Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect + Vista Internet Security


  • This topic is locked This topic is locked
18 replies to this topic

#1 dig_deeper

dig_deeper

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 01 April 2010 - 08:11 PM

Hi, been having google redirecting issues for the ast days. Tried to fix it without success. Try to get the GMER log file up but it keeps crashing my computer (even safe mode). I do have the prelaminary log of GMER as it has an interesting find. I have a feeling C:\Windows\system32\drivers\ahcix86s.sys has to do with my issues but need expert avise on how to proceed as I do not want to make things worse. As far as know, I was able to get rid of Vista Internet security.

Tried TDSS killer and found ahcix86s.sys but seems to fail to fix it.

Please advise. Will check this forum non stop so you can expect me to answer very fast!

best regards,

Bart

DDS LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bart at 16:28:03.03 on 01/04/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1688 [GMT -6:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Tall Emu\Online Armor\OAreg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Bart\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Bart\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0809&m=aspire_5536
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\bart\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\bart\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\bart\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-20 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-14 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-8-20 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-8-20 24656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-14 56816]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-13 653856]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-8-20 362184]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-8-20 3142344]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-3 223232]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2009-8-20 30800]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-8-13 22072]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-4 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]

=============== Created Last 30 ================

2010-04-01 21:42:06 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-01 21:11:34 0 d-----w- C:\ComboFix
2010-04-01 20:37:55 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-01 20:37:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-01 02:29:57 0 d-----w- c:\programdata\Adobe Systems
2010-04-01 02:27:27 0 d-----w- c:\program files\common files\Adobe Systems Shared
2010-03-31 22:20:30 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2010-03-29 19:48:06 0 d-----w- c:\users\bart\appdata\roaming\VistaCodecs
2010-03-29 19:47:54 0 d-----w- c:\program files\VistaCodecPack
2010-03-29 19:46:53 0 d-----w- c:\programdata\VistaCodecs
2010-03-29 19:31:58 737280 ----a-w- c:\windows\iun6002.exe
2010-03-25 00:22:29 0 d-----w- c:\users\bart\appdata\roaming\BitTorrent
2010-03-25 00:22:22 0 d-----w- c:\program files\BitTorrent
2010-03-24 17:52:29 0 d-----w- c:\programdata\Sun
2010-03-24 17:51:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-24 04:10:51 77312 ----a-w- c:\windows\MBR.exe
2010-03-24 04:10:50 98816 ----a-w- c:\windows\sed.exe
2010-03-24 04:10:50 261632 ----a-w- c:\windows\PEV.exe
2010-03-24 04:10:50 161792 ----a-w- c:\windows\SWREG.exe
2010-03-24 02:36:47 0 d-----w- C:\HiJackThis
2010-03-24 02:34:36 0 d-----w- c:\program files\CleanUp!
2010-03-22 22:46:02 0 d-----w- c:\program files\SourceTec
2010-03-16 19:18:30 327168 ----a-w- c:\windows\IsUninst.exe
2010-03-16 14:56:28 0 d-----w- c:\program files\iPod
2010-03-16 14:56:13 0 d-----w- c:\program files\iTunes
2010-03-14 17:27:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-11 09:01:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 09:01:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 09:01:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 02:08:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-10 15:23:45 0 d-----w- c:\programdata\WindowsSearch
2010-03-09 00:05:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-08 23:59:59 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-08 23:59:58 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-08 23:59:57 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-08 23:59:57 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-08 23:59:56 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-08 23:59:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-08 23:59:56 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-08 23:59:56 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-08 23:59:55 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-08 21:00:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-08 21:00:10 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-08 21:00:10 1696256 ----a-w- c:\windows\system32\gameux.dll

==================== Find3M ====================

2010-04-01 21:45:08 183312 ----a-w- c:\windows\system32\drivers\ahcix86s.sys
2010-02-24 16:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-28 08:09:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-31 21:51:27 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-31 21:51:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-31 21:51:26 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 09:18:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-17 03:18:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 16:33:19.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 dig_deeper

dig_deeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 01 April 2010 - 08:58 PM

tried http://www.geekstogo.com/forum/How-to-fix-...ts-t267407.html as per advise from one of you guys on the chat forum with no luck... stil hoping for assistance. Thx

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 02 April 2010 - 01:44 PM

Hello,

Can you ATTACH the TDSSKILLER log for me to take a look?

