OTL logfile created on: 02.07.2011 15:19:15 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy 1022.35 Mb Total Physical Memory | 533.57 Mb Available Physical Memory | 52.19% Memory free 2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.71% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 16.76 Gb Free Space | 17.99% Space Free | Partition Type: NTFS Drive F: | 931.28 Gb Total Space | 562.94 Gb Free Space | 60.45% Space Free | Partition Type: FAT32 Computer Name: ETH-JAKOB | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe (Sophos Plc) PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) PRC - C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen) PRC - C:\Documents and Settings\Administrator\Desktop\remover.exe (eSage Lab) PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) PRC - C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll (Lenovo Group Limited) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc) SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc) SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc) SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc) SRV - (rtpMIDIService) -- C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (msvsmon90) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (xpsec) -- File not found DRV - (xcpip) -- File not found DRV - (ALESIS_USB2) -- C:\WINDOWS\system32\drivers\alesis2u.sys (Ploytec GmbH) DRV - (ALESIS_USB2_A) -- C:\WINDOWS\system32\drivers\alesis2a.sys (Numark) DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc) DRV - (sdcfilter) -- C:\WINDOWS\system32\drivers\sdcfilter.sys (Sophos Plc) DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc) DRV - (teVirtualMIDI32) -- C:\WINDOWS\system32\drivers\teVirtualMIDI32.sys (Tobias Erichsen) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Znout (de)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.nzz.ch/" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 15:16:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.27 15:16:27 | 000,000,000 | ---D | M] [2009.10.19 20:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2011.05.27 11:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\extensions [2010.05.25 08:26:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.30 09:57:22 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2010.12.17 16:45:13 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.01.12 10:38:37 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.12.03 14:53:55 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\extensions\zotero@chnm.gmu.edu [2010.11.09 13:32:49 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\searchplugins\znout-ch.xml [2010.11.09 13:40:39 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fks3q7qr.default\searchplugins\znout-de.xml [2011.05.27 11:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.31 15:13:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.01 09:00:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.31 15:13:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255958618734 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.19 13:49:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.11.05 13:19:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{52146624-77bb-11df-8f4e-001641adbc59}\Shell\AutoRun\command - "" = E:\apollo/apollo32.exe O33 - MountPoints2\{52146624-77bb-11df-8f4e-001641adbc59}\Shell\explore\command - "" = E:\apollo/apollo32.exe O33 - MountPoints2\{52146624-77bb-11df-8f4e-001641adbc59}\Shell\open\command - "" = E:\.\apollo/apollo32.exe O33 - MountPoints2\{f6c13d59-cb0a-11df-8fb4-0013024c05be}\Shell - "" = AutoRun O33 - MountPoints2\{f6c13d59-cb0a-11df-8fb4-0013024c05be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f6c13d59-cb0a-11df-8fb4-0013024c05be}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.07.02 15:17:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011.07.02 12:14:53 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Administrator\Desktop\remover.exe [2011.06.23 19:18:53 | 000,196,160 | ---- | C] (Alesis) -- C:\WINDOWS\System32\CPLALESISUSB2.CPL [2011.06.23 19:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\usb-audio.deAlesis [2011.06.23 19:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ALESIS [2011.06.23 19:13:40 | 000,324,672 | ---- | C] (Ploytec GmbH) -- C:\WINDOWS\System32\drivers\alesis2u.sys [2011.06.23 19:13:40 | 000,040,000 | ---- | C] (Numark) -- C:\WINDOWS\System32\drivers\alesis2a.sys [2011.06.17 16:14:02 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2011.06.16 08:33:24 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2009.12.15 09:56:25 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeB.dll [2009.10.25 21:12:29 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeDD.