0.2.623 "SubtitleWorkshop" = Subtitle Workshop 2.51 "Sylenth1_is1" = Sylenth1 v1.01.3 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosoft's License Control "Waves Mercury Bundle" = Waves Mercury Bundle "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "VobSub" = VobSub 2.23 "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Xvid_is1" = Xvid 1.2.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31.8.2009 13:24:01 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.MonthView\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. Error - 31.8.2009 13:28:30 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 1008 Description = The installation of C:\DOCUME~1\Studio\LOCALS~1\Temp\7zS1.tmp\GoogleSketchUp7.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 31.8.2009 13:29:29 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 1008 Description = The installation of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\GoogleSketchUp7.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 31.8.2009 13:50:07 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. Error - 31.8.2009 14:20:20 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. Error - 31.8.2009 14:37:16 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. Error - 31.8.2009 14:40:57 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. Error - 31.8.2009 16:12:58 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. Error - 1.9.2009 2:42:28 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. Error - 1.9.2009 6:45:15 \| Computer Name = M9062 \| Source = MsiInstaller \| ID = 11402 Description = Product: Google SketchUp 7 -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\MSComCtl2.DTPicker\CLSID. System error 5. Verify that you have sufficient access to that key, or contact your support personnel. [ System Events ] Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. Error - 1.9.2009 6:47:34 \| Computer Name = M9062 \| Source = nvgts \| ID = 262149 Description = A parity error was detected on \Device\Scsi\nvgts2. < End of report > This post has been edited by tohtorizorro*: Sep 3 2009, 02:44 AM

emeraldnzl View Member Profile	Sep 11 2009, 09:03 PM Post #2
Trusted Helper Posts: 8,065 OS: XP Pro	Hello tohtorizorro, Please download Win32kDiag.exe to your Desktop. Double-click to run it. A log should appear when it is finished. Copy and paste back here.

tohtorizorro View Member Profile	Sep 12 2009, 04:12 AM Post #3
Member Posts: 11 OS: Windows XP pro 32 bit	Thanks for helping me, Emeraldnzl. Win32diag didn't get too far: Log file is located at: C:\Documents and Settings\Studio\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished What's next? - Mikko

emeraldnzl View Member Profile	Sep 12 2009, 02:37 PM Post #4
Trusted Helper Posts: 8,065 OS: XP Pro	Hello tohtorizorro, Well that removes one possibility. Download Combofix from either of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 -------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for review.