Let's continue...

A question: Do you have your Windows Vista disk available?

Run this scan for me with the instructions below...

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 dig_deeper

dig_deeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 02 April 2010 - 04:14 PM

I deleted all my previous log files so I had to redo TDSS so please see attachment for that (notice that same sys file being infected as stated before).

When I bought this laptop, I had no vista DVD so I made like a recovery CD or whatever you call it on 3 DVDs not sure if that will help??

Log files for OTL:

OTL logfile created on: 02/04/2010 2:58:19 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Bart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 171.78 Gb Free Space | 76.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART-LAPTOP
Current User Name: Bart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/02 14:57:21 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Bart\Desktop\OTL.exe
PRC - [2010/04/01 19:47:36 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Bart\AppData\Local\temp\RtkBtMnt.exe
PRC - [2010/03/10 18:45:01 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/10 18:44:56 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/09 17:12:27 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/01/26 18:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/08/13 19:40:45 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/08/13 19:36:57 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/11 05:58:18 | 000,362,184 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/07/11 05:58:14 | 003,142,344 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2009/07/11 05:58:10 | 001,033,416 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2009/07/11 05:58:02 | 002,121,416 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 00:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/03/10 18:48:30 | 006,957,600 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/18 21:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/02/06 12:07:08 | 000,686,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/02/06 12:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/23 12:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/01/20 20:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2010/04/02 14:57:21 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Bart\Desktop\OTL.exe
MOD - [2009/07/11 05:59:16 | 000,860,360 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 20:24:46 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2008/01/20 20:24:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2008/01/20 20:23:45 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/10 18:44:56 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/11 05:58:18 | 000,362,184 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/07/11 05:58:14 | 003,142,344 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/06 12:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/01/16 12:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/09/23 12:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 12:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2010/04/01 19:46:34 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2009/12/08 07:16:12 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/09 20:14:20 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/11 05:17:14 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/07/11 05:17:06 | 000,030,800 | ---- | M] (Tall Emu Pty Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/07/11 05:17:00 | 000,200,784 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/07/03 08:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 00:32:43 | 000,141,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/25 17:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/03/18 22:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/03/10 18:21:12 | 002,338,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/20 20:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/06 19:32:22 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/01/16 12:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/29 16:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/05 00:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/15 18:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/10/15 18:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/10/15 18:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/09/03 22:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/05/28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/01/30 19:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 23:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5536