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.07.02 15:20:52 | 000,002,543 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk [2011.07.02 15:17:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011.07.02 15:01:31 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\qchemsdl.exe [2011.07.02 14:40:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.07.02 14:40:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.07.02 14:24:21 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel [2011.07.02 11:44:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2011.07.01 15:15:29 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VPN Client.lnk [2011.07.01 13:05:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.07.01 13:02:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.07.01 13:02:34 | 1072,087,040 | -HS- | M] () -- C:\hiberfil.sys [2011.06.29 14:29:02 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2011.06.29 11:01:50 | 000,011,629 | ---- | M] () -- C:\Documents and Settings\Administrator\gsview32.ini [2011.06.24 11:49:14 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk [2011.06.23 19:15:26 | 000,324,672 | ---- | M] (Ploytec GmbH) -- C:\WINDOWS\System32\drivers\alesis2u.sys [2011.06.23 19:15:26 | 000,196,160 | ---- | M] (Alesis) -- C:\WINDOWS\System32\CPLALESISUSB2.CPL [2011.06.23 19:15:25 | 000,040,000 | ---- | M] (Numark) -- C:\WINDOWS\System32\drivers\alesis2a.sys [2011.06.20 08:34:11 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.06.20 08:34:11 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.06.17 10:09:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7FB1A106-F3DA-46E5-B11D-D241042FD6F7} [2011.06.16 23:54:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.06.16 20:26:01 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Live 7.0.3.lnk [2011.06.13 12:24:58 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011.06.09 10:21:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Application Data\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.07.02 15:01:31 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\qchemsdl.exe [2011.07.02 14:24:21 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel [2011.06.17 10:09:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7FB1A106-F3DA-46E5-B11D-D241042FD6F7} [2011.06.16 23:52:59 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.06.16 20:26:01 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Live 7.0.3.lnk [2011.03.14 19:39:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\HM413M.DLL [2011.03.14 19:39:13 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\HD413M.DLL [2011.02.18 15:12:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.02.18 15:10:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2010.11.19 10:51:13 | 000,000,252 | ---- | C] () -- C:\WINDOWS\OPHD.INI [2010.11.15 21:56:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.06.25 17:48:26 | 001,489,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010.04.06 17:00:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.11.14 12:35:45 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009.10.23 10:54:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.10.19 22:08:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2009.10.19 22:08:48 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.10.19 20:55:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.10.19 20:41:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.10.19 16:33:44 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.19 15:29:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.10.19 15:27:51 | 000,211,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.10.19 14:32:53 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2009.10.19 13:53:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.10.19 13:45:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008.08.29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.07.12 22:33:58 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007.04.05 15:03:34 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2006.08.18 18:24:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.08.16 12:52:54 | 000,143,676 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006.02.14 14:43:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2010.05.13 18:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.Kanton ZH [2011.05.04 19:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ableton [2010.04.27 16:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\anshelp [2010.03.23 15:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ansys [2011.01.19 10:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited [2011.06.16 11:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox [2010.10.26 10:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EDrawings [2011.07.02 14:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0 [2010.05.04 14:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Launcher [2010.04.29 17:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MuPAD [2011.01.31 15:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2011.05.03 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SumatraPDF [2010.12.14 14:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wuala [2010.11.30 15:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\xm1 [2010.03.23 15:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ANSYSInstall [2009.12.14 18:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2009.11.14 12:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010.12.10 16:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco [2011.01.27 09:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos [2011.01.27 09:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence [2009.10.19 13:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB [2009.11.21 19:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011.07.02 11:44:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [color=#E56717]========== Purity Check ==========[/color] < End of report > ------------------------------------------------------------------------------------------------------------------------------------------------ OTL