Jump to content

Hski

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by Hski

  1. I created a "test" new profile and the problem has disappeared. So there must be something in my original profile that's messing with my settings. Now the challenge is to migrate my user.js, about:config settings, passwords etc. from the old profile to the new (without the offending item(s). Any advice?
  2. :(Greetings Friends: I have an XP Pro SP3 computer using Firefox 3.0.5. Recently, whenever I start Firefox, it opens to the page(s) I was using before I closed it, despite the fact that I set it to open on a blank page. I've set the preferences to "when firefox starts show a blank page" but it wont work; it always reverts to the pages I was using before closed. I've checked the "about:config" page and it's set appropriately. I've checked all my virus software and nothing is set to "protect" the home page. This only happens with Firefox. I also have IE and Opera and they seem unaffected. I've run all the virus scan noted in this forum and others and nothing found. Help! Thanks.
  3. here's the compressed SIGVERIF File attached SIGVERIF.zip SIGVERIF.zip
  4. OTListIt Extras logfile created on: 11/5/2008 12:04:52 AM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.41 Mb Total Physical Memory | 744.67 Mb Available Physical Memory | 72.83% Memory free 2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.14% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 63.16 Gb Free Space | 84.75% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HUMAN-ECCQD9YRE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/09/19 16:34:18 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0 "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6 "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5A0AED3A-D592-4433-8CC8-46EE7AB7ABF7}" = SMCWCB-G WLAN Cardbus "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8318FEFD-F467-44D6-82B8-129374BFE9B1}" = Opera 9.62 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth "{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator "{A3F60446-48FB-48A8-B5FC-BB3430AEF806}" = Diskeeper Lite "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-09-09 "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B10C92AE-2C2B-11DD-97B5-005056806466}" = Google Earth Plugin "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint "{B772E270-02DF-4B70-9FA8-1383BBB81FDD}" = Intel® Processor Frequency ID Utility "{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}" = Prospector "{DD7CDE4F-23DC-4C51-B749-0198C50F352D}_is1" = PDF to Word "{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks "{F4194A69-7B8F-4C9B-BDFF-E55126C9200F}_is1" = Anti-Malware Toolkit 1.03.125 "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0 "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser "{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "7-Zip" = 7-Zip 4.57 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Allway Sync_is1" = Allway Sync version 8.3.1 "Almeza MultiSet Professional 5.6_is1" = Almeza MultiSet Professional 5.6 "AMP Font Viewer" = AMP Font Viewer "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "Aplus Video Converter_is1" = Aplus Video Converter 8.79 "AptEdit Pro 4.5.1 for Giveaway_is1" = AptEdit Pro 4.5.1 for Giveaway "Auction Inquisitor" = Auction Inquisitor 1.0.0.0 "Audacity_is1" = Audacity 1.2.6 "Audit Support Center" = Audit Support Center 1.0 "Belarc Advisor 2.0" = Belarc Advisor 7.2 "BusinessCardsMX3_is1" = BusinessCardsMX 3.92 "Calibrize_is1" = Calibrize 2.0 "CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600 "CCleaner" = CCleaner (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CPUMon_is1" = CPUMon "CraigsPalFree_is1" = CraigsPalFree version 3.08 "DiskCleaner" = Disk Cleaner (remove only) "DriverView" = DriverView "Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.5.1 "Easy Macro Recorder_is1" = Easy Macro Recorder 3.70 "Easy Unit Converter_is1" = Easy Unit Converter 1.21 "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Edraw Max_is1" = Edraw Max 4 "Eraser" = Eraser "FastStone Image Viewer" = FastStone Image Viewer 3.5 "filehippo.com" = filehippo.com Update Checker "Foxit PDF Creator" = Foxit PDF Creator "Foxit Reader" = Foxit Reader "Free Hide Folder" = Free Hide Folder "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Gadwin PrintScreen" = Gadwin PrintScreen "Glary Utilities_is1" = Glary Utilities 2.7.268 "GPL Ghostscript 8.61" = GPL Ghostscript 8.61 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "GSpot" = GSpot Codec Information Appliance "HijackThis" = HijackThis 2.0.2 "ie7" = Windows Internet Explorer 7 "Image Mender" = Image Mender 1.1 "Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers "IPNetInfo" = IPNetInfo "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover "MediaCoder" = MediaCoder 0.6.1 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mobile Photo Enhancer_is1" = Mobile Photo Enhancer 1.3 "Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3) "Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17) "MRW!UninstallKey" = InCD Reader "NeroMultiInstaller!UninstallKey" = Nero Suite "NetStat Agent_is1" = NetStat Agent 2.0 "NTREGOPT_is1" = NTREGOPT 1.1j "OnlineArmor_is1" = Online Armor 3.0 "PC Wizard 2008_is1" = PC Wizard 2008.1.80 "Process Explorer" = Process Explorer "RealPlayer 6.0" = RealPlayer "Recover Keys_is1" = Recover Keys "Revo Uninstaller" = Revo Uninstaller 1.75 "Scribus 1.3.3.12" = Scribus 1.3.3.12 "Some PDF to HTM Converter_is1" = Some PDF to HTM Converter 1.1 "Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.1 "SopCast" = SopCast 3.0.3 "SpeedFan" = SpeedFan (remove only) "StartupCPL_EXE" = StartupCPL_EXE "SyncBack_is1" = SyncBack "Sysinternals Software" = Sysinternals Software "TNT Screen Capture (Free version for GiveAwayOfT~CFCC0AE8_is1" = EC Software TNT Screen Capture 2.1 "TurboTax Deluxe 2007" = TurboTax Deluxe 2007 "TurboTax Home & Business 2007" = TurboTax Home & Business 2007 "TV Player" = Veetle TV Player 0.9.7 "TVUPlayer" = TVUPlayer 2.3.6.1 "Unlocker" = Unlocker 1.8.7 "Veetle TV Player" = Veetle TV Player 0.9.7 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.4 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinPatrol" = WinPatrol 2008 "WinRAR archiver" = WinRAR archiver "Wondershare Photo Collage Studio Giveaway Edition_is1" = Wondershare Photo Collage Studio 4.2.8 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "ZipInstaller" = ZipInstaller ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Abacast Client" = Abacast Client "Google Chrome" = Google Chrome ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Abacast Client" = Abacast Client "Google Chrome" = Google Chrome < End of report >