tohtorizorro View Member Profile	Sep 12 2009, 03:36 PM Post #5
Member Posts: 11 OS: Windows XP pro 32 bit	Combofix seemed to run without problems. Didn't have recovery console installed so I allowed Combofix download and install it. The system was not restarted during the process. Here's the log: ComboFix 09-09-12.01 - Studio 13.09.2009 0:12.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2444 [GMT 3:00] Running from: c:\documents and settings\Studio\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\19ad211.msi c:\windows\Installer\19c7100.msp c:\windows\Installer\1aab3bf9.msi c:\windows\kb913800.exe c:\windows\system32\.MySCMServerInfo c:\windows\system32\lsprst7.dll c:\windows\system32\msvcsv60.dll c:\windows\system32\ssprs.dll c:\windows\system32\tmpPrst.dll K:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-11 10:56 . 2009-09-11 11:01 -------- d-----w- c:\documents and settings\Studio\Application Data\EmuPatchMixDSP 2009-09-11 10:52 . 2006-11-14 12:28 86016 ----a-w- c:\windows\system32\cttele.dll 2009-09-10 14:40 . 2009-09-10 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-10 14:12 . 2009-09-10 14:12 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-09 16:04 . 2009-09-09 16:04 -------- d-----w- c:\program files\Common Files\INCA Shared 2009-09-09 16:04 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2009-09-09 09:55 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 12:55 . 2009-09-08 12:57 -------- d-----w- C:\Keuhkot @ TasankoSafari 2009 2009-09-07 18:46 . 2009-09-07 18:46 -------- d-----w- c:\program files\Gpotato 2009-09-04 22:26 . 2009-09-12 14:26 -------- d-----w- C:\SKP 2009-09-04 14:28 . 2009-09-04 14:28 -------- d-----w- c:\program files\Deep Silver 2009-09-03 08:48 . 2009-09-11 19:38 -------- d-----w- c:\program files\Pando Networks 2009-09-01 18:20 . 2009-09-01 18:20 -------- d-----w- c:\program files\Google 2009-09-01 11:57 . 2009-09-01 11:57 -------- d-----w- C:\GeekChecxk 2009-09-01 10:46 . 2009-09-01 10:46 0 ----a-w- c:\documents and settings\Studio\settings.dat 2009-09-01 10:30 . 2009-09-01 10:30 -------- d-----w- c:\documents and settings\Studio\Application Data\Malwarebytes 2009-09-01 10:30 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-01 10:30 . 2009-09-01 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-01 10:30 . 2009-09-01 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-01 10:30 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-01 10:20 . 2009-09-01 10:20 -------- d-----w- c:\program files\ERUNT 2009-09-01 08:34 . 2009-09-01 08:42 -------- d-----w- c:\program files\MyVirtualHome 2009-09-01 08:34 . 2009-09-01 08:34 -------- d-----w- c:\documents and settings\Studio\Application Data\MyVirtualHome 2009-09-01 08:34 . 2009-09-01 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\MyVirtualHome 2009-09-01 07:58 . 2009-09-01 07:58 -------- d-----w- c:\program files\Python26 2009-09-01 07:54 . 2009-09-01 07:54 -------- d-----w- c:\documents and settings\Studio\Application Data\Blender Foundation 2009-09-01 07:53 . 2009-09-01 07:54 -------- d-----w- c:\program files\Blender 2009-08-31 20:01 . 2009-08-31 20:01 -------- d-----w- c:\program files\CCleaner 2009-08-31 18:52 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-08-31 18:52 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-08-31 18:52 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-08-31 18:52 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-08-31 18:23 . 2009-08-31 18:23 -------- d-----w- c:\program files\videofixer 2009-08-31 18:23 . 2009-08-31 18:23 -------- d-----w- c:\documents and settings\Studio\Local Settings\Application Data\Thinstall 2009-08-31 18:03 . 2009-08-31 18:03 -------- d-sh--w- c:\documents and settings\Studio\PrivacIE 2009-08-31 17:47 . 2009-08-31 17:45 34228856 ----a-w- C:\GoogleSketchUpWEN.exe 2009-08-31 17:28 . 2009-08-31 17:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-21 14:27 . 2009-09-12 20:55 -------- d-----w- C:\Firefox Download 2009-08-21 02:40 . 2009-08-21 02:40 -------- d-----w- c:\documents and settings\Studio\Application Data\Thinstall 2009-08-18 17:16 . 2009-08-31 18:23 -------- d-----w- c:\program files\Adobe Audition 3.0 2009-08-16 22:11 . 2009-08-16 22:11 -------- d-----w- c:\documents and settings\Studio\Application Data\MeldaProduction MDrummer L 2009-08-16 22:03 . 2006-07-07 10:16 69632 ----a-w- c:\windows\system32\NI_DFD_1_2_9.dll 2009-08-15 00:02 . 2009-08-15 00:13 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-15 00:00 . 2009-08-15 00:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-12 21:24 . 2008-06-20 21:02 -------- d-----w- c:\documents and settings\Studio\Application Data\DNA 2009-09-12 15:26 . 2008-06-20 21:02 -------- d-----w- c:\documents and settings\Studio\Application Data\BitTorrent 2009-09-11 23:19 . 2008-10-08 14:33 -------- d-----w- c:\program files\REAPER 2009-09-11 23:13 . 2008-10-08 14:33 -------- d-----w- c:\documents and settings\Studio\Application Data\REAPER 2009-09-11 21:32 . 2008-06-20 21:02 -------- d-----w- c:\program files\DNA 2009-09-11 12:57 . 2008-08-04 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek 2009-09-11 10:51 . 2008-06-15 09:25 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-09-11 10:51 . 2008-06-15 09:25 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-09-11 10:51 . 2008-06-15 09:25 -------- d-----w- c:\documents and settings\Studio\Application Data\Creative 2009-09-10 14:12 . 2009-02-01 21:45 -------- d-----w- c:\documents and settings\Studio\Application Data\AVI ReComp 2009-09-10 14:11 . 2008-09-11 00:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 14:28 . 2008-06-03 14:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-02 00:29 . 2008-06-04 23:14 -------- d-----w- c:\program files\Sony Vegas 7.0 2009-08-31 20:17 . 2008-07-10 07:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-31 19:52 . 2008-07-10 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-31 18:49 . 2009-02-19 20:10 -------- d-----w- c:\program files\SPORE 2009-08-31 18:45 . 2008-12-19 22:50 -------- d-----w- c:\program files\Call of Duty - World at War 2009-08-31 18:44 . 2009-04-21 15:23 -------- d-----w- c:\program files\Black & White 2009-08-31 18:23 . 2009-05-10 16:14 -------- d-----w- c:\documents and settings\Studio\Application Data\uTorrent 2009-08-31 18:03 . 2009-02-19 11:42 -------- d-----w- c:\documents and settings\Studio\Application Data\Skype 2009-08-31 18:02 . 2009-02-19 11:44 -------- d-----w- c:\documents and settings\Studio\Application Data\skypePM 2009-08-30 19:12 . 2008-05-30 01:33 -------- d-----w- c:\program files\Cycling '74 2009-08-25 15:07 . 2009-02-19 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-08-19 19:52 . 2008-05-29 03:24 72120 ----a-w- c:\documents and settings\Studio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-19 00:40 . 2008-12-14 19:57 -------- d-----w- c:\program files\BSplayerPro 2009-08-16 23:09 . 2008-05-30 01:36 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-16 22:03 . 2008-05-30 01:35 -------- d-----w- c:\program files\Native Instruments 2009-08-16 14:54 . 2009-06-23 22:37 -------- d-----w- c:\program files\RocketDock 2009-08-16 14:53 . 2009-07-26 18:41 -------- d-----w- c:\program files\Nibiru Age of Secrets 2009-08-16 14:53 . 2009-07-26 17:35 -------- d-----w- c:\program files\Fiend 2009-08-16 14:52 . 2009-07-25 20:48 -------- d-----w- c:\program files\Agatha Christie Evil Under the Sun 2009-08-15 08:08 . 2008-05-30 15:05 -------- d-----w- c:\program files\Java 2009-08-14 13:34 . 2008-06-03 00:56 -------- d-----w- c:\program files\PAF Diamond Poker 2009-08-11 19:53 . 2009-08-11 19:52 -------- d-----w- c:\program files\DeusEx 2009-08-10 13:04 . 