Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Hidden Malware


  • This topic is locked This topic is locked
19 replies to this topic

#1 Katrex

Katrex

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 03 August 2009 - 10:22 PM

The original topic in the "Am I Infected?" forum can be located here: http://www.bleepingcomputer.com/forums/t/246522/nothing-found-but-browser-redirects/ (I have copied over most of the information here, and am just posting it for reference's sake.)

I was unable to use DDS ("This tool does not support your operating system.").

I am using Windows Vista Home Premium 64-bit edition, with Service Pack 2 installed as well as all other available security updates (as far as I'm aware.) My browser is Mozilla Firefox 3.5.

From the other topic:

- I was looking through google for some resources for a tabletop game of mine, and came across a site (whose name I can't recall) - I clicked the link, and was redirected to another site for a Rogue program.
- I thought I may be infected (very paranoid person >.<), so I updated all my malware removal programs and disconnected the internet.
- I scanned in safe mode with the following: Ad-Aware Anniversary Edition, Malwarebytes Anti-Malware, Spybot S&D, Windows Defender, and SUPERAntiSpyware Free.
- I switched to normal mode, scanned with the above PLUS AVG8.5 Free.
- All of them came up clean.
- I plugged the internet back in, and scanned with Kaspersky's Online Scanner. It came up clean. I assumed it was a bad website.
- I loaded up a website I've been using for years (gaiaonline.com) so I'm positive its' fine. As well, I began loading some of my RSS feeds for Kotaku. As I was browsing Gaia, I received another one of those "Your computer is infected!" popups and one of my tabs (I think one of my loading Kotaku feeds) redirected first to:

"online-pro-antivirus-scanner dot com/1/?sess=" followed by a ton of random numbers/letters.
Then it went to:
"your-bride-pride dot com/go.php?id=" followed by more random characters.

- I immedately closed Firefox, and got the URLs from my History. (The former is something I read you should do whenever something like this happens for whatever reason.)
- I checked my hosts file, and it appears fine. I have no problem going to any websites, this has happened seemingly at random and twice so far (as of this post, so between my original post and this one I have not had it happen again), and aside from this, I seem to have no other problems with my computer.
- I was told to download Sophos Anti-Rootkit and run it, I did so following the instructions. I was unable to select "running processes" to scan, but was advised to try scanning without it. It detected 2 things (one registry key, one file - you can see the log here: Post #5 in the above topic.
- The helper thought there may be hidden infections, and told me to run DDS and post here. DDS did not work, I was told to instead run RSIT.

I hope this is enough detail, and if I missed anything or any additional information needs to be provided I have no problem doing so! I'd just really like to make sure my computer is clean and there isn't no hidden infection. Thanks for your time! ;]

Here is the RSIT log:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Reeve at 2009-08-03 22:29:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 84 GB (57%) free of 147 GB
Total RAM: 3000 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:30 PM, on 03/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Reeve\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Reeve.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86

\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~2\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5

\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file

missing)

--
End of file - 9527 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll [2009-07-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14

142896]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"=C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-04-10 147456]
"LManager"=C:\PROGRA~2\LAUNCH~1\LManager.exe [2008-09-10 809480]
"eRecoveryService"= []
"Acer Product Registration"=C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe [2007-11-26 3387392]
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2009-06-12 1948440]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"=C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe [2007-12-18 401408]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-08-03 22:29:23 ----D---- C:\Program Files (x86)\trend micro
2009-08-03 16:19:32 ----D---- C:\Program Files (x86)\Sophos
2009-07-29 11:18:07 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 11:18:03 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 11:18:01 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 11:18:00 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 11:18:00 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 11:17:59 ----A---- C:\Windows\system32\occache.dll
2009-07-29 11:17:59 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 11:17:58 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 11:17:58 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 11:17:58 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 11:17:57 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 11:17:57 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 11:17:57 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 11:17:57 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 11:17:57 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 11:17:57 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 11:17:57 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 11:17:57 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-19 17:57:46 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 15:41:42 ----D---- C:\Users\Reeve\AppData\Roaming\Template
2009-07-14 20:15:41 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 20:15:40 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 20:15:40 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 20:15:40 ----A---- C:\Windows\system32\atmfd.dll