  5. I'll send the files one at a time to see if that works. OTListIt logfile created on: 11/5/2008 12:04:52 AM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.41 Mb Total Physical Memory | 744.67 Mb Available Physical Memory | 72.83% Memory free 2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.14% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 63.16 Gb Free Space | 84.75% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HUMAN-ECCQD9YRE Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/10/06 23:09:22 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008/10/23 16:01:03 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008/10/06 23:09:14 | 06,223,048 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008/10/06 23:09:18 | 02,115,784 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe [2008/10/23 16:01:01 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008/10/26 16:31:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008/10/06 23:09:24 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe [2008/11/04 23:56:58 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2008/10/23 16:01:03 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running]) [2008/10/23 16:01:01 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2002/10/16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [On_Demand | Stopped]) [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2008/05/28 20:58:23 | 00,051,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe -- (gupdate1c8c12f8a6bbb80 [Disabled | Stopped]) [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) [2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped]) [2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Disabled | Stopped]) [2008/10/26 16:31:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008/03/09 10:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [On_Demand | Stopped]) [2008/10/06 23:09:24 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat [Auto | Running]) [2008/10/06 23:09:22 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Running]) [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped]) ========== Driver Services ========== [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running]) [1999/09/10 07:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running]) [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running]) [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running]) [2008/06/27 14:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running]) [2005/04/07 16:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [system | Running]) [2002/04/05 14:00:54 | 00,073,827 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC [On_Demand | Running]) [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running]) [2005/04/19 18:07:48 | 00,737,789 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running]) [2002/08/14 00:00:00 | 00,013,782 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeBusDr.sys -- (IdeBusDr [boot | Running]) [2002/08/14 00:00:00 | 00,093,594 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeChnDr.sys -- (IdeChnDr [boot | Running]) [2006/03/23 16:15:58 | 00,102,016 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running]) [2006/03/23 16:15:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [system | Running]) [2006/03/23 16:15:56 | 00,033,536 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [system | Stopped]) [2008/04/13 23:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running]) [2006/07/23 14:23:11 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running]) [2008/04/13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped]) [2007/08/31 11:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running]) [2008/10/06 23:09:32 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice [system | Running]) [2008/10/06 23:09:48 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon [system | Running]) [2008/10/06 23:09:36 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet [system | Running]) [2002/10/15 13:59:24 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [system | Running]) [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2003/02/24 14:30:02 | 00,135,292 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial [On_Demand | Stopped]) [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) [2008/08/19 22:34:20 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running]) [2008/08/19 22:34:22 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped]) [2008/08/19 22:34:20 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running]) [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2005/04/21 06:26:00 | 00,457,344 | R--- | M] (SMC Networks, Inc.) -- C:\WINDOWS\system32\drivers\SMCWCBG.sys -- (SMCWCBG [On_Demand | Stopped]) [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running]) [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Running]) [2003/05/30 16:50:46 | 00,690,973 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem [boot | Running]) [2003/05/30 17:45:16 | 00,477,403 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom [boot | Running]) [2003/05/28 11:08:12 | 00,066,111 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice [boot | Running]) [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped]) [2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running]) [2004/04/21 16:51:00 | 00,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5 [Auto | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKU\S-1-5-21-527237240-854245398-1060284298-500\S-1-5-21-527237240-854245398-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-527237240-854245398-1060284298-500\S-1-5-21-527237240-854245398-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local O1 HOSTS File: (269159 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 9315 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Update Class) - {F286500C-177A-4316-9E88-9814FBB1DC3D} - C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll () O3 - HKCU\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-527237240-854245398-1060284298-500\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found O4 - HKLM..