2009-08-10 13:04 -------- d-----w- c:\documents and settings\Studio\Application Data\ScummVM 2009-08-10 12:18 . 2009-08-10 12:18 -------- d-----w- c:\program files\Xiph.Org 2009-08-05 09:01 . 2004-08-04 00:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 23:02 . 2009-08-03 22:49 -------- d-----w- c:\program files\Wallace And Gromit Ep1 - Fright Of The Bumblebees 2009-08-03 22:28 . 2009-08-03 22:28 -------- d-----w- c:\documents and settings\Studio\Application Data\LucasArts 2009-08-03 21:45 . 2009-08-03 21:42 -------- d-----w- c:\program files\Secret Of Monkey Island SE 2009-07-26 17:48 . 2009-07-26 17:44 -------- d-----w- c:\program files\Energetic 2009-07-26 17:34 . 2008-07-03 20:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-25 21:02 . 2009-07-25 21:02 -------- d-----w- c:\program files\G-Sonique 2009-07-25 16:51 . 2009-07-25 16:51 -------- d-----w- c:\documents and settings\Studio\Application Data\VirSyn Software Synthesizer 2009-07-25 02:23 . 2008-12-14 20:25 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-19 23:42 . 2008-12-28 17:08 -------- d-----w- c:\program files\Penumbra 2009-07-19 23:38 . 2009-07-19 23:38 -------- d-----w- c:\program files\Paradox Interactive 2009-07-17 19:01 . 2004-08-04 00:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 22:15 . 2009-07-16 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-07-14 11:00 . 2008-06-03 14:26 16 ----a-w- c:\windows\msocreg32.dat 2009-07-13 20:43 . 2006-11-20 09:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2006-11-20 09:50 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-05-29 17:05 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-05-29 17:05 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2008-05-29 17:05 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2006-11-20 09:50 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2006-11-20 09:48 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 00:56 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-24 11:18 . 2008-05-29 17:05 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2006-11-20 09:50 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2006-11-20 09:48 81920 ----a-w- c:\windows\system32\fontsub.dll 2008-04-14 00:12 . 2006-11-20 09:48 946176 --sha-r- c:\windows\system32\svuhost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2008-03-20 31232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-10 200069] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-08-27 1626112] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-03-20 23040] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-03-20 23552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Studio\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi"=rddv1027.dll "midi1"=rddv1027.dll "midi3"=rddv1027.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15000:TCP"= 15000:TCP:bittorrent port 15000 TCP "15000:UDP"= 15000:UDP:bittorrent port 15000 UDP R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\marxdev1.sys [10.5.2009 6:51 11296] R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\marxdev2.sys [10.5.2009 6:51 11296] R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\marxdev3.sys [10.5.2009 6:51 11296] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30.5.2008 2:36 33792] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [20.3.2008 17:23 98328] R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [20.3.2008 17:32 259096] R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [20.3.2008 17:38 134168] R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [20.3.2008 17:37 309784] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [20.3.2008 17:23 98328] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [20.3.2008 17:36 171032] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [20.3.2008 17:36 171032] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [20.3.2008 17:23 528920] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [20.3.2008 17:23 528920] S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [20.3.2008 17:26 163352] S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [20.3.2008 17:26 163352] S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [20.3.2008 17:32 259096] S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [20.3.2008 17:38 134168] S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [20.3.2008 17:37 309784] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [20.3.2008 17:36 99352] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [20.3.2008 17:36 99352] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [20.3.2008 17:40 1324056] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [20.3.2008 17:40 1324056] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [20.3.2008 17:37 72728] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [20.3.2008 17:37 72728] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [20.3.2008 17:25 534040] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [20.3.2008 17:25 534040] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1.9.2009 13:30 38160] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.12.2008 19:35 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.12.2008 19:35 8320] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.forumswatcher.com/search.htm uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm Trusted Zone: microsoft.com\support Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate TCP: {42E1CCED-3825-4AB7-B9F1-4A4C6E2653EC} = 193.229.0.40,193.229.0.42 TCP: {DD50080E-44DF-46DA-B1BD-E86444485D94} = 193.229.0.40,193.229.0.42 FF - ProfilePath - c:\documents and settings\Studio\Application Data\Mozilla\Firefox\Profiles\jsks0j4s.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/ FF - component: c:\documents and settings\Studio\Application Data\Mozilla\Firefox\Profiles\jsks0j4s.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\mozvoikko.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-sdd1034 - c:\docume~1\Studio\LOCALS~1\TempImages\sdd1035.exe HKCU-Run-AdobeBridge - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-13 00:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1957994488-1275210071-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:fd,4a,76,ca,77,22,83,10,05,49,5a,9a,c5,23,69,7f,61,6d,3f,bd,c0,53,7d, 0a,d4,84,7f,e5,6d,9f,ec,84,95,f2,6e,bb,eb,fd,44,7b,17,3f,a9,71,76,64,a1,20,\ "??"=hex:cc,a3,eb,5d,1a,d5,3c,f2,fb,8d,45,86,74,c9,d8,32 [HKEY_USERS\S-1-5-21-1957994488-1275210071-725345543-1003\Software\SecuROM\License information] "datasecu"=hex:85,27,ec,e2,a0,c9,6e,82,ca,09,9a,37,99,88,a1,f1,40,46,c4,85,db, f5,39,0b,d7,cb,27,23,13,48,fa,ee,a4,fa,03,cb,e4,68,94,75,e3,10,fd,0e,9a,a3,\ "rkeysecu"=hex:a2,d9,c0,91,ff,c2,3f,a6,48,8f,25,55,5c,30,ed,38 [HKEY_LOCAL_MACHINE\software\Classes\.map\PersistentHandler] @DACL=(02 0000) @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler] @DACL=(02 0000) @="{98de59a0-d175-11cd-a7bd-00006b827d94}" [HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler] @DACL=(02 0000) @="{2e2294a9-50d7-4fe7-a09f-e6492e185884}" [HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler] @DACL=(02 0000) @="{eec97550-47a9-11cf-b952-00aa0051fe20}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h��\|��\|��A~] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\��\|��\|��A~] "AB141C35E9F4BF344B9FC010BB17F68A"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\rddv1027.dll - - - - - - - > 'lsass.exe'(904) c:\windows\system32\rddv1027.dll . Completion time: 2009-09-12 0:28 ComboFix-quarantined-files.txt 2009-09-12 21:28 Pre-Run: 117�590�601�728 bytes free Post-Run: 117�582�479�360 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 301 --- E O F --- 2009-09-10 14:22