Extras logfile created on: 02.07.2011 15:19:15 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy 1022.35 Mb Total Physical Memory | 533.57 Mb Available Physical Memory | 52.19% Memory free 2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.71% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 16.76 Gb Free Space | 17.99% Space Free | Partition Type: NTFS Drive F: | 931.28 Gb Total Space | 562.94 Gb Free Space | 60.45% Space Free | Partition Type: FAT32 Computer Name: ETH-JAKOB | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] "" = "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 7 for Students -- (Wolfram Research, Inc.) "C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 7 for Students Kernel -- (Wolfram Research, Inc.) "C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe" = C:\Program Files\Wolfram Research\Mathematica\7.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Documents and Settings\Administrator\Application Data\Wuala\Roaming\Wuala.exe" = C:\Documents and Settings\Administrator\Application Data\Wuala\Roaming\Wuala.exe:*:Enabled:Wuala -- () "C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PreGui_ogl.exe" = C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PreGui_ogl.exe:*:Enabled:PreGui_ogl -- () "C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PreEngine.exe" = C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PreEngine.exe:*:Enabled:PreEngine -- () "C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PostEngine.exe" = C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PostEngine.exe:*:Enabled:PostEngine -- () "C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PostGui_ogl.exe" = C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\PostGui_ogl.exe:*:Enabled:PostGui_ogl -- () "C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\solver-hpmpi.exe" = C:\Program Files\ANSYS Inc\v121\CFX\bin\winnt\solver-hpmpi.exe:*:Enabled:solver-hpmpi -- () "C:\Program Files\ANSYS Inc\v121\CFX\tools\hpmpi-win-1.1-1\bin\mpirun.exe" = C:\Program Files\ANSYS Inc\v121\CFX\tools\hpmpi-win-1.1-1\bin\mpirun.exe:*:Enabled:mpirun -- () "C:\Program Files\ANSYS Inc\v121\CFX\tools\hpmpi-win-1.1-1\bin\mpid.exe" = C:\Program Files\ANSYS Inc\v121\CFX\tools\hpmpi-win-1.1-1\bin\mpid.exe:*:Enabled:mpid -- () "C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\cortex\ntx86\cx1214.exe" = C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\cortex\ntx86\cx1214.exe:*:Enabled:cx1214 -- () "C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\ntx86\2ddp_host\fl1214.exe" = C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\ntx86\2ddp_host\fl1214.exe:*:Enabled:fl1214 -- () "C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\multiport\mpi\ntx86\hp\bin\mpid.exe" = C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\multiport\mpi\ntx86\hp\bin\mpid.exe:*:Enabled:mpid -- () "C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\multiport\mpi\ntx86\hp\bin\mpirun.exe" = C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\multiport\mpi\ntx86\hp\bin\mpirun.exe:*:Enabled:mpirun -- () "C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\ntx86\2ddp_node\fl_mpi1214.exe" = C:\Program Files\ANSYS Inc\v121\fluent\fluent12.1.4\ntx86\2ddp_node\fl_mpi1214.exe:*:Enabled:fl_mpi1214 -- () "C:\Program Files\ANSYS Inc\v121\commonfiles\jre\intel\bin\java.exe" = C:\Program Files\ANSYS Inc\v121\commonfiles\jre\intel\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\cablecom\installer\cablecom_installer.exe" = C:\Program Files\cablecom\installer\cablecom_installer.exe:*:Disabled:Cablecom Installer "C:\Program Files\Ableton\Live 7.0.3\Program\Live 7.0.3.exe" = C:\Program Files\Ableton\Live 7.0.3\Program\Live 7.0.3.exe:*:Enabled:Live 7.0.3 -- (Ableton) "C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDI.exe" = C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDI.exe:*:Enabled:rtpMIDI.exe -- (Tobias Erichsen) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{03DFE5C5-0119-4E14-A2A0-5CE818A4FF91}" = Visual Fortran OpenMP on Intel(R) 64 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{10AAEB2E-9093-4519-B850-F97F92E0E0E5}" = Source Checker on Intel(R) 64 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate "{1B23718D-1B5D-40B1-8DE3-761F52D5C186}" = Intel Parallel Debugger Extension "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23 "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20 "{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3914B732-A744-4077-8F6E-14C369150E78}" = Source Checker common files "{3B11379A-9196-4228-981A-BB255E13109E}" = Autostart-Manager 2006 "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 "{5E5AAB60-EDDF-44BF-B8BF-D5DA0FC0249E}" = Microsoft Tools and Libraries for Intel Visual Fortran "{666D3281-C6CC-4601-B8FF-02E524619F58}" = Source Checker on IA-32 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B4AF63C-D619-42EA-841D-443FB9FAF025}" = Visual Fortran OpenMP on IA-32 "{8D231727-CF3E-4D8B-B9F2-656ADC71A67D}" = CutePDF Writer 2.71 "{8F78D6DA-134D-49CC-A760-951C7B9AC12C}" = AFPL Ghostscript 8.54 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus "{9F14994F-2C47-41F1-AD88-BEAB2712B0BC}" = Intel MKL on IA-32 "{9FBB7EE0-C07E-4C74-94B2-861899C936BB}" = Visual Fortran Integration(s) in Microsoft Visual Studio* "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6ACF415-655B-4059-8154-FAD88CA5F35A}" = Intel