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/16 08:52:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/03/16 08:52:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/23 22:38:58 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\OAui.exe (Tall Emu)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3526822748-48429487-3737610498-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3526822748-48429487-3737610498-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.45.110.251 72.45.110.252
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bart\Desktop\pictures\YQ\YQ start\Fairbanks start.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bart\Desktop\pictures\YQ\YQ start\Fairbanks start.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKU\S-1-5-21-3526822748-48429487-3737610498-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/03/10 22:31:52 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: klmdb.sys - Driver
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C1016BBA-C231-B75D-E350-C1D7954D9835} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/02 14:56:55 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Bart\Desktop\OTL.exe
[2010/04/01 18:37:58 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Local\Acer ePower Management V4
[2010/04/01 15:42:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/01 15:42:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/01 15:42:00 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Local\temp
[2010/04/01 15:06:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/01 14:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/01 14:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/01 13:18:54 | 000,000,000 | ---D | C] -- C:\Users\Bart\Desktop\images
[2010/03/31 20:41:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/31 20:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010/03/31 20:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2010/03/31 16:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/03/31 15:15:00 | 000,000,000 | ---D | C] -- C:\Users\Bart\Desktop\codecs
[2010/03/31 14:29:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 14:29:43 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 14:29:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 14:29:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/31 14:29:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 14:29:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 14:29:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 14:29:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 14:29:42 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 14:29:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/31 14:29:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 14:29:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 14:29:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/31 14:29:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 14:29:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/31 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\Bart\Desktop\FLV converter
[2010/03/30 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Roaming\Opera
[2010/03/29 13:48:06 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Roaming\VistaCodecs
[2010/03/29 13:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\VistaCodecPack
[2010/03/29 13:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010/03/29 13:31:58 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/03/29 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Roaming\WinRAR
[2010/03/29 11:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bart\Desktop\cleanup programs
[2010/03/24 18:22:29 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Roaming\BitTorrent
[2010/03/24 18:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/03/24 11:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/24 11:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/24 11:51:47 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/24 11:51:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/24 11:51:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/24 11:51:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/24 11:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/23 22:10:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/23 22:10:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/23 22:10:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/23 22:10:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/23 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/03/22 17:17:37 | 000,000,000 | ---D | C] -- C:\Users\Bart\Desktop\Sothink
[2010/03/22 16:46:38 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Local\Sothink
[2010/03/22 16:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2010/03/16 14:38:33 | 000,000,000 | ---D | C] -- C:\Users\Bart\Documents\Updater
[2010/03/16 14:27:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2010/03/16 13:18:30 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/03/16 08:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/16 08:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/16 08:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/14 15:49:38 | 000,000,000 | ---D | C] -- C:\Users\Bart\Desktop\pictures
[2010/03/11 03:01:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 03:01:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/10 09:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/03/08 18:05:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/03/08 17:59:59 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/08 17:59:58 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/08 17:59:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/08 17:59:57 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/08 17:59:56 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/08 17:59:56 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/08 17:59:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/08 17:59:56 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/03/08 17:59:55 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/08 15:00:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/03/08 15:00:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/03/08 15:00:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/13 14:18:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/04/02 15:02:57 | 002,097,152 | -HS- | M] () -- C:\Users\Bart\ntuser.dat
[2010/04/02 15:01:51 | 000,598,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/02 15:01:50 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/02 15:01:50 | 000,103,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/02 15:00:08 | 000,154,469 | ---- | M] () -- C:\Users\Bart\Desktop\tdsskiller.zip
[2010/04/02 14:57:21 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Bart\Desktop\OTL.exe
[2010/04/02 14:54:03 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/02 14:53:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/02 14:53:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/02 14:53:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/02 14:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/02 14:53:32 | 2948,988,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 08:59:37 | 000,524,288 | -HS- | M] () -- C:\Users\Bart\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/02 08:59:37 | 000,065,536 | -HS- | M] () -- C:\Users\Bart\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/02 08:59:24 | 002,929,175 | -H-- | M] () -- C:\Users\Bart\AppData\Local\IconCache.db
[2010/04/02 08:22:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/01 19:46:34 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) -- C:\Windows\System32\drivers\ahcix86s.sys
[2010/04/01 18:59:47 | 171,101,336 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/01 15:36:04 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/01 09:14:24 | 000,000,330 | ---- | M] () -- C:\Users\Bart\Documents\exefix.reg
[2010/04/01 09:09:44 | 000,011,068 | -HS- | M] () -- C:\Users\Bart\AppData\Local\7VJ5
[2010/04/01 08:31:29 | 000,011,060 | -HS- | M] () -- C:\ProgramData\7VJ5
[2010/03/31 20:34:56 | 000,070,744 | ---- | M] () -- C:\Users\Bart\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/31 20:33:57 | 000,296,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/31 20:27:56 | 000,001,174 | ---- | M] () -- C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/03/31 16:20:32 | 000,000,866 | ---- | M] () -- C:\Users\Bart\Desktop\Eusing Free Registry Cleaner.lnk
[2010/03/31 13:51:35 | 000,094,720 | ---- | M] () -- C:\Users\Bart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 11:46:03 | 000,124,125 | ---- | M] () -- C:\Users\Bart\Desktop\freshscent.zip
[2010/03/29 13:31:01 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/03/29 10:28:18 | 000,000,680 | ---- | M] () -- C:\Users\Bart\AppData\Local\d3d9caps.dat
[2010/03/24 11:51:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/24 11:51:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/24 11:51:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/24 11:51:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/23 22:38:58 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Users\Bart\Desktop\TDSSKiller.exe
[2010/03/16 08:57:24 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/14 11:27:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 17:01:28 | 000,005,299 | ---- | M] () -- C:\Users\Bart\Desktop\style.css
[2010/03/10 18:47:28 | 000,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