emeraldnzl View Member Profile	Sep 12 2009, 04:17 PM Post #6
Trusted Helper Posts: 8,065 OS: XP Pro	Hello again tohtorizorro, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: Driver:: npggsvc File:: c:\windows\system32\svuhost.exe c:\windows\system32\GameMon.des -service REGLOCK:: [HKEY_LOCAL_MACHINE\software\Classes\.map\PersistentHandler] [HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler] [HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler] [HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler] REGNULL:: [HKEY_USERS\S-1-5-21-1957994488-1275210071-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] [HKEY_USERS\S-1-5-21-1957994488-1275210071-725345543-1003\Software\SecuROM\License information] Registry:: [-HKEY_LOCAL_MACHINE\software\Classes\.map\PersistentHandler] [-HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler] [-HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler] [-HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler] Reboot:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

tohtorizorro View Member Profile	Sep 13 2009, 01:16 AM Post #7
Member Posts: 11 OS: Windows XP pro 32 bit	Hello, emeraldnzl. Thanks again for your support. Ran the CF-script, and there was/is few thing to mention: - After dragging the script file to the CF-icon there was an announcement that an update for ComboFix was available which I allowed CF to download and install. - Before rebooting there was an error message with title bar: catchme.cfxxe - DLL Initialization Failed, wasn't able to write the actual mesage down but it stated that this was because windows was shutting down. - I had manually disabled Windows Security Center, so it is not malware related (CF seemed to have turned it on) - The following (or very similar) error message has showed up a number of times on screen in the past: QUOTE Internet Explorer Script Error An error has occurred in the script on this page. Line: 7 Char: 22 Error: 'document.links(...)' is null or not an object Code: 0 URL: http://www.forumswatcher.com/search_my_min...hoo_new_all.asp Do you want tot continue running scripts on this page? ...I don't remeber ever installing anything like forumswatcher, maybe it came aside with something else and I wasn't paying attention. I have googled it and found nothing that would refer it being malware but would like to get rid of it too. Appreciate your effort a lot, here's the new combofix.txt: ComboFix 09-09-12.08 - Studio 13.09.2009 8:59.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2522 [GMT 3:00] Running from: c:\documents and settings\Studio\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Studio\Desktop\CFScript.txt FILE :: "c:\windows\system32\GameMon.des -service" "c:\windows\system32\svuhost.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\svuhost.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npggsvc ((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 ))))))))))))))))))))))))))))))) . 2009-09-13 05:57 . 2009-09-13 05:58 -------- d-----w- C:\Combo-Fix 2009-09-11 10:56 . 2009-09-11 11:01 -------- d-----w- c:\documents and settings\Studio\Application Data\EmuPatchMixDSP 2009-09-11 10:52 . 2006-11-14 12:28 86016 ----a-w- c:\windows\system32\cttele.dll 2009-09-10 14:40 . 2009-09-10 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-10 14:12 . 2009-09-10 14:12 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-09 16:04 . 2009-09-09 16:04 -------- d-----w- c:\program files\Common Files\INCA Shared 2009-09-09 16:04 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2009-09-09 09:55 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-08 12:55 . 2009-09-08 12:57 -------- d-----w- C:\Keuhkot @ TasankoSafari 2009 2009-09-07 18:46 . 2009-09-07 18:46 -------- d-----w- c:\program files\Gpotato 2009-09-04 22:26 . 2009-09-12 14:26 -------- d-----w- C:\SKP 2009-09-04 14:28 . 2009-09-04 14:28 -------- d-----w- c:\program files\Deep Silver 2009-09-03 08:48 . 2009-09-11 19:38 -------- d-----w- c:\program files\Pando Networks 2009-09-01 18:20 . 2009-09-01 18:20 -------- d-----w- c:\program files\Google 2009-09-01 11:57 . 2009-09-01 11:57 -------- d-----w- C:\GeekChecxk 2009-09-01 10:46 . 2009-09-01 10:46 0 ----a-w- c:\documents and settings\Studio\settings.dat 2009-09-01 10:30 . 2009-09-01 10:30 -------- d-----w- c:\documents and settings\Studio\Application Data\Malwarebytes 2009-09-01 10:30 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-01 10:30 . 2009-09-01 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-01 10:30 . 2009-09-01 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-01 10:30 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-01 10:20 . 2009-09-01 10:20 -------- d-----w- c:\program files\ERUNT 2009-09-01 08:34 . 2009-09-01 08:42 -------- d-----w- c:\program files\MyVirtualHome 2009-09-01 08:34 . 2009-09-01 08:34 -------- d-----w- c:\documents and settings\Studio\Application Data\MyVirtualHome 2009-09-01 08:34 . 2009-09-01 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\MyVirtualHome 2009-09-01 07:58 . 2009-09-01 07:58 -------- d-----w- c:\program files\Python26 2009-09-01 07:54 . 2009-09-01 07:54 -------- d-----w- c:\documents and settings\Studio\Application Data\Blender Foundation 2009-09-01 07:53 . 2009-09-01 07:54 -------- d-----w- c:\program files\Blender 2009-08-31 20:01 . 2009-08-31 20:01 -------- d-----w- c:\program files\CCleaner 2009-08-31 18:52 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-08-31 18:52 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-08-31 18:52 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-08-31 18:52 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-08-31 18:23 . 