Composer XE 2011 for Windows* "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{AE5D9811-C027-454A-9D90-13A93E90CAFF}" = Intel(R) Composer XE 2011 for Windows* "{B7CAED07-9B65-4A2B-8D9E-7581E5BA7C4D}" = Intel Visual Fortran Compiler XE on Intel(R) 64 "{B88092F1-008F-4AF6-9C08-8A62E5263D67}" = Visual Fortran Top Level Files "{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU "{C031CD16-1112-4133-B8C6-68F9582B3476}" = ATI Catalyst Control Center "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6B02DB1-F401-4462-88EB-7B5BEE89664C}" = Intel MKL on Intel(R) 64 "{C8092237-7F56-413D-A276-E7D2800C3673}" = Visual Fortran Indicator MSI "{C8E20BDB-C6C2-4C43-A087-2C88E301A43A}" = Intel MKL common files "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE611A77-3D75-48C3-B09E-4E6AEC8BE7AB}" = Intel Visual Fortran Compiler XE on IA-32 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{EA70B05A-3F09-43F4-A992-D67767172DFF}" = Integrated Documentation "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition) "{FA228676-49FA-4B01-99C4-3A8313C260EC}" = Intel Composer XE 2011 for Windows* "{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0 "{FD937297-84C3-41A5-B5DF-1FAEEE669D68}" = rtpMIDI "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.10 beta "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ArrayVisualizer16" = Compaq Array Visualizer 1.6.0 "ATI Display Driver" = ATI Display Driver "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem "GSview 4.9" = GSview 4.9 "HijackThis" = HijackThis 2.0.2 "HP Deskjet 5700 Series_Driver" = HP Deskjet 5700 Series "Iconoid_is1" = Iconoid Version 3.8.5 "ie8" = Windows Internet Explorer 8 "IrfanView" = IrfanView (remove only) "JabRef 2.6" = JabRef 2.6 "Live 7.0.3" = Live 7.0.3 "MatlabR2008b" = MATLAB R2008b "Mendeley Desktop" = Mendeley Desktop 0.9.9.2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18) "M-WIN-G 7.0.1 1213989_is1" = Wolfram Mathematica 7 for Students (M-WIN-G 7.0.1 1213989) "OnScreenDisplay" = On Screen Display "pdfsam" = pdfsam "Picasa 3" = Picasa 3 "PIXresizer_is1" = PIXresizer 2.0.4 "Power Management Driver" = ThinkPad Power Management Driver "Private Tax 2009" = Private Tax 2009 "PROSet" = Intel(R) PRO Network Connections Drivers "RealPlayer 12.0" = RealPlayer "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows "SynTPDeinstKey" = ThinkPad UltraNav Driver "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "TRNSYS 17 Demo" = TRNSYS 17 Demo "USB_AUDIO_DEusb-audio.deAlesis" = Alesis USB Audio driver "VisualFortran60" = Visual Fortran 6.6.0 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 1.0.3 "WinDjView" = WinDjView 1.0.3 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 25.06.2011 10:03:08 | Computer Name = ETH-JAKOB | Source = Application Hang | ID = 1002 Description = Hanging application Live 7.0.3.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 29.06.2011 04:04:35 | Computer Name = ETH-JAKOB | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.2.4182, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 29.06.2011 04:04:35 | Computer Name = ETH-JAKOB | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 1.9.2.4182, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 30.06.2011 12:22:41 | Computer Name = ETH-JAKOB | Source = Application Error | ID = 1000 Description = Faulting application main.exe, version 0.0.0.0, faulting module main.exe, version 0.0.0.0, fault address 0x00004e5c. Error - 30.06.2011 12:22:52 | Computer Name = ETH-JAKOB | Source = Application Error | ID = 1000 Description = Faulting application main.exe, version 0.0.0.0, faulting module main.exe, version 0.0.0.0, fault address 0x00004e5c. Error - 30.06.2011 12:23:06 | Computer Name = ETH-JAKOB | Source = Application Error | ID = 1000 Description = Faulting application main.exe, version 0.0.0.0, faulting module main.exe, version 0.0.0.0, fault address 0x00004e5c. Error - 30.06.2011 12:25:24 | Computer Name = ETH-JAKOB | Source = Application Error | ID = 1000 Description = Faulting application main.exe, version 0.0.0.0, faulting module main.exe, version 0.0.0.0, fault address 0x00004e50. Error - 01.07.2011 04:05:49 | Computer Name = ETH-JAKOB | Source = Application Error | ID = 1000 Description = Faulting application main.exe, version 0.0.0.0, faulting module main.exe, version 0.0.0.0, fault address 0x00004e50. Error - 01.07.2011 04:08:18 | Computer Name = ETH-JAKOB | Source = Application Error | ID = 1000 Description = Faulting application main.exe, version 0.0.0.0, faulting module main.exe, version 0.0.0.0, fault address 0x00004e50. Error - 01.07.2011 04:43:29 | Computer Name = ETH-JAKOB | Source = Application Error | ID = 1000 Description = Faulting application main.exe, version 0.0.0.0, faulting module main.exe, version 0.0.0.0, fault address 0x00005200. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 10.12.2010 10:34:32 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 191 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 10.12.2010 10:34:34 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2592 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 10.12.2010 10:34:34 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2218 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 10.12.2010 10:34:34 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 8253 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 10.12.2010 10:34:34 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4612 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 10.12.2010 10:34:34 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2592 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 10.12.2010 10:34:34 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2218 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 10.12.2010 10:37:11 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67110873 Description = Termination reason code 7: The agent has been stopped. Error - 10.12.2010 10:37:15 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp Line: 465 Invoked Function: CInstanceSmartPtr Return Code: -28770294 (0xFE49000A) Description: HOSTCONFIGMGR_ERROR_NO_INSTANCE Error - 10.12.2010 10:37:15 | Computer Name = ETH-JAKOB | Source = vpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp Line: 465 Invoked Function: CInstanceSmartPtr Return Code: -28770294 (0xFE49000A) Description: HOSTCONFIGMGR_ERROR_NO_INSTANCE [ System Events ] Error - 28.06.2011 08:41:11 | Computer Name = ETH-JAKOB | Source = PlugPlayManager | ID = 12 Description = The device 'Intel(R) PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal. Error - 28.06.2011 11:47:04 | Computer Name = ETH-JAKOB | Source = NetBT | ID = 4307 Description = Initialization failed because the transport refused to open initial Addresses. Error - 29.06.2011 02:23:15 | Computer Name = ETH-JAKOB | Source = PlugPlayManager | ID = 12 Description = The device 'Intel(R) PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal. Error - 29.06.2011 03:26:00 | Computer Name = ETH-JAKOB | Source = NetBT | ID = 4307 Description = Initialization failed because the transport refused to open initial Addresses. Error - 29.06.2011 06:25:12 | Computer Name = ETH-JAKOB | Source = PSched | ID = 14103 Description = QoS [Adapter {657B8080-76B5-4EE2-BF13-BD70C4F1DE67}]: The netcard driver failed the query for OID_GEN_LINK_SPEED. Error - 29.06.2011 10:35:08 | Computer Name = ETH-JAKOB | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{B509FB7B-54E4-4D7F-BB20-D5F3D84B4B36} because another computer on the network has the same name. The server could not start. Error - 29.06.2011 10:35:20 | Computer Name = ETH-JAKOB | Source = PlugPlayManager | ID = 12 Description = The device 'Intel(R) PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal. Error - 01.07.2011 03:57:36 | Computer Name = ETH-JAKOB | Source = PlugPlayManager | ID = 12 Description = The device 'Intel(R) PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal. Error - 01.07.2011 12:57:45 | Computer Name = ETH-JAKOB | Source = PlugPlayManager | ID = 12 Description = The device 'Intel(R) PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal. Error - 02.07.2011 05:44:45 | Computer Name = ETH-JAKOB | Source = NetBT | ID = 4307 Description = Initialization failed because the transport refused to open initial Addresses. < End of report > -------------------------------------------------------------------------------------------------------------------------------------------- GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-02 20:19:34 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54101 rev.MBZI Running: qchemsdl.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyrpow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xAD2D3930] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xAD2DEA80] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xAD2D3F20] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xAD2DF6E0] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xAD2DF440] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xAD2DF8B0] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xAD2D3D70] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xAD2E0250] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xAD2DFCB0] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xAD2E0080] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xAD2D4120] SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xAD2DF140] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes JMP 91B6AD2D ? system32\drivers\xpsec.sys The system cannot find the path specified. ! ? system32\drivers\xcpip.sys The system cannot find the path specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[308] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013E9E0A .text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013E99A7 .text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[308] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 013E9CBC .text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[308] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013E9A88 .text C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[308] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013E9B5B .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[388] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C09E0A .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[388] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C099A7 .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[388] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C09CBC .