======List of files/folders modified in the last 1 months======

2009-08-03 22:29:28 ----D---- C:\Windows\Temp
2009-08-03 22:29:23 ----RD---- C:\Program Files (x86)
2009-08-03 19:35:08 ----SHD---- C:\System Volume Information
2009-08-03 18:30:33 ----D---- C:\Windows\System32
2009-08-03 18:30:33 ----D---- C:\Windows\inf
2009-08-03 18:07:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-08-03 18:07:55 ----D---- C:\Windows\system32\drivers
2009-08-03 16:40:38 ----D---- C:\Windows\Prefetch
2009-08-03 13:21:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-07-31 21:51:03 ----A---- C:\Windows\ntbtlog.txt
2009-07-31 12:55:43 ----SD---- C:\ProgramData\Microsoft
2009-07-30 20:15:44 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-07-30 20:10:43 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2009-07-30 09:17:53 ----D---- C:\Windows\SysWOW64
2009-07-30 09:17:53 ----D---- C:\Windows\system32\migration
2009-07-30 09:17:53 ----D---- C:\Program Files (x86)\Internet Explorer
2009-07-30 00:24:28 ----D---- C:\Windows\winsxs
2009-07-19 18:01:15 ----D---- C:\Windows\Tasks
2009-07-19 17:57:46 ----SHD---- C:\Windows\Installer
2009-07-19 17:57:46 ----HD---- C:\ProgramData
2009-07-19 17:57:45 ----SHD---- C:\Config.Msi
2009-07-19 17:57:33 ----D---- C:\ProgramData\Lavasoft
2009-07-19 17:57:33 ----D---- C:\Program Files (x86)\Lavasoft
2009-07-16 11:22:16 ----D---- C:\Users\Reeve\AppData\Roaming\vlc
2009-07-15 02:25:09 ----D---- C:\Program Files (x86)\Windows Mail
2009-07-12 22:00:47 ----D---- C:\ProgramData\AVG Security Toolbar
2009-07-07 07:45:12 ----D---- C:\Windows\Microsoft.NET
2009-07-07 07:44:56 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
R1 AvgTdiA;AVG Free8 Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys []
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 32240]
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-03-21 17952]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys []
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2006-11-03 25872]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-29 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\63C.tmp []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-07-17 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-05-08 298776]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 132096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:51 AM

Posted 13 August 2009 - 07:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Katrex

Katrex
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 14 August 2009 - 06:13 AM

I believe the original problem still persists; Although I haven't been redirected since, I have used the computer -very- little and when I have used it, it is often offline. Those are all the details that I am able to provide, and hopefully it'll be possible to check and see if there is any hidden malware on my machine or if it really is clean and it must have been nothing.

The scans still come up clean, as of two days ago.

Unfortunately, DDS does not run on my machine. When I download it to my desktop and run it, giving it permission, it says: "This tool does not support your operating system, press any key to continue... "

RSIT does work but I can't seem to find it on my desktop so it may have been accidentally deleted. >.<

Do you have a link to the RSIT program (assuming you want me to use this again), or a link to another program you'd like me to run in place of DDS?

Thank you for you reply, and your time.

Edited by Katrex, 14 August 2009 - 06:13 AM.


#4 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:51 AM

Posted 14 August 2009 - 06:31 AM

Hello Katrex,

Sorry about the DDS Scanner. Let's try this one:

1. We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#5 Katrex

Katrex
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 14 August 2009 - 08:01 PM

No problem. Here are the requested logs - first OTL, then Extras.

If it matters, one of the few things I've been doing on the computer is making sure Windows and my Anti-Malware programs are up to date.