========== Files Created - No Company Name ==========

[2010/04/02 15:00:00 | 000,154,469 | ---- | C] () -- C:\Users\Bart\Desktop\tdsskiller.zip
[2010/04/01 19:46:44 | 2948,988,928 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/01 11:50:16 | 000,005,299 | ---- | C] () -- C:\Users\Bart\Desktop\style.css
[2010/04/01 09:13:57 | 000,000,330 | ---- | C] () -- C:\Users\Bart\Documents\exefix.reg
[2010/04/01 08:29:27 | 000,011,068 | -HS- | C] () -- C:\Users\Bart\AppData\Local\7VJ5
[2010/04/01 08:14:59 | 000,011,060 | -HS- | C] () -- C:\ProgramData\7VJ5
[2010/03/31 20:27:56 | 000,001,174 | ---- | C] () -- C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/03/31 16:20:32 | 000,000,866 | ---- | C] () -- C:\Users\Bart\Desktop\Eusing Free Registry Cleaner.lnk
[2010/03/30 11:45:56 | 000,124,125 | ---- | C] () -- C:\Users\Bart\Desktop\freshscent.zip
[2010/03/23 22:10:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/23 22:10:50 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/23 22:10:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/23 22:10:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/23 22:10:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/16 08:57:24 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/14 11:27:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/03/10 20:08:41 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/01/28 02:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/24 21:13:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/19 14:17:50 | 000,000,680 | ---- | C] () -- C:\Users\Bart\AppData\Local\d3d9caps.dat
[2009/11/09 20:14:20 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/20 21:18:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 21:18:23 | 000,141,288 | ---- | C] () -- C:\Windows\System32\drivers\ecache.sys
[2009/09/23 20:26:18 | 000,000,067 | ---- | C] () -- C:\Windows\DVDIdlePro.INI
[2009/08/20 09:40:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\Dtctrace.dll
[2009/08/13 20:59:35 | 000,094,720 | ---- | C] () -- C:\Users\Bart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/13 20:05:17 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2009/08/13 19:58:46 | 000,008,156 | ---- | C] () -- C:\Users\Bart\AppData\Local\MyWinLockerInstaller.txt-20090813.log
[2009/08/13 19:41:05 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009/08/13 14:14:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/10 17:49:35 | 000,006,145 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009/02/20 18:26:15 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/20 18:26:15 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/20 18:26:14 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/02/20 18:26:14 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008/09/12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/08 23:12:32 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll
[2007/01/08 23:12:30 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll
[2007/01/08 23:12:30 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2007/01/08 23:12:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll
[2006/12/04 01:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugw2l3.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2009/08/13 20:18:31 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Acer
[2009/03/10 17:11:17 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Acer GameZone Console
[2010/03/25 23:30:30 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\BitTorrent
[2010/04/01 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\FileZilla
[2009/10/08 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\GARMIN
[2009/11/11 15:54:20 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Hybrid GeoTools
[2010/04/01 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\OnlineArmor
[2010/03/30 11:56:49 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Opera
[2009/08/19 07:35:43 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Thunderbird
[2010/03/29 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\VistaCodecs
[2009/08/20 11:06:28 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/04/02 08:59:38 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/08/13 20:18:31 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Acer
[2009/03/10 17:11:17 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Acer GameZone Console
[2010/03/31 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Adobe
[2009/09/17 11:27:10 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Apple Computer
[2009/08/13 19:38:14 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\ATI
[2010/03/25 23:30:30 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\BitTorrent
[2009/09/09 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\DivX
[2010/04/01 20:09:53 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\FileZilla
[2009/10/08 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\GARMIN
[2009/08/13 20:48:06 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Google
[2009/11/11 15:54:20 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Hybrid GeoTools
[2009/08/13 19:37:10 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Identities
[2009/08/13 19:40:54 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\InstallShield
[2009/08/13 19:42:45 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Macromedia
[2006/11/02 06:37:34 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Media Center Programs
[2010/04/01 20:15:32 | 000,000,000 | --SD | M] -- C:\Users\Bart\AppData\Roaming\Microsoft
[2009/08/19 07:35:45 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Mozilla
[2010/04/01 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\OnlineArmor
[2010/03/30 11:56:49 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Opera
[2010/03/31 17:36:27 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Skype
[2010/04/01 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\skypePM
[2009/08/19 07:35:43 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Thunderbird
[2010/03/29 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\VistaCodecs
[2010/03/29 13:10:32 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AHCIX86S.SYS >
[2008/10/03 11:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Acer\Preload\Autorun\DRV\ATIVGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2010/04/01 19:46:34 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008/10/03 11:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/18 21:18:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/08 05:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 05:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/02/23 00:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >


OTL Extras logfile created on: 02/04/2010 2:58:19 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Bart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 171.78 Gb Free Space | 76.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BART-LAPTOP
Current User Name: Bart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\S-1-5-21-3526822748-48429487-3737610498-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A5D61C9-C230-4462-A6C3-6B706794AAB0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7102E78-19DB-40BE-98E0-798EA9FF3491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DCA3448-A86F-4407-9BCA-E2441BA934CC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{147DB11A-C89B-4177-B961-E82EDADC60EB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1DBBEDDB-C5A1-4E21-A182-7624AA38F494}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{275CA67A-0F75-4289-A2EB-25D3BCCC7B15}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27D03977-062C-4A29-834A-1DEE57C17D16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33DF161A-B6B7-4BD5-9623-4463E9A4FF12}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4CD820A5-FF75-4FFD-84DB-08DA3985E677}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{521715EA-F444-45B4-BC7F-5C573B2254E7}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5C6AFF0F-8709-47FB-8D1A-C532F1D8F327}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{641D1AAA-DD7C-42A6-B9A0-E065E71BE1A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{708545E5-678B-46C6-A01F-6031F0C4D263}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BEA2305C-455D-4CD0-B687-A1B3FE455674}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C7F75C31-BF0A-4862-BEC5-CA199DD107AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082EF4D3-37D3-2ABE-8108-95B605157DBC}" = Catalyst Control Center Localization All
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17EEE779-FF27-4173-914E-A590085EA665}" = 3D Route Builder
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F727AEE-3992-AAD9-E8A7-560BF4F92999}" = CCC Help Chinese Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{31AC282F-3EF7-B239-9BBA-DB606B248F2A}" = CCC Help Spanish
"{33FA7D12-4740-D665-D17C-F5F25EA6EEA6}" = CCC Help Portuguese
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5677C0-9871-0BEF-12DD-9E157C1ABA2E}" = CCC Help Dutch
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEAC717-86F8-DE21-3933-8E4377797AEF}" = CCC Help Japanese
"{52BF91FE-7B2F-E26C-7A78-42C056B4461C}" = ccc-utility
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5BF3F950-BDAF-C801-0BE4-6319CB412F9D}" = Catalyst Control Center InstallProxy
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC61CFC-1CAA-7650-2755-721FFD78F8D4}" = CCC Help Swedish
"{61C770D4-6F09-52EA-5C84-FF58F324B62B}" = CCC Help Czech
"{63617A9B-A0EE-319B-2478-16CCDA8C945C}" = Catalyst Control Center Graphics Light
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65EBA8F2-A7A0-E1A8-0986-BADCE1694362}" = Catalyst Control Center Core Implementation
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{69567CE7-08A6-F984-3BA1-9AE068EC7AAF}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C32ACBF-B9CA-4d53-BB71-C4FA97582286}_is1" = Sothink DHTML Menu 9
"{6D9D1582-2E8C-491B-C337-63B6810A4426}" = CCC Help Finnish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77411C79-3B2E-342F-D803-AB964746CE1D}" = CCC Help Italian
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A745642-3020-E403-B67A-C19BF008687A}" = CCC Help Turkish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{877D85BD-71AA-4BC0-5314-03B8D15F95A9}" = Catalyst Control Center Graphics Full Existing
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AC5F3C-9C4B-136A-5A21-5ADFF12B9657}" = ccc-core-static
"{A6F8719C-479C-4656-BFF7-393584B2034A}" = CCC Help German
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D73C82-714E-1E99-2A85-43E649F51F18}" = Catalyst Control Center Graphics Full New
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7C690A8-80D8-D09B-B35F-1201AA6B6FDE}" = CCC Help French
"{B8BE463A-E21C-8E7E-399D-CC9724283682}" = CCC Help Polish
"{B9587DFD-225C-1B2B-4FA1-E27768140EFC}" = CCC Help Russian
"{BB50C649-9BB5-BF21-E8C1-0CFFE263C866}" = CCC Help Chinese Traditional
"{CBD9E015-4A3C-A3DF-6FCF-C636251DF0C8}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0F0DEFD-538E-8B1C-A2B7-12FB5135BA21}" = CCC Help Danish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E5E642-5975-C402-5EDC-181E0AAD10ED}" = CCC Help Korean
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E12E7096-E796-BB35-02BD-C7720978E481}" = CCC Help English
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48A7361-D746-8706-5221-F49A207A6DD8}" = CCC Help Thai
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECF195B6-D7F0-B206-7A04-9F83284E9412}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE3455C6-26CE-71F7-FC1B-7405C83451B7}" = CCC Help Norwegian
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileZilla Client" = FileZilla Client 3.2.4.1
"FLV Player" = FLV Player 2.0 (build 25)
"GridVista" = Acer GridVista
"Home'Bank Off-line services_is1" = Home'Bank Off-line services 4.54
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"OnlineArmor_is1" = Online Armor 3.5
"PCFriendly" = PCFriendly
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3526822748-48429487-3737610498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/03/2010 6:56:18 PM | Computer Name = Bart-Laptop | Source = Windows Search Service | ID = 3058
Description =