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[388] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C09A88 .text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[388] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C09B5B .text C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[440] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01199E0A .text C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[440] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011999A7 .text C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[440] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01199CBC .text C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[440] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01199A88 .text C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[440] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01199B5B .text C:\WINDOWS\Explorer.EXE[508] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00377460 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\WINDOWS\Explorer.EXE[508] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003775A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\WINDOWS\Explorer.EXE[508] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 01A32758 .text C:\WINDOWS\Explorer.EXE[508] ole32.dll!CoCreateInstance 774FF1AC 8 Bytes JMP 00377860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\WINDOWS\Explorer.EXE[508] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01AD9E0A .text C:\WINDOWS\Explorer.EXE[508] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01AD99A7 .text C:\WINDOWS\Explorer.EXE[508] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01AD9CBC .text C:\WINDOWS\Explorer.EXE[508] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01AD9A88 .text C:\WINDOWS\Explorer.EXE[508] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01AD9B5B .text C:\WINDOWS\system32\winlogon.exe[1364] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 02372946 .text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1504] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 04289E0A .text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1504] ws2_32.dll!send 71AB4C27 5 Bytes JMP 042899A7 .text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1504] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04289CBC .text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1504] ws2_32.dll!recv 71AB676F 5 Bytes JMP 04289A88 .text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[1504] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 04289B5B .text C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe[1844] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0A7E9E0A .text C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe[1844] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0A7E99A7 .text C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe[1844] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0A7E9CBC .text C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe[1844] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0A7E9A88 .text C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe[1844] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0A7E9B5B .text C:\WINDOWS\system32\Ati2evxx.exe[1920] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D49E0A .text C:\WINDOWS\system32\Ati2evxx.exe[1920] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D499A7 .text C:\WINDOWS\system32\Ati2evxx.exe[1920] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D49CBC .text C:\WINDOWS\system32\Ati2evxx.exe[1920] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D49A88 .text C:\WINDOWS\system32\Ati2evxx.exe[1920] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D49B5B .text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BF9E0A .text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF99A7 .text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BF9CBC .text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BF9A88 .text C:\WINDOWS\System32\alg.exe[2316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BF9B5B .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2684] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F19E0A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2684] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F199A7 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2684] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F19CBC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2684] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F19A88 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2684] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F19B5B .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2744] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 038F9E0A .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 038F99A7 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2744] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 038F9CBC .