----------------------------------> OTL.txt

OTL logfile created on: 14/08/2009 8:26:48 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Reeve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 39.99% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143.19 Gb Total Space | 81.41 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive D: | 143.18 Gb Total Space | 68.07 Gb Free Space | 47.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGELA-PC
Current User Name: Reeve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/08 09:26:08 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2008/03/03 16:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/16 21:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
PRC - [2008/05/14 18:05:30 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/04/07 01:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 06:03:14 | 00,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/01/09 14:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
PRC - [2009/07/17 14:27:54 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/05/08 09:26:13 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/10/23 11:56:18 | 00,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/05/14 18:05:28 | 00,454,704 | ---- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
PRC - [2007/12/18 15:20:00 | 00,401,408 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/10 19:30:14 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/09/10 18:02:24 | 00,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/06/12 09:30:33 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/07/03 10:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/09/26 12:02:04 | 02,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2009/08/03 22:30:11 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/14 18:24:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Reeve\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/03/18 15:26:56 | 00,015,872 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio [Auto | Running])
SRV:64bit: - [2008/03/21 16:22:52 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])
SRV:64bit: - [2008/01/20 22:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2009/07/17 14:27:54 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/05/08 09:26:08 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/03/03 16:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/01/16 21:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running])
SRV - [2009/03/30 00:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/30 00:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv [Auto | Running])
SRV - [2008/05/14 18:05:30 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/18 14:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 14:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/02 05:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/12/06 17:16:16 | 00,132,096 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
SRV - [2006/11/02 09:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/04/11 02:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/04/07 01:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008/04/04 06:03:14 | 00,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2007/08/24 06:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/01/09 14:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2006/11/02 02:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 02:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2008/02/29 18:59:32 | 01,252,352 | ---- | M] (Agere Systems) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand | Running])
DRV:64bit: - [2008/04/27 15:09:18 | 01,133,568 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr [On_Demand | Running])
DRV:64bit: - [2009/07/17 14:28:00 | 00,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64 [System | Running])
DRV:64bit: - [2009/06/16 09:07:09 | 00,033,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64 [System | Running])
DRV:64bit: - [2009/05/08 09:26:11 | 00,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA [System | Running])
DRV:64bit: - [2008/01/20 22:47:27 | 00,214,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 22:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Running])
DRV:64bit: - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 22:46:57 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV:64bit: - [2008/01/20 22:46:57 | 01,523,712 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV [On_Demand | Stopped])
DRV:64bit: - [2008/07/11 14:29:08 | 07,912,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx [On_Demand | Running])
DRV:64bit: - [2009/07/03 10:49:17 | 00,068,640 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV:64bit: - [2009/06/18 12:54:10 | 00,006,144 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\63C.tmp -- (MEMSWEEP2 [On_Demand | Stopped])
DRV:64bit: - [2008/01/30 21:48:32 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV:64bit: - [2008/05/14 18:06:36 | 00,022,064 | ---- | M] (Egis Incorporated) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV:64bit: - [2008/05/14 18:06:36 | 00,021,040 | ---- | M] (Egis Incorporated) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running])
DRV:64bit: - [2008/05/14 18:06:38 | 00,060,976 | ---- | M] (Egis Incorporated) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running])
DRV:64bit: - [2008/08/12 17:23:40 | 00,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR [On_Demand | Running])
DRV:64bit: - [2008/01/20 22:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV:64bit: - [2008/04/25 14:08:46 | 00,325,168 | ---- | M] (Synaptics, Inc.) -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV:64bit: - [2008/01/30 21:48:16 | 00,016,384 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV:64bit: - [2008/01/20 22:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
DRV:64bit: - [2008/01/20 22:46:57 | 00,724,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf [On_Demand | Stopped])
DRV:64bit: - [2008/02/21 05:55:00 | 00,393,728 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Running])
DRV - [2006/11/03 01:01:26 | 00,025,872 | ---- | M] (Dritek System Inc.) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2008/03/21 13:48:24 | 00,017,952 | ---- | M] (Acer, Inc.) -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15 [Auto | Running])
DRV - [2006/09/18 17:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2007/12/13 04:07:34 | 00,003,481 | ---- | M] () -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDFilter.inf -- (PSDFilter [Boot | Running])
DRV - [2007/12/13 04:07:34 | 00,003,460 | ---- | M] () -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDNserv.inf -- (PSDNServ [Auto | Running])
DRV - [2007/12/13 04:07:34 | 00,003,459 | ---- | M] () -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDVDisk.inf -- (psdvdisk [Auto | Running])
DRV - [2009/03/29 16:36:59 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2009/01/15 17:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/08/11 23:50:45 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2006/09/18 17:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])
DRV - [2008/04/18 18:01:24 | 00,032,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735


IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\S-1-5-21-269688151-4226425587-1278685073-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gaiaonline.com"
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.026.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:2.0.3
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20090625
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/07 01:38:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/23 21:36:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/08/03 22:30:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/08/03 22:30:14 | 00,000,000 | ---D | M]