Error - 31/03/2010 7:47:05 PM | Computer Name = Bart-Laptop | Source = VSS | ID = 8194
Description =

Error - 31/03/2010 9:46:18 PM | Computer Name = Bart-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 31/03/2010 9:48:26 PM | Computer Name = Bart-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/03/2010 9:48:27 PM | Computer Name = Bart-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/03/2010 9:48:27 PM | Computer Name = Bart-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/03/2010 9:48:28 PM | Computer Name = Bart-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/03/2010 9:48:28 PM | Computer Name = Bart-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/03/2010 9:48:28 PM | Computer Name = Bart-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/03/2010 9:48:29 PM | Computer Name = Bart-Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ OSession Events ]
Error - 02/01/2010 12:41:55 PM | Computer Name = Bart-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/01/2010 12:43:28 PM | Computer Name = Bart-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 16/10/2009 5:03:39 AM | Computer Name = Bart-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 16/10/2009 5:05:18 AM | Computer Name = Bart-Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 16/10/2009 5:05:18 AM | Computer Name = Bart-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 16/10/2009 5:26:58 AM | Computer Name = Bart-Laptop | Source = HTTP | ID = 15016
Description =

Error - 16/10/2009 5:27:08 AM | Computer Name = Bart-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 16/10/2009 9:02:16 AM | Computer Name = Bart-Laptop | Source = HTTP | ID = 15016
Description =

Error - 16/10/2009 9:02:34 AM | Computer Name = Bart-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 17/10/2009 5:18:31 AM | Computer Name = Bart-Laptop | Source = HTTP | ID = 15016
Description =

Error - 17/10/2009 5:18:42 AM | Computer Name = Bart-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 19/10/2009 10:52:22 PM | Computer Name = Bart-Laptop | Source = Service Control Manager | ID = 7031
Description =


< End of report >

Attached Files



#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 03 April 2010 - 10:38 AM

QUOTE
I deleted all my previous log files so I had to redo TDSS so please see attachment for that (notice that same sys file being infected as stated before).

When I bought this laptop, I had no vista DVD so I made like a recovery CD or whatever you call it on 3 DVDs not sure if that will help??

That's fine.

So I believe you re-ran TDSSKiller? If so, can you please re-run GMER for me once more so I can take a look.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 dig_deeper

dig_deeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 03 April 2010 - 03:29 PM

Yes reran TDSS.Here is GMER log file. Put it in attahment as it is too long to post it for some reason. Also had to zip it as it was too big for my total upload space for attachments here on this forum...

Attached Files

  • Attached File  GMER.zip   309.54KB   4 downloads


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 03 April 2010 - 03:39 PM

Hello.

I think you checked the Show All box. Follow the instructions below on running GMER, then followed by a Malwarebytes scan.