2009-08-31 18:23 -------- d-----w- c:\program files\videofixer 2009-08-31 18:23 . 2009-08-31 18:23 -------- d-----w- c:\documents and settings\Studio\Local Settings\Application Data\Thinstall 2009-08-31 18:03 . 2009-08-31 18:03 -------- d-sh--w- c:\documents and settings\Studio\PrivacIE 2009-08-31 17:47 . 2009-08-31 17:45 34228856 ----a-w- C:\GoogleSketchUpWEN.exe 2009-08-31 17:28 . 2009-08-31 17:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-21 14:27 . 2009-09-12 20:55 -------- d-----w- C:\Firefox Download 2009-08-21 02:40 . 2009-08-21 02:40 -------- d-----w- c:\documents and settings\Studio\Application Data\Thinstall 2009-08-18 17:16 . 2009-08-31 18:23 -------- d-----w- c:\program files\Adobe Audition 3.0 2009-08-16 22:11 . 2009-08-16 22:11 -------- d-----w- c:\documents and settings\Studio\Application Data\MeldaProduction MDrummer L 2009-08-16 22:03 . 2006-07-07 10:16 69632 ----a-w- c:\windows\system32\NI_DFD_1_2_9.dll 2009-08-15 00:02 . 2009-08-15 00:13 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-15 00:00 . 2009-08-15 00:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-13 05:55 . 2008-06-20 21:02 -------- d-----w- c:\documents and settings\Studio\Application Data\DNA 2009-09-12 15:26 . 2008-06-20 21:02 -------- d-----w- c:\documents and settings\Studio\Application Data\BitTorrent 2009-09-11 23:19 . 2008-10-08 14:33 -------- d-----w- c:\program files\REAPER 2009-09-11 23:13 . 2008-10-08 14:33 -------- d-----w- c:\documents and settings\Studio\Application Data\REAPER 2009-09-11 21:32 . 2008-06-20 21:02 -------- d-----w- c:\program files\DNA 2009-09-11 12:57 . 2008-08-04 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek 2009-09-11 10:51 . 2008-06-15 09:25 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2009-09-11 10:51 . 2008-06-15 09:25 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2009-09-11 10:51 . 2008-06-15 09:25 -------- d-----w- c:\documents and settings\Studio\Application Data\Creative 2009-09-10 14:12 . 2009-02-01 21:45 -------- d-----w- c:\documents and settings\Studio\Application Data\AVI ReComp 2009-09-10 14:11 . 2008-09-11 00:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 14:28 . 2008-06-03 14:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-02 00:29 . 2008-06-04 23:14 -------- d-----w- c:\program files\Sony Vegas 7.0 2009-08-31 20:17 . 2008-07-10 07:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-31 19:52 . 2008-07-10 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-31 18:49 . 2009-02-19 20:10 -------- d-----w- c:\program files\SPORE 2009-08-31 18:45 . 2008-12-19 22:50 -------- d-----w- c:\program files\Call of Duty - World at War 2009-08-31 18:44 . 2009-04-21 15:23 -------- d-----w- c:\program files\Black & White 2009-08-31 18:23 . 2009-05-10 16:14 -------- d-----w- c:\documents and settings\Studio\Application Data\uTorrent 2009-08-31 18:03 . 2009-02-19 11:42 -------- d-----w- c:\documents and settings\Studio\Application Data\Skype 2009-08-31 18:02 . 2009-02-19 11:44 -------- d-----w- c:\documents and settings\Studio\Application Data\skypePM 2009-08-30 19:12 . 2008-05-30 01:33 -------- d-----w- c:\program files\Cycling '74 2009-08-25 15:07 . 2009-02-19 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-08-19 19:52 . 2008-05-29 03:24 72120 ----a-w- c:\documents and settings\Studio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-19 00:40 . 2008-12-14 19:57 -------- d-----w- c:\program files\BSplayerPro 2009-08-16 23:09 . 2008-05-30 01:36 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-16 22:03 . 2008-05-30 01:35 -------- d-----w- c:\program files\Native Instruments 2009-08-16 14:54 . 2009-06-23 22:37 -------- d-----w- c:\program files\RocketDock 2009-08-16 14:53 . 2009-07-26 18:41 -------- d-----w- c:\program files\Nibiru Age of Secrets 2009-08-16 14:53 . 2009-07-26 17:35 -------- d-----w- c:\program files\Fiend 2009-08-16 14:52 . 2009-07-25 20:48 -------- d-----w- c:\program files\Agatha Christie Evil Under the Sun 2009-08-15 08:08 . 2008-05-30 15:05 -------- d-----w- c:\program files\Java 2009-08-14 13:34 . 2008-06-03 00:56 -------- d-----w- c:\program files\PAF Diamond Poker 2009-08-11 19:53 . 2009-08-11 19:52 -------- d-----w- c:\program files\DeusEx 2009-08-10 13:04 . 2009-08-10 13:04 -------- d-----w- c:\documents and settings\Studio\Application Data\ScummVM 2009-08-10 12:18 . 2009-08-10 12:18 -------- d-----w- c:\program files\Xiph.Org 2009-08-05 09:01 . 2004-08-04 00:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 23:02 . 2009-08-03 22:49 -------- d-----w- c:\program files\Wallace And Gromit Ep1 - Fright Of The Bumblebees 2009-08-03 22:28 . 2009-08-03 22:28 -------- d-----w- c:\documents and settings\Studio\Application Data\LucasArts 2009-08-03 21:45 . 2009-08-03 21:42 -------- d-----w- c:\program files\Secret Of Monkey Island SE 2009-07-26 17:48 . 2009-07-26 17:44 -------- d-----w- c:\program files\Energetic 2009-07-26 17:34 . 2008-07-03 20:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-25 21:02 . 2009-07-25 21:02 -------- d-----w- c:\program files\G-Sonique 2009-07-25 16:51 . 2009-07-25 16:51 -------- d-----w- c:\documents and settings\Studio\Application Data\VirSyn Software Synthesizer 2009-07-25 02:23 . 2008-12-14 20:25 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-19 23:42 . 2008-12-28 17:08 -------- d-----w- c:\program files\Penumbra 2009-07-19 23:38 . 2009-07-19 23:38 -------- d-----w- c:\program files\Paradox Interactive 2009-07-17 19:01 . 2004-08-04 00:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 22:15 . 2009-07-16 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-07-14 11:00 . 