[2009/01/31 19:46:37 | 00,000,000 | ---D | M] -- C:\Users\Reeve\AppData\Roaming\mozilla\Extensions
[2009/01/31 19:46:37 | 00,000,000 | ---D | M] -- C:\Users\Reeve\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/13 21:48:48 | 00,000,000 | ---D | M] -- C:\Users\Reeve\AppData\Roaming\mozilla\Firefox\Profiles\7rqeaw05.default\extensions
[2009/07/02 17:17:10 | 00,000,000 | ---D | M] -- C:\Users\Reeve\AppData\Roaming\mozilla\Firefox\Profiles\7rqeaw05.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2009/03/02 17:25:46 | 00,000,000 | ---D | M] -- C:\Users\Reeve\AppData\Roaming\mozilla\Firefox\Profiles\7rqeaw05.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2009/07/07 02:09:53 | 00,000,000 | ---D | M] -- C:\Users\Reeve\AppData\Roaming\mozilla\Firefox\Profiles\7rqeaw05.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/02 18:28:03 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/08/03 22:30:14 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/06 06:10:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/25 00:33:50 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/03 22:30:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 22:30:10 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/08/03 22:30:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/07/07 02:09:17 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/07 02:09:17 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/06/13 18:33:08 | 00,001,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/07 02:09:17 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/07 02:09:17 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/07/07 02:09:17 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/07/07 02:09:17 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/07 02:09:17 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (875 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-269688151-4226425587-1278685073-1001..\Run: [CTZDetec.exe] C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-269688151-4226425587-1278685073-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-269688151-4226425587-1278685073-1001\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/14 18:24:04 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Reeve\Desktop\OTL.exe
[2009/08/12 05:01:05 | 01,640,630 | -H-- | C] () -- C:\Users\Reeve\AppData\Local\IconCache.db
[2009/08/12 04:57:01 | 31,466,33216 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/11 23:11:13 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avicap32.dll
[2009/08/11 23:11:12 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avifil32.dll
[2009/08/11 23:11:12 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciavi32.dll
[2009/08/11 23:11:12 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/08/11 23:03:29 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2009/08/11 23:03:28 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/08/11 23:03:27 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2009/08/11 23:03:27 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/08/11 23:03:27 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/08/11 23:03:26 | 00,515,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/08/11 23:03:26 | 00,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2009/08/11 23:03:26 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdigest.dll
[2009/08/11 23:03:26 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/08/11 23:03:25 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/08/11 23:03:25 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2009/08/11 23:03:25 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/08/11 23:03:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsass.exe
[2009/08/11 18:26:04 | 02,424,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2009/08/11 18:26:04 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/08/11 18:25:57 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl.dll
[2009/08/11 18:25:57 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/08/11 18:25:56 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wkssvc.dll
[2009/08/11 18:25:07 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/08/11 18:25:00 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/08/11 18:25:00 | 00,368,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
[2009/08/11 18:25:00 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/08/11 18:24:58 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2009/08/11 18:24:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/08/11 18:24:58 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2009/08/11 18:24:58 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2009/08/11 18:24:57 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/08/11 18:24:57 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/08/11 18:24:57 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/08/11 18:24:57 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/08/11 18:24:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/08/11 18:24:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.tlb
[2009/08/11 18:24:55 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/08/11 18:24:55 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amcompat.tlb
[2009/08/03 22:29:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2009/08/03 16:19:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2009/08/03 15:58:17 | 01,339,288 | ---- | C] () -- C:\Users\Reeve\Desktop\sar_15_sfx.exe
[2009/07/29 11:18:07 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/07/29 11:18:06 | 09,233,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/07/29 11:18:03 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/07/29 11:18:02 | 12,458,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/07/29 11:18:01 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/07/29 11:18:00 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/07/29 11:18:00 | 01,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/07/29 11:18:00 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/07/29 11:18:00 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/07/29 11:17:59 | 01,146,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/07/29 11:17:59 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/07/29 11:17:59 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/07/29 11:17:59 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/07/29 11:17:59 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/07/29 11:17:58 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/07/29 11:17:58 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/07/29 11:17:58 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/07/29 11:17:58 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/07/29 11:17:58 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/07/29 11:17:58 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/07/29 11:17:58 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/07/29 11:17:57 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/07/29 11:17:57 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/07/29 11:17:57 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/07/29 11:17:57 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/07/29 11:17:57 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/07/29 11:17:57 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/07/29 11:17:57 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/07/29 11:17:57 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/07/29 11:17:57 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/07/29 11:17:57 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/07/29 11:17:57 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/07/29 11:17:57 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/07/29 11:17:57 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/07/29 11:17:57 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/07/29 11:17:57 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/07/29 11:17:57 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/07/29 11:17:57 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/07/29 11:17:57 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/07/29 11:17:57 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/07/29 11:17:56 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/07/29 11:17:56 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2009/07/19 21:18:20 | 00,000,000 | ---D | C] -- C:\Users\Reeve\Documents\Lego Star Wars - Red Brick Locations_files
[2009/07/19 21:18:19 | 00,432,444 | ---- | C] () -- C:\Users\Reeve\Documents\Lego Star Wars - Red Brick Locations.htm
[2009/07/19 20:49:35 | 00,000,000 | ---D | C] -- C:\Users\Reeve\Documents\Lego Star Wars The Complete Saga_files
[2009/07/19 20:49:33 | 00,028,258 | ---- | C] () -- C:\Users\Reeve\Documents\Lego Star Wars The Complete Saga.html
[2009/07/19 18:21:30 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009/07/19 18:00:58 | 00,068,640 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2009/07/19 17:57:46 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/19 17:57:43 | 00,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/06/17 01:33:31 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/17 01:32:03 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/30 23:23:50 | 00,258,560 | ---- | C] () -- C:\Windows\SysWow64\SysHook.dll
[2009/01/30 23:20:29 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/01/30 23:20:29 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/01/30 23:18:18 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/30 14:54:07 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2008/05/05 06:00:38 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/05/05 06:00:38 | 00,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/05/05 02:55:18 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/05/05 02:55:18 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/05/05 02:55:17 | 00,000,049 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2001/12/26 19:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/04 02:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 19:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\SysNative\*.tmp files]
[2009/08/14 19:07:12 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/14 19:07:12 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/14 18:24:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Reeve\Desktop\OTL.exe
[2009/08/14 17:56:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/12 20:00:11 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/12 20:00:11 | 00,600,378 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/12 20:00:11 | 00,105,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/12 19:54:13 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2009/08/12 19:53:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/12 19:53:44 | 31,466,33216 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/12 19:45:39 | 01,640,630 | -H-- | M] () -- C:\Users\Reeve\AppData\Local\IconCache.db
[2009/08/11 22:56:04 | 39,754,098 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2009/08/11 22:56:04 | 00,064,206 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2009/08/03 22:27:58 | 00,781,909 | ---- | M] () -- C:\Users\Reeve\Desktop\RSIT.exe
[2009/08/03 15:58:46 | 01,339,288 | ---- | M] () -- C:\Users\Reeve\Desktop\sar_15_sfx.exe
[2009/08/03 15:29:22 | 00,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/03 13:36:08 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/29 21:20:46 | 26,162,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mrt.exe
[2009/07/21 18:11:15 | 01,146,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/07/21 18:11:04 | 01,484,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/07/21 18:09:54 | 00,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/07/21 18:07:37 | 09,233,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/07/21 18:07:34 | 00,700,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/07/21 18:07:34 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/07/21 18:06:56 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/07/21 18:06:48 | 01,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/07/21 18:06:31 | 02,334,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/07/21 18:06:31 | 00,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/07/21 18:06:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/07/21 18:06:31 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/07/21 18:06:30 | 12,458,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/07/21 18:06:30 | 00,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/07/21 18:06:30 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/07/21 18:06:27 | 00,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/07/21 17:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/07/21 17:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/07/21 17:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/07/21 17:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/07/21 17:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/07/21 17:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/07/21 17:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/07/21 17:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/07/21 17:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/07/21 17:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/07/21 17:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/07/21 17:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/07/21 17:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/07/21 17:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/07/21 17:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/07/21 17:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/07/21 16:34:53 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/07/21 16:34:41 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/07/21 16:34:12 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/07/21 16:34:00 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/07/21 16:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/07/21 16:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/07/21 16:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/07/21 16:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/07/21 15:09:32 | 00,057,667 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2009/07/21 14:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/07/19 21:19:01 | 00,432,444 | ---- | M] () -- C:\Users\Reeve\Documents\Lego Star Wars - Red Brick Locations.htm
[2009/07/19 20:49:50 | 00,028,258 | ---- | M] () -- C:\Users\Reeve\Documents\Lego Star Wars The Complete Saga.html
[2009/07/19 17:57:43 | 00,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/07/17 14:28:00 | 00,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2009/07/17 10:14:10 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\atl.dll
[2009/07/17 09:54:43 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
< End of report >