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 dig_deeper

dig_deeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 04 April 2010 - 02:02 PM

Ok, no detection with malware. Here are both GMER report and malware report:

1:00 PM 04/04/2010GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-04 12:38:32
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Bart\AppData\Local\Temp\kxryypow.sys


---- System - GMER 1.0.15 ----

INT 0x82 ? 865F1BF8
INT 0x92 ? 865F1BF8
INT 0xA2 ? 865F1BF8
INT 0xA2 ? 865F1BF8
INT 0xA2 ? 865F1BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 859611F8
Device \FileSystem\fastfat \FatCdrom 8684C1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8595D1F8
Device \Driver\usbohci \Device\USBPDO-0 865F21F8
Device \Driver\usbohci \Device\USBPDO-1 865F21F8
Device \Driver\usbehci \Device\USBPDO-2 865F31F8
Device \Driver\usbohci \Device\USBPDO-3 865F21F8
Device \Driver\usbehci \Device\USBPDO-4 865F31F8
Device \Driver\volmgr \Device\HarddiskVolume1 8595D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8595D1F8
Device \Driver\cdrom \Device\CdRom0 86553500
Device \Driver\PCI_PNP8108 \Device\00000059 splp.sys
Device \Driver\sptd \Device\2494214124 splp.sys
Device \Driver\cdrom \Device\CdRom1 86553500
Device \Driver\iScsiPrt \Device\RaidPort1 866661F8
Device \Driver\usbohci \Device\USBFDO-0 865F21F8
Device \Driver\usbohci \Device\USBFDO-1 865F21F8
Device \Driver\usbehci \Device\USBFDO-2 865F31F8
Device \Driver\usbohci \Device\USBFDO-3 865F21F8
Device \Driver\usbehci \Device\USBFDO-4 865F31F8
Device \Driver\a42anyo9 \Device\Scsi\a42anyo91 8665F1F8
Device \Driver\a42anyo9 \Device\Scsi\a42anyo91Port2Path0Target0Lun0 8665F1F8
Device \FileSystem\fastfat \Fat 8684C1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 86B6D1F8
Device -> \Driver\ahcix86s \Device\Harddisk0\DR0 86397AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEC 0x49 0xED 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x0F 0x1B 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xBC 0x57 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEC 0x49 0xED 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xDA 0x0F 0x1B 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5C 0xBC 0x57 0x0C ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\ahcix86s.sys suspicious modification

---- EOF - GMER 1.0.15 ----

*************************************************************************************************

Malware report

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3954

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

04/04/2010 12:58:39 PM
mbam-log-2010-04-04 (12-58-39).txt

Scan type: Quick scan
Objects scanned: 102752
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 04 April 2010 - 02:12 PM

Hello.

That file is still there and needs to be handled. However, let me know if you have your Windows Vista disk with you or not?

We will replace that file in the Windows Recovery Environment.

Edited by extremeboy, 04 April 2010 - 02:13 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 dig_deeper

dig_deeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 04 April 2010 - 04:37 PM

Hi. Like I said. When I bought this laptop, they do not come with a Vista DVD anymore so I made a 3 DVD recovery or backup DVD. So I have no idea how it would work. I never did something like that before. Sorry for being newbie on that regards. If those DVD's will do the trick, I am all ready to troubleshoot that file!

PS.: I got an ACER so once I did all the fine tuning and the installations of my basic programs, I made a recovery DVD (3 DVD's total). I hope you're refering to those DVD's.

Thanks for all your help and assistance so far!!!!

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 04 April 2010 - 04:57 PM

Sorry about that. I already asked you this question.

In this case, please follow the instructions in this page: http://www.howtogeek.com/howto/windows-vis...-dont-have-one/ on downloading and creating the Windows Vista Recovery Disk. Download the Windows Vista Recovery Disc 32-Bit (x86) Edition file package.

Once you have burned the .iso image file onto a CD, let me know and we will continue from there.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 dig_deeper

dig_deeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 04 April 2010 - 05:37 PM

Ok this might take a longer time as I am on a satelite internet (slower) as I live in the bush in North Canada. So it might take a while for me to be ready, sorry about that. I'll do my best to get it in asap!! Should I PM you when I am ready again??

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 04 April 2010 - 09:28 PM

Nope, just reply back here letting me know once you get it done. If it's a problem, then let me know.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 dig_deeper

dig_deeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 06 April 2010 - 03:33 PM

sorr it took so long, slower internet. got the file in and am about to burn it, what's the next step?

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 06 April 2010 - 04:01 PM

Hello.

First, let's run this tool. Seems that we didn't run it and thus I jumped to that option. If it can take care of it, then we don't need that anymore. Apologize for that. Nevertheless, that tool might become useful in the future. Let's start with Combofix.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users