2008-06-03 14:26 16 ----a-w- c:\windows\msocreg32.dat 2009-07-13 20:43 . 2006-11-20 09:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2006-11-20 09:50 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2008-05-29 17:05 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2008-05-29 17:05 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2008-05-29 17:05 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2006-11-20 09:50 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2006-11-20 09:48 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 00:56 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-24 11:18 . 2008-05-29 17:05 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2006-11-20 09:50 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2006-11-20 09:48 81920 ----a-w- c:\windows\system32\fontsub.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-12_21.27.24 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-13 06:17 . 2009-09-13 06:17 16384 c:\windows\temp\Perflib_Perfdata_7fc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2008-03-20 31232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-10 200069] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-08-27 1626112] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-03-20 23040] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-03-20 23552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Studio\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi"=rddv1027.dll "midi1"=rddv1027.dll "midi3"=rddv1027.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15000:TCP"= 15000:TCP:bittorrent port 15000 TCP "15000:UDP"= 15000:UDP:bittorrent port 15000 UDP R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\marxdev1.sys [10.5.2009 6:51 11296] R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\marxdev2.sys [10.5.2009 6:51 11296] R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\marxdev3.sys [10.5.2009 6:51 11296] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30.5.2008 2:36 33792] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [20.3.2008 17:23 98328] R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [20.3.2008 17:32 259096] R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [20.3.2008 17:38 134168] R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [20.3.2008 17:37 309784] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [20.3.2008 17:23 98328] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [20.3.2008 17:36 171032] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [20.3.2008 17:36 171032] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [20.3.2008 17:23 528920] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [20.3.2008 17:23 528920] S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [20.3.2008 17:26 163352] S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [20.3.2008 17:26 163352] S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [20.3.2008 17:32 259096] S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [20.3.2008 17:38 134168] S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [20.3.2008 17:37 309784] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [20.3.2008 17:36 99352] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [20.3.2008 17:36 99352] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [20.3.2008 17:40 1324056] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [20.3.2008 17:40 1324056] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [20.3.2008 17:37 72728] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [20.3.2008 17:37 72728] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [20.3.2008 17:25 534040] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [20.3.2008 17:25 534040] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1.9.2009 13:30 38160] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31.12.2008 19:35 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31.12.2008 19:35 8320] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.forumswatcher.com/search.htm uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm Trusted Zone: microsoft.com\support Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate TCP: {42E1CCED-3825-4AB7-B9F1-4A4C6E2653EC} = 193.229.0.40,193.229.0.42 TCP: {DD50080E-44DF-46DA-B1BD-E86444485D94} = 193.229.0.40,193.229.0.42 FF - ProfilePath - c:\documents and settings\Studio\Application Data\Mozilla\Firefox\Profiles\jsks0j4s.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi/ FF - component: c:\documents and settings\Studio\Application Data\Mozilla\Firefox\Profiles\jsks0j4s.default\extensions\fi@dictionaries.addons.mozilla.org\platform\WINNT_x86-msvc\components\mozvoikko.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-13 09:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h��\|��\|��A~] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\��\|��\|��A~] "AB141C35E9F4BF344B9FC010BB17F68A"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(832) c:\windows\system32\rddv1027.dll - - - - - - - > 'lsass.exe'(888) c:\windows\system32\rddv1027.dll - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\WININET.dll c:\windows\system32\rddv1027.dll c:\windows\system32\nview.dll c:\windows\system32\NVWRSFI.DLL c:\windows\system32\ctagent.dll c:\windows\system32\nvwddi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fin.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe . ************************************************************************** . Completion time: 2009-09-13 9:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-13 06:23 Pre-Run: 117�591�330�816 bytes free Post-Run: 117�498�269�696 bytes free 298 --- E O F --- 2009-09-10 14:22