----------------------------------> Extras.txt

OTL Extras logfile created on: 14/08/2009 8:26:48 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Reeve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 39.99% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143.19 Gb Total Space | 81.41 Gb Free Space | 56.85% Space Free | Partition Type: NTFS
Drive D: | 143.18 Gb Total Space | 68.07 Gb Free Space | 47.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGELA-PC
Current User Name: Reeve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-269688151-4226425587-1278685073-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 98 87 D2 3E 11 EF C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074CE19A-D03B-4B18-977E-981C46342656}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{14A1B575-936D-4AB8-A69B-E65DFB3FE8EE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2F545960-DED4-4EA9-8907-F9FB404CFAC8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{392ED41A-FE2B-4648-A2BA-D762138BCCE0}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{40BEB09A-98E1-4D68-9AA1-9561FEC6D220}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{64FA537B-AD24-4971-8CB3-F915F561FFA5}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{7C1D4964-5C0E-4079-8862-5B357FC382B3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{874E1BB5-6A0A-4F74-9F7C-5FA638773055}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{892F5551-8F9B-44DE-A88D-B2BFD6B4DE6F}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{C8A60E44-4F0B-40FD-B327-B920ACC76655}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{DBE74675-B862-4C8F-A9E1-AB9500510328}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{DEB2BD67-E6AF-49C7-9FF7-30281AB55623}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DEE1D2F2-AD82-4432-9103-7738279FAF5E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E835A4BA-D7B1-4BA3-8971-B21C998EB9AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{F77C6A9A-0F06-4BB5-8DDA-7B8CEFCF0F00}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{F859D22D-16FD-4664-829D-1FEB9A96CEAE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{01433C54-29DE-4E19-A7C8-2D8F5F20BBA7}C:\users\public\700_ddi_cb.exe" = protocol=6 | dir=in | app=c:\users\public\700_ddi_cb.exe |
"TCP Query User{022B19B7-A2A9-43C3-A238-9200B53FF7F3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{0A474739-F6F0-4D21-996C-54EB56DB6DAD}D:\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\mirc\mirc.exe |
"TCP Query User{2F7E4E8E-53D4-4525-A19E-1D97C78D68F5}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{3A15E49E-CDD0-4D51-A301-0E33DDA5A812}D:\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\mirc\mirc.exe |
"TCP Query User{A97F8F2D-7ECB-4977-98A2-ADDD7B124B92}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{D519E80A-30D7-4439-9989-251BCA008062}D:\mirc\mirc dicebot\mirc.exe" = protocol=6 | dir=in | app=d:\mirc\mirc dicebot\mirc.exe |
"TCP Query User{E4CE9F1A-88D5-4951-B6A3-78575E9812BD}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{12CF3426-5640-4DEA-A72B-5C5C4F931F2F}C:\users\public\700_ddi_cb.exe" = protocol=17 | dir=in | app=c:\users\public\700_ddi_cb.exe |
"UDP Query User{2F03CD8C-695A-454D-8386-1CD991E54BED}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{402B0280-534D-4410-97C2-4BE84798CF08}D:\mirc\mirc dicebot\mirc.exe" = protocol=17 | dir=in | app=d:\mirc\mirc dicebot\mirc.exe |
"UDP Query User{5E08711B-8A93-4FBE-ADEE-0605AA0B6B05}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8D812D7F-C66D-405F-8BDD-77EF3A6314E4}D:\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\mirc\mirc.exe |
"UDP Query User{C7C75C06-143C-49B9-B2DC-BF2933E3B1C4}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{EBD88479-CA18-4F9E-9C2C-825319EC0A23}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{F8716493-2666-4F1A-9ADA-9FC6AE5F0120}D:\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG8Uninstall" = AVG Free 8.5
"Azureus" = Azureus
"Creative Media Lite" = Creative Media Lite
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Starcraft" = Starcraft
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.0
"Winamp" = Winamp
"ZENStoneUG" = Creative ZEN Stone User's Guide