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu) O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios) O4 - HKCU..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn) O4 - HKU\S-1-5-21-527237240-854245398-1060284298-500..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - belarc - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] !SASWinLogon: "DllName" = -- File not found igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}" (HKLM) -- C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2006/07/22 23:34:38 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command] "" = G:\LaunchU3.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [2 C:\WINDOWS\*.tmp files] [2008/11/04 23:56:57 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt.exe [2008/10/31 17:32:59 | 15,405,003 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IDU_2.1.9.66_Light.exe [2008/10/31 12:45:46 | 00,018,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Yr Radio contest official rules and regulations.htm [2008/10/30 20:18:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2008/10/30 19:19:39 | 00,045,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2008/10/29 22:12:41 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/10/29 15:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/10/28 16:49:53 | 00,098,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Belarc Snapshot10-28-08.html [2008/10/28 16:17:12 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2008/10/27 09:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2008/10/27 09:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OnlineArmor [2008/10/27 09:11:10 | 00,178,376 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys [2008/10/27 09:11:10 | 00,030,920 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys [2008/10/27 09:11:10 | 00,028,872 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys [2008/10/27 09:11:00 | 00,000,000 | ---D | C] -- C:\OnlineArmor [2008/10/26 21:45:57 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat [2008/10/26 20:09:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC [2008/10/26 16:27:46 | 00,000,000 | -HSD | C] -- C:\found.000 [2008/10/25 16:12:37 | 02,692,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Verizon Motorolla E815 CDMA User Guide.pdf [2008/10/25 07:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp [2008/10/24 17:03:27 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/23 11:13:48 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Program Files\WinsockxpFix.exe [2008/10/22 12:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Calibrize [2008/10/21 11:41:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My ICC Profiles [2008/10/20 10:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TaskCoach [2008/10/20 10:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\TaskCoach [2008/10/19 09:44:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc [2008/10/16 16:54:01 | 00,208,384 | ---- | C] (Paul McLain and Fred de Vries) -- C:\Program Files\JavaRa.exe [2008/10/15 08:52:21 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2008/10/15 08:52:18 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2008/10/15 08:52:16 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2008/10/15 08:52:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2008/10/15 08:52:10 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2008/10/15 08:52:00 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2008/10/14 14:06:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\To Read [2008/10/13 14:15:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2008/10/13 14:11:10 | 00,000,000 | ---D | C] -- C:\Program Files\JRE [2008/10/13 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2008/10/07 09:45:15 | 00,000,000 | ---D | C] -- C:\Program Files\Teorex [2008/10/06 15:49:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sync App Settings [2008/10/06 15:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings [2008/10/06 15:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\Allway Sync ========== Files - Modified Within 30 Days ========== [3 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] [2008/11/04 23:56:58 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt.exe [2008/11/04 23:43:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/04 23:42:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/04 22:17:24 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/04 21:22:43 | 00,522,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/11/04 21:22:43 | 00,441,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/11/04 21:22:43 | 00,071,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/31 17:33:16 | 15,405,003 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IDU_2.1.9.66_Light.exe [2008/10/31 12:45:47 | 00,018,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Yr Radio contest official rules and regulations.htm [2008/10/31 08:15:06 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe [2008/10/29 15:39:30 | 00,269,159 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/10/28 16:49:54 | 00,098,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Belarc