emeraldnzl View Member Profile	Sep 13 2009, 02:53 AM Post #8
Trusted Helper Posts: 8,065 OS: XP Pro	Hello tohtorizorro, QUOTE I have googled it and found nothing that would refer it being malware but would like to get rid of it too. Yes that was one that we were getting rid of. One of those registry items in the script. Seems to be gone now. Moving on Next, we need to ensure hidden files and folders can be viewed; * Click Start * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Uncheck the Hide extensions for known file types option. * Click Yes to confirm. * Click OK. Now Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page: c:\windows\system32\rddv1027.dll Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply. Next You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here. If you no-longer have Malwarebytes please download from Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy & Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. So when you return please post Virscan report Malwarebytes log

tohtorizorro

Sep 13 2009, 05:30 AM

Post #9

Member

Posts: 11
OS: Windows XP pro 32 bit

VirScan.org's 'Copy to Clipboard'-button wasn't working so I attached a screenshot of the results page to this reply.
The results can also be viewed in the following URL:

http://virscan.org/report/f4e28a11f159500a...c980104690.html

In case the URL isn't working anymore here's the info that didn't fit in the screenshot:

QUOTE

File Name : rddv1027.dll
File Size : 25771 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 6e79d3318eb9fb74ed300c23d0ea8061
SHA1 : 6392d0257daad68b5efaedd0c1689b15eed68db2

That's prolly all irrelevant since the scanners found nothing though.

Same thing with MBAM, here's the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2788
Windows 5.1.2600 Service Pack 3

13.9.2009 14:11:15
mbam-log-2009-09-13 (14-11-15).txt

Scan type: Quick Scan
Objects scanned: 98316
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached thumbnail(s)

emeraldnzl View Member Profile	Sep 13 2009, 01:02 PM Post #10
Trusted Helper Posts: 8,065 OS: XP Pro	Hello tohtorizorro, Looking good. Just one more to make sure we haven't missed anything. Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job. Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) . Go to Kaspersky website and perform an online antivirus scan. Note: you will need to turn off your security programs to allow Kaspersky to do its job. Read through the requirements and privacy statement and click on Accept button. It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Copy and paste that information in your next post and tell me how your machine is now.