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/08/2009 5:31:41 PM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/08/2009 5:53:11 PM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/08/2009 6:23:46 PM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2009 5:02:27 PM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/08/2009 5:07:33 PM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/08/2009 3:40:37 AM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/08/2009 3:51:20 AM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/08/2009 3:51:45 AM | Computer Name = Angela-PC | Source = EventSystem | ID = 4609
Description =

Error - 07/08/2009 4:44:06 PM | Computer Name = Angela-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/08/2009 4:44:31 PM | Computer Name = Angela-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 09/06/2009 1:04:50 PM | Computer Name = Angela-PC | Source = HTTP | ID = 15016
Description =

Error - 09/06/2009 1:05:13 PM | Computer Name = Angela-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/06/2009 3:11:17 AM | Computer Name = Angela-PC | Source = DCOM | ID = 10010
Description =

Error - 10/06/2009 3:12:13 AM | Computer Name = Angela-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 10/06/2009 3:12:13 AM | Computer Name = Angela-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 10/06/2009 3:12:50 AM | Computer Name = Angela-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 10/06/2009 3:12:58 AM | Computer Name = Angela-PC | Source = HTTP | ID = 15016
Description =

Error - 10/06/2009 3:13:29 AM | Computer Name = Angela-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/06/2009 3:21:05 AM | Computer Name = Angela-PC | Source = DCOM | ID = 10010
Description =

Error - 10/06/2009 3:22:45 AM | Computer Name = Angela-PC | Source = DCOM | ID = 10010
Description =


< End of report >

#6 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:51 AM

Posted 17 August 2009 - 08:37 AM

Hello Katrex,

I am sorry for my delay in getting back to you. I will be posting a "Fix" shortly.

Doc.

#7 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:51 AM

Posted 19 August 2009 - 09:37 AM

Hey Katrex,

So sorry about the delay in me getting back to you. This is my first Vista 64bit system and it is causing me some research "speed-bumps." :thumbup2:

1. Please download GooredFix
  • Save it to your Desktop.
  • Double-click Goored.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
  • If GooredFix does not run, then just move on to the next step below.
2. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
3. What I need in your next reply:
  • Goored.txt
  • Kaspersky results
  • Any Problems?
Doc.

#8 Katrex

Katrex
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 19 August 2009 - 02:59 PM

No problem. I've been busy the last few days anyway. Kaspersky still comes up clean.

My computer still hasn't exhibited any other problems.. and I have yet to be redirected again. I'm starting to think I may have accidentally mis-clicked both times and just not realized it (though I wonder still why the Helper though there may be something hidden.. erk!). Was the OTL log clean? Either way, I'll wait for your word on whether the PC is clean or not before I do anything else with it.

RE: GooredFix: I can't seem to find this option to scan without fixing. When I double-click GooredFix on my desktop, the following pops up: "GooredFix will automatically check for and remove infection. Click yes to continue or no to exit."