Snapshot10-28-08.html [2008/10/28 16:17:12 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2008/10/27 10:30:19 | 00,000,602 | ---- | M] () -- C:\WINDOWS\win.ini [2008/10/27 10:30:19 | 00,000,281 | -H-- | M] () -- C:\boot.ini [2008/10/27 10:30:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/10/27 09:30:53 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx [2008/10/27 08:22:42 | 00,082,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/10/26 21:45:58 | 00,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat [2008/10/26 16:23:26 | 02,648,538 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2008/10/25 16:12:37 | 02,692,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Verizon Motorolla E815 CDMA User Guide.pdf [2008/10/22 15:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/10/22 15:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/10/15 09:10:06 | 00,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/15 08:41:52 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\desktop.ini:SummaryInformation @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\desktop.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [2008/10/07 14:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/10/06 23:09:48 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys [2008/10/06 23:09:36 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys [2008/10/06 23:09:32 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys < End of report >
  6. It's not my computer, seems to be the site (browser seems to be working ok). Whenever I post the logs and try to upload the file, it seems the site tries to send the message but I get an error message that says unable to do so, or it freezes. I'll try again
  7. I've been unable to post since last night. This is a test
  8. Thanks once again. Ran DCOMCNFG and got 2 error messages relating to yahoo messenger (I know and have it) so I clicked ok. I entered the console successfully with no other error messages. Ran Windows update successfully (nothing critical to download). Looked at the link you sent "MS04-015 does not install correctly". The resolution is to enable the Help and Support service, but it was already running and set at automatic. That link contained another link that said "To reinstall the security update that is documented in Microsoft Security Bulletin MS04-015, download and then run the appropriate package from the following Microsoft Web site". When I went there, there was no download for XP SP3, only XP and XP SP1 so I took no further action.
  9. Sorry...I forgot to tell you that the Event Viewer info that I noted earlier was only from the past few days. I had looked at the Event Viewer earlier and noted that the dates for the events seemed really messed up; after 2006 it was showing 2033 and dates like that so I couldn't tell what was what. So I saved the events then cleared the viewer (System and Application only).
  10. One more bit of info. I just rebooted and took an immediate look at the Event Viewer. In the "Application" section it listed the following errors: "A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. " This is noted twice in the Viewer. This sounds ominous. What does it mean? Could this, combined with my previous list of errors be part of a remote attack of some sort? In the "System" section, I didn't get the DCOM errors, but I did notice entries showing that the Event Viewer was stopped and started. I also noted the following again: "The following boot-start or system-start driver(s) failed to load: AVG Clean Drive"
  11. Thanks: Disk drive listed in device manager is WDCWD800VE-07HDT0 No red or yellow in any of the device manager entries . Lots of error entries in the event viewer. Most of these are entered many times. All are from "system". They are as follows: "The following boot-start or system-start driver(s) failed to load: AVG Clean Driver" I dont' know what this is. I don't have AVG, I have Avira Anti-Virus running. Maybe it's part of Avira? Also, I did run many things to eliminate the possibility of a virus so maybe it's related to that?. "The Windows Service Pack Installer update service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." I enabled this. "DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}". I have TONS of this message. DCOM service WAS running (automatic). "The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." This was disabled so I re-enabled it. I know it was previously enabled. " The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." Tons of these too. I enabled Telephony service. I think this was was previously enabled. No errors found for any anything to do with either Hard Drive, SCSI, IDE, EIDE, SATA errors. The only errors were noted above (most were listed many times). My hard drive is only 1, maybe 2 years old. I ran a disk check (with both boxes checked) after the start of my problems and it completed successfully. Thanks for your help.
  12. Hi! Yes, I have a cd/dvd burner and my service tag number.. Thanks!
  13. Thanks for your help Jean. I've been following your tutorial on running the System File Checker, but have not had success; I'm unable to run it. I've been able to follow all the steps except #6 (after first trying step #1 and 2 without success then trying the others). I've used the i386 folder that resides in C:\WINDOWS\ServicePackFiles. So far, nothing has worked. I keep getting the "files that are required for Windows to run properly must be copied to the dll cache. Insert your Windows XP Professional CD-ROM now". In trying to follow step 6, I should be able to find the registry key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection". In my sp3 machine, that key is missing the last file, Windows File Protection. As you've directed, I'm trying to run the System File Checker to see if a corrupted or missing file is the cause of my problems. Any ideas? If not, can you ask one of your compatriots to assist me? Many thanks as always.