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 038F9A88 .text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2744] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 038F9B5B .text C:\WINDOWS\system32\rundll32.exe[2960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 04429E0A .text C:\WINDOWS\system32\rundll32.exe[2960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 044299A7 .text C:\WINDOWS\system32\rundll32.exe[2960] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04429CBC .text C:\WINDOWS\system32\rundll32.exe[2960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 04429A88 .text C:\WINDOWS\system32\rundll32.exe[2960] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 04429B5B .text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[3076] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B89E0A .text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[3076] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B899A7 .text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[3076] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B89CBC .text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[3076] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B89A88 .text C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe[3076] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B89B5B .text C:\Program Files\Sophos\AutoUpdate\almon.exe[3212] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01059E0A .text C:\Program Files\Sophos\AutoUpdate\almon.exe[3212] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010599A7 .text C:\Program Files\Sophos\AutoUpdate\almon.exe[3212] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01059CBC .text C:\Program Files\Sophos\AutoUpdate\almon.exe[3212] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01059A88 .text C:\Program Files\Sophos\AutoUpdate\almon.exe[3212] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01059B5B .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA079A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA07A90 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 6FA07B70 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!CreateActCtxW 7C8154FC 5 Bytes JMP 6FA07C60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] kernel32.dll!ReplaceFile 7C836C6C 5 Bytes JMP 6FA076F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 6FA07D10 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] SHELL32.dll!SHExtractIconsW 7CA05712 5 Bytes JMP 6FA15550 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\firefox.exe[3336] ole32.dll!StgOpenStorageEx 7754EDA8 5 Bytes JMP 6FA0EE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3360] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01D59E0A .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3360] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01D599A7 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3360] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01D59CBC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3360] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01D59A88 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3360] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01D59B5B .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3360] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[3596] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01719E0A .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[3596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017199A7 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[3596] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01719CBC .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[3596] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01719A88 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[3596] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01719B5B .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3628] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CC9E0A .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3628] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CC99A7 .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3628] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CC9CBC .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3628] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CC9A88 .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3628] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CC9B5B .text C:\Program Files\Java\jre6\bin\jqs.exe[3812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02039E0A .text C:\Program Files\Java\jre6\bin\jqs.exe[3812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 020399A7 .text C:\Program Files\Java\jre6\bin\jqs.exe[3812] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02039CBC .text C:\Program Files\Java\jre6\bin\jqs.exe[3812] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02039A88 .text C:\Program Files\Java\jre6\bin\jqs.exe[3812] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02039B5B .text C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDISvc.exe[4016] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01379E0A .text C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDISvc.exe[4016] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013799A7 .text C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDISvc.exe[4016] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01379CBC .text C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDISvc.exe[4016] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01379A88 .text C:\Program Files\Tobias Erichsen RTP Midi\rtpMIDI\rtpMIDISvc.exe[4016] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01379B5B ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4db0357 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4db0357 (not active ControlSet) ---- Files - GMER 1.0.15 ---- File C:\Program Files\JabRef\gpl.txt 18009 bytes File C:\Program Files\JabRef\JabRef-2.6.jar 7192037 bytes File C:\Program Files\JabRef\JabRef.exe 48963 bytes executable File C:\Program Files\JabRef\lesser.txt 26430 bytes File C:\Program Files\JabRef\README 0 bytes File C:\Program Files\JabRef\uninstall.exe 0 bytes ---- EOF - GMER 1.0.15 ----