I don't see a place to select Option 1 or Option 2 and reading that it leads me to believe it'll scan and fix, not just scan as you want me to.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 19, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 19, 2009 18:38:56
Records in database: 2663167
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 159895
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:00:48


File name / Threat / Threats count
D:\mIRC\mIRC Dicebot\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1

Selected area has been scanned.

Edited by Katrex, 19 August 2009 - 02:59 PM.


#9 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:51 AM

Posted 21 August 2009 - 07:31 PM

Hey Katrex,

I'm starting to think I may have accidentally mis-clicked both times and just not realized it (though I wonder still why the Helper though there may be something hidden.. erk!). Was the OTL log clean? Either way, I'll wait for your word on whether the PC is clean or not before I do anything else with it.

  • Your Kaspersky Scan came back clean, as you already know, and the Sophos ARK Scan came back clean (from the "Am I Infected" Forum).
  • The OTL Log is not showing anything obvious to me and you say you haven't experienced any of the redirects that brought you here initially...so I would say that your Computer is Clean. :)
  • Your initial description of the "You are Infected" pop-ups followed by redirects, and the issues with "Hide Inactive Icons" are what probably led boopme to think that was more Malware hidden.
  • I'm not sure what was causing the issues with "Hide Inactive Icons", but the pop-up/redirects may have been a "mis-click" as you said.
However, let's run GooredFix just to see what it sees. These are the proper Instructions, the other ones were old...sorry. :thumbup2: :

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Also, please let me know if you are experiencing any problems with this computer.

Doc.

#10 Katrex

Katrex
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 22 August 2009 - 10:37 AM

Here is the GooredFix log.

I also think I may have located the culprit: "Looking for Info on Redirects to Virus Scanner Sites"

I'm entirely not sure why I didn't look around for something like this sooner. Apparently the website I was on the second time (and pretty sure I was on the first) had one of their ad servers start putting out bad/redirecting ads. The ad server that was the culprit has since been removed.

If my GooredFix log is clean, I guess we're good here since you don't see anything else. :] And neither do I, for that matter. Hopefully you'll be able to help someone with actual malware troubles now... @.@ But thanks much for helping me make sure.

GooredFix by jpshortstuff (12.07.09)
Log created at 21:44 on 21/08/2009 (Reeve)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:22 01/02/2009]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [10:10 06/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [04:33 25/03/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:24 09/03/2009]
"avg@igeared"="C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\avg@igeared" [01:36 24/07/2009]

-=E.O.F=-

Edited by Katrex, 22 August 2009 - 10:38 AM.


#11 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:51 AM

Posted 23 August 2009 - 06:29 PM

Hey Katrex,

Your Log looks Clean! So, the way I see it...you were never Infected with anything, which is awesome! :thumbup2:

Below are some steps to Clean-up some tools and return some Windows Settings back to their Default setting. Unless you have any questions/comments I believe we are done. Please Reply back to this Topic letting me know if we are done or not. :)

Few More Steps:

1. Please Remove OTL
  • Double Click on the OTL
  • In the top-right corner click on Cleanup
  • If OTL says it has to restart the computer to finish Cleanup, then please allow it to restart.
2. Please Delete GooredFix
  • Right-Click and Delete the GooredFix Icon that you saved.
3. Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
  • Double-click ATF-Cleaner.exe to run the program.
  • In the window that pops-up (ATF Cleaner - Main):
    • Place a check mark next to Select All at the bottom.
    • Now click the Empty Selected button.
  • If you use a Firefox Browser:
    • Click the Firefox tab at the top of the Main window.
    • Place a check mark next to Select All
    • Now click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use an Opera Browser:
    • Click Opera tab at the top of the Main window.
    • Place a check mark next to Select All
    • Now click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
  • For Technical Support, double-click the e-mail address located at the bottom of each menu.
4. Hiding Hidden Files
  • Please set your system to hide all hidden files.
  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
  • Check: Hide file extensions for known file types
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
The Instructions below are suggestions on how to keep your computer Safe and Secure:

Install a Firewall with both Inbound and Outbound Protection (3rd-Party Firewall)
  • Here is a Tutorial on: Understanding and Using Firewalls
  • The Windows Firewall only monitors inbound activity. It does not monitor outbound activity. Should a BadGuy make it on to your computer, it can send information outbound totally undetected. This is why installing a 3rd-Party Firewall that has both inbound and outbound protection is so important to the security of your computer.
  • I recommend using Zone Alarm Free firewall. This is an excellent firewall with simple user interface.
  • Other Recommended 3rd-Party Firewalls:
    • COMODO Firewall
    • Sunbelt Personal Firewall
    • These both come with Anti-Virus as well. So during the installation, make sure to un-select the Antivirus option if you already have an Antivirus program installed on your computer.
  • Online Armor Free
  • Outpost Firewall - Free
UPDATES:
  • Update Your Microsoft Windows
    Microsoft has released the latest upgrades to the XP OS platform, which can be referenced HERE.