tohtorizorro View Member Profile	Sep 14 2009, 08:12 AM Post #11
Member Posts: 11 OS: Windows XP pro 32 bit	Hi again, emerladnzl. It's looking quite good, Kaspersky found something but I think most of them are false alarms. I've understood that this can happen. Right? All the Dev-CPP related files are parts of a really well known C++ compiler and downloaded from the developers site, so I'd be amazed if they'd be a source of viruses/malware/etc. That leaves only these two bad guys left: C:\System Volume Information\_restore{6A28DE96-F97F-4D43-9974-1E2EF8B15958}\RP409\A0045917.exe Infected: Trojan-Downloader.Win32.Adload.gyw 1 C:\WINDOWS\system32\hgGVPhgF.dll.bak Infected: not-a-virus:AdWare.Win32.Virtumonde.trw 1 The whole report below: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, September 14, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, September 13, 2009 21:26:44 Records in database: 2802179 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan statistics: Objects scanned: 317219 Threats found: 1 Infected objects found: 7 Suspicious objects found: 0 Scan duration: 09:11:10 File name / Threat / Threats count C:\CPP\Dev-CPP\bin\addr2line.exe Infected: not-a-virus:NetTool.Win32.Scan.k 1 C:\CPP\Dev-CPP\bin\ar.exe Infected: not-a-virus:NetTool.Win32.Scan.j 1 C:\CPP\Dev-CPP\mingw32\bin\ar.exe Infected: not-a-virus:NetTool.Win32.Scan.j 1 C:\System Volume Information\_restore{6A28DE96-F97F-4D43-9974-1E2EF8B15958}\RP409\A0045917.exe Infected: Trojan-Downloader.Win32.Adload.gyw 1 C:\WINDOWS\system32\hgGVPhgF.dll.bak Infected: not-a-virus:AdWare.Win32.Virtumonde.trw 1 K:\MATSKU\SOFTWARE\devcpp4980.exe Infected: not-a-virus:NetTool.Win32.Scan.j 1 K:\MATSKU\SOFTWARE\devcpp4980.exe Infected: not-a-virus:NetTool.Win32.Scan.k 1 Selected area has been scanned.

emeraldnzl View Member Profile	Sep 14 2009, 01:14 PM Post #12
Trusted Helper Posts: 8,065 OS: XP Pro	Hello tohtorizorro, Yes most of those are false positives. The Dev-CPP are picked up by some anti-virus programs as malicious but as you say I think they are OK. One of those bad ones you mentioned is in System Restore and will be dealt with in Cleanup see below. There is one to get rid of but after that is removed you can go straight to clearing away the tools we have been using. Now 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: File:: C:\WINDOWS\system32\hgGVPhgF.dll.bak Reboot:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Next We have a couple of last steps to perform and then you're all set. Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points. Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Step 2 Make sure you have an Internet Connection. Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator") Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so. Click Yes to begin the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to. The WinDiag folder/files can be deleted. ------------------------------------------------------------------------------------------------------------------- A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process. ------------------------------------------------------------------------------------------------------------------- Now that your machine is clean here are some things that I think are worth having a look at if you don't already know a bout them: --------------------------------------------------------------------------------------------------------------------- Regularly check that your Java is up to date. Older versions are vunerable to malicious attack. Download from here Java Runtime Environment (JDK) Update Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install. Reboot your computer. You also need to uininstall older versions of Java. Click Start > Control Panel > Add or Remove Programs Remove all Java updates except the latest one you have just installed. -------------------------------------------------------------------------------------------------------------------- Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program: ATF Cleaner -------------------------------------------------------------------------------------------------------------------- Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it. Firefox may be downloaded from Here NoScripts is a good Add-on for Firefox that prevents execution of malicious scripts. ----------------------------------------------------------------------------------------------------------------------- Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed. ----------------------------------------------------------------------------------------------------------------------- To help protect your computer in the future here are some free programs you can look at: If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting Microsoft Windows Update monthly. It is recommended that you do set Windows to check, download and install your updates automatically. * Click Start > Control Panel > Automatic Updates * Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet. * Click Apply then OK. And to keep your system clean consider choosing from these free malware scanners and running it AdAware SE Personal Spybot Search & Destroy SuperAntiSpyWare weekly. Be aware of what emails you open and websites you visit. An antivirus program is essential. Here are a couple of to choose from (these are also free for personal use): Avast AVIRA Note: AVIRA free comes with adware that promotes their paid for version each time it updates. I like Avira but some people find the pop up advertisements each time it updates a bit trying. A firewall is essential to help prevent hackers from infiltrating your computer. Here are two good firewalls free for personal use: OnLine-Armour PC Tools Firewall Plus Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection. Go here for some good advice about how to prevent infection. Have a safe and happy computing day!

tohtorizorro View Member Profile	Sep 15 2009, 01:04 PM Post #13
Member Posts: 11 OS: Windows XP pro 32 bit	The system seems to be spotless again. Thanks a lot for the help emraldnzl. Thanks for the tips for the future too. After being about a year without any anti-virus software or third party firewall I now downloaded Avira and PC-Tools Firewall as you recommended. Keep up the good work and thanks once more. All the best, - Mikko.

emeraldnzl View Member Profile	Sep 15 2009, 02:27 PM Post #14
Trusted Helper Posts: 8,065 OS: XP Pro	QUOTE thanks once more. Your very welcome.

emeraldnzl View Member Profile	Sep 15 2009, 02:28 PM Post #15
Trusted Helper Posts: 8,065 OS: XP Pro	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal AdAware says I have something in the registry. [RESOLVED] 12	29 / 845	29th January 2008 - 03:24 AM ScottAz started - last by RatHat
Windows XP�, 2000, 2003, NT Old Viruses in the Registry	3 / 303	7th February 2008 - 09:12 PM Elysia started - last by Will_00
Virus, Spyware and Trojan Removal Goggle-redirect virus, serious pain in the @#$ [Solved] 12	19 / 628	21st May 2009 - 05:32 AM enacra started - last by kahdah
Virus, Spyware and Trojan Removal Error in the registry	0 / 206	26th June 2009 - 03:29 AM sensini started - last by sensini