  14. Thanks Jean, I'll do the i386 thing today, hopefully that will solve this problem; if not, I'll be back. I did go to the link for the sym_U3.sys file long before I posted anything, but I was reluctant to download and pay for anything before I knew what was going on (it's still not clear if downloading that file is the thing to do...for instance, where do I put it? And is placing it in the correct place good enough or are registry changes needed as well?)
  15. I just checked again, there's an i386 folder located in C:\windows\servicepackfiles. Should I use this one Jean?
  16. Thanks Jean: I believe you said you hadn't used it on an SP3 machine, and so I didn't want to run it without knowing it was appropriate for my SP3 machine, especially considering it uses the i836 folder in the SP2 folder (I don't see a SP3 folder). If it uses this folder to check for missing files, then my concern is that it might replace files based on SP2 instead of SP3. So, are you saying it would do no harm to follow your tutorial and use the SP2 folder in my SP3 machine? If so, I'll do it right away. Thanks as always for your help.
  17. Hi: I've got a Dell Latitude C400 1.33 running Win XP Pro sp3. The computer has been running fine and I regularly clean, defrag, and run checkdisk. The other day as I started up the computer, a blue screen came on saying the computer needed to run chkdsk. As it ran, I noticed it was removing a bunch of what looked like system type files and some exe's. It finished and the computer started up. Since then, the computer has had startup problems: once, it didn't recognize my firewall (it said it couldn't start it) so I removed the firewall and reinstalled. Firewall starts now. Overall, the startup is slower than previously, and most things are much slower. More importantly, it is very difficult to shutdown and powerdown the computer. It take a few minutes (if ever) for the computer to shutdown (get to the part that asks if I want to restart etc.), and a few or more minutes for it to powerdown after that, if at all. I've had to push the power buttom a few times as well. Once it starts, everything runs, but the longer I'm on, the slower things run. I've run a ton of virus and malware including: avira antivirus (running all the time), kaspersky internet suite 2009 (on demand), Spybot, Rogue Remover, Super Antispyware, and Malaware Anti-Malware. Nothing found. I also posted this earlier to the malware forum, where Jeanfrommontana helped me; nothing found and she said to post here. I also consulted the Microsoft page that discusses this, and tried most things, to no avai. I then tried to run the Recovery Console at startup (which I installed with another forum's help--I don't have the XP disks anymore, to figure out a previous problem, but never actually ran it before). As the Recovery Console started up, I got the following error message: "The file Sym_U3.sys could not be found" . The Recovery Console wouldn't finish starting up after that so I had to exit and let the computer finish starting up normally. I also tried to search the computer for the Sym_U3.sys file but couldn't find it. I also managed to do a "normal" check disk; ran ok. I also noticed that the longer I use the computer the harder and longer it takes to shutdown. If I start the computer, then shut it down, it shuts down fine. So...what's going on? Today I re-installed uphclean.exe (I had installed it a few months ago). When I shutdown now, it more quickly gets to the part where it shows my options (restart, shutdown, log off), but still takes a long time to power down; faster than before, but still much longer than usual. Any help would be appreciated.
  18. Pardon my ignorance, so I can use the I386 folder in SP2 (I have sp3 running)? ALso, how do I invoke the scannow sfc on startup?
  19. Thanks Jean. I read your tutorial, but it seems you need at least a recovery disk to do anything. Is this correct? (I no longer have my disks, but I do have an i386 folder in the Windows folder).
  20. As directed, please see below the MBAM scan done with latest version and the subsequent HJT scan done after fixing the 4 items you noted. I will take a look at the self help tutorial you mentioned on system file checker. Considering you mentioned I should make no changes until we are finished here, should I take any action as a result of the tutorial or wait? FWI: when the startup dskchk did it's thing, it most definitely was deleting files among other things, including at least 1 .exe file; perhaps it was also replacing them but it happened so fast I couldn't tell. Many thanks for your kind assistance. Malwarebytes' Anti-Malware 1.30 Database version: 1345 Windows 5.1.2600 Service Pack 3 10/31/2008 2:38:44 PM mbam-log-2008-10-31 (14-38-44).txt Scan type: Quick Scan Objects scanned: 45923 Time elapsed: 5 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:43:28 PM, on 10/31/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\SMC\SMCWCB-G WLAN Cardbus\Monitor.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Google Update Class - {F286500C-177A-4316-9E88-9814FBB1DC3D} - C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\ O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 4848 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.