    It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems.
    Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system.
    I recommend that you visit the link above and apply the SP3 patch.

    Update Your Java Runtime Environment (JRE)
    Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version.
Update Your Internet Explorer
Older versions of Internet Explorer have vulnerabilities that "The Bad-Guys" can exploit.
Please go HERE to upgrade your Internet Explorer to the latest version.

Update All of Your Applications
The BadGuys are constantly writing new programs to exploit vulnerabilities within programs and applications.
The GoodGuys are constantly updating their programs and applications to remove these vulnerabilities so the BadGuys cannot exploit them.
For this reason it is very important that you not only update your Microsoft Windows, Java, Internet Explorer, etc., but also the other applications you are running on your computer.
I suggest that you go to the following site to scan your computer for outdated programs/applications: Secunia Vulnerability Scan
If you want to stay up to date with the latest fixes, you can visit: The Calendar of Updates.
For more information on how to keep your computer safe and secure, please read the following Tutorial:How did I get infected?
Doc.

#12 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 PM

Posted 28 August 2009 - 09:55 AM

As the problem here seems to be resolved, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. If you should have a new issue, please start a new topic. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#13 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:51 PM

Posted 29 August 2009 - 03:25 AM

Topic reopened at user's request.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#14 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:51 AM

Posted 30 August 2009 - 12:56 PM

Hi Katrex,

Answers to your questions from the PM:

1] OTL's Cleanup Button... Is there a list or something of what exactly it removed/changed? Because I thought it would just remove itself, but it seems to have removed ComboFix, and changed some settings on my machine (the noticable ones which I changed back, but I'd like to know what else just incase.. )

  • The Cleanup button in OTL removes various tools that we use in Cleaning a computer, as well as itself. It makes no other changes to the system. ComboFix is one of those tools that this button removes.
  • What settings did you have to fix? They may have been from ComboFix. Since it was removed via an alternate method (OTL) some settings may not have been returned to "normal".

2] I have WinVista so I can't run ATFCleaner - is it neccessary?

  • ATFCleaner can be run on Vista machines.
    • "On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator""
  • Did you try Right-Clicking it and choosing Run as Administrator?
  • It's not absolutely necessary. ATF Cleaner is a Temp File cleaner:

3] Would there be anything wrong to keeping Hidden Files and Folders viewable?

  • Windows hides certain System Files/Folders so that they are not accidentally deleted/modified by the User.
  • Hiding these file/folders is the Windows Default setting. It's ultimately your computer, and therefore your choice. :)
  • One example of a Bad thing that could happen is that you accidentally delete one of these files/folders and then can no longer Boot your machine. :thumbup2:

4] I have a Linksys Router/Firewall combination (WRG54GS I think), is this sufficient for Firewall protection (along with Windows'Firewall).

  • I would still recommend installing a 3rd-Party Firewall.
  • If you install a 3rd-Party Firewall, you will also have to Disable Windows Firewall.
  • You should only have 1 Firewall installed and running on your computer. Running the Linksys Router/Firewall and the 3rd-Party firewall is OK.

5] Do I need to upgrade Internet Explorer if I use Firefox (and have Firefox set as my default browser?)

  • Yes.
  • Even though you do not use the program, the vulnerabilities/exploits still exist and can still be used by the BadGuys/Malware.
  • I use FireFox as my default Browser, but I keep IE updated, especially with security updates.
  • Plus, if you ever need to visit Microsoft Update Page you'll need to use IE. :)
I hope I have been able to answer your questions fully. Please let me know if I have not, or if I have created more questions for you. :cool:

Doc.

#15 Katrex

Katrex
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 01 September 2009 - 02:34 AM

1] After I used OTL's "Cleanup!" button, I found two files (slightly grayed out, like is normal for hidden files ) called Desktop.ini. I went into a folder and checked the folder settings, and the following were changed:

"Show Hidden Files and Folders" was checked. (I had unchecked this previously.)
"Hide extensions for known file types" was unchecked. (These two were checked.)
"Hide Protected Operating system files" was unchecked.

With your cleanup's #4 instructing to essentially reverse this, I figured it was a change OTL's Cleanup button made and was merely wondering if there was more. I'm almost completely positive they only changed after OTL's CleanUp button.

2] Ah.. You said that it was "Windows XP and 2000 ONLY." :] I never tried to run it in the first place because of this, and why I asked if it was necessary.

3] Okay. I only delete files I've created, and being able to change this setting is a lot faster than re-hiding folders I'd like hidden everytime I need to hide them. @.@

4] Alright, I will look into those 3rd-party firewalls.

5] Very well. I shall update IE and keep it fully updated just in-case.

Thanks for the information.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users