| |
| |||||||
Log-Analyse und Auswertung: keylogger oder spyware drauf?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.10.2010, 23:29
| #1 |
 |  keylogger oder spyware drauf? Hallo, bitte kann mir das Jemand auswerten. Moechte gerne wisssen ob ich einen keylogger oder spyware drauf habe. Ich habe norton 360 ( testversion) und avast. Ich wohne in USA und habe einen Laptop von hier, keine Ahnung ob das wichtig ist, ich erwaehn es einfach mal.... Vielen Dank!!!! HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:27:08 PM, on 10/25/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18527) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtMon. exe C:\Windows\vsnpstd3.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\ELLYAN~1\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtProc .exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.Notificati onCenter.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.ex e C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Users\ellyangel\Pictures\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=...&m=aspire_4330 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=...&m=aspire_4330 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon. exe O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CyberDefender Registry Cleaner] c:\program files\cyberdefender\registry cleaner\Startcdrc.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\ellyangel\AppData\Local\Google\Update\Go ogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Iyukuwidogodobuv] rundll32.exe "C:\Users\ellyangel\AppData\Local\witd36r.dll",Sta rtup O4 - HKCU\..\Run: [msin_isv] rundll32 "C:\Windows\system32\attrclip.dll",DllGetVersi on O4 - HKCU\..\Run: [Onirebocov] rundll32.exe "C:\Users\ellyangel\AppData\Local\orupulukelikuf.d ll",Startup O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9ea1663e6a5d0) (gupdate1c9ea1663e6a5d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: RUAGSMJWWDLST - Unknown owner - C:\Users\ELLYAN~1\AppData\Local\Temp\RUAGSMJWWDLST .exe (file missing) O23 - Service: UAKIBV - Unknown owner - C:\Users\ELLYAN~1\AppData\Local\Temp\UAKIBV.exe (file missing) O23 - Service: ZCGN - Unknown owner - C:\Users\ELLYAN~1\AppData\Local\Temp\ZCGN.exe (file missing) O23 - Service: ZEHHZV - Unknown owner - C:\Users\ELLYAN~1\AppData\Local\Temp\ZEHHZV.exe (file missing) -- End of file - 13632 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4954 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 10/26/2010 3:55:12 PM mbam-log-2010-10-26 (15-55-12).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 140810 Laufzeit: 9 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iyukuwidogodobuv (Trojan.Agent.U) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\onirebocov (Trojan.Agent.U) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\ProgramData\29413322 (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\ellyangel\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/26/2010 4:23:54 PM - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\ellyangel\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50.89 Gb Total Space | 18.42 Gb Free Space | 36.19% Space Free | Partition Type: NTFS Drive D: | 50.89 Gb Total Space | 50.73 Gb Free Space | 99.69% Space Free | Partition Type: NTFS Computer Name: ELLYANGEL-PC | User Name: ellyangel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\ellyangel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe (Matt Holwood) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Users\ellyangel\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer) PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () PRC - C:\Windows\vsnpstd3.exe () ========== Modules (SafeList) ========== MOD - C:\Users\ellyangel\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll (Symantec Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ZEHHZV) -- C:\Users\ELLYAN~1\AppData\Local\Temp\ZEHHZV.exe File not found SRV - (ZCGN) -- C:\Users\ELLYAN~1\AppData\Local\Temp\ZCGN.exe File not found SRV - (UAKIBV) -- C:\Users\ELLYAN~1\AppData\Local\Temp\UAKIBV.exe File not found SRV - (RUAGSMJWWDLST) -- C:\Users\ELLYAN~1\AppData\Local\Temp\RUAGSMJWWDLST.exe File not found SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (AVFSFilter) -- C:\Windows\System32\DRIVERS\avfsfilter.sys File not found DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101025.001\IDSvix86.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101026.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101026.002\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys (Symantec Corporation) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation) DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0808&m=aspire_4330 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {DA6ED62A-E801-47B5-8FD9-559FF80DF12A}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/10/10 15:23:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/10/10 11:44:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/10 14:49:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 15:32:10 | 000,000,000 | ---D | M] [2009/01/29 16:43:38 | 000,000,000 | ---D | M] -- C:\Users\ellyangel\AppData\Roaming\Mozilla\Extensions [2010/10/09 15:32:35 | 000,000,000 | ---D | M] -- C:\Users\ellyangel\AppData\Roaming\Mozilla\Firefox\Profiles\p4rvkwxr.default\extensions [2010/10/09 15:32:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ellyangel\AppData\Roaming\Mozilla\Firefox\Profiles\p4rvkwxr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/10/09 15:32:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/10/09 10:54:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll () O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [CyberDefender Registry Cleaner] File not found O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Users\Default\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [CyberDefender Registry Cleaner] c:\Program Files\CyberDefender\Registry Cleaner\startcdrc.exe (CyberDefender) O4 - HKCU..\Run: [msin_isv] C:\Windows\System32\attrclip.DLL File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.160.208.114 66.160.208.45 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/10/26 16:18:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\ellyangel\Desktop\OTL.exe [2010/10/19 15:00:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP [2010/10/14 18:01:40 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010/10/14 18:01:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010/10/14 18:00:58 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010/10/14 18:00:54 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010/10/14 18:00:53 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010/10/14 18:00:49 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/10/14 18:00:46 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010/10/14 18:00:43 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010/10/14 18:00:31 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/10/14 18:00:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010/10/14 18:00:26 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/10/14 18:00:26 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010/10/14 18:00:25 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010/10/14 18:00:24 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/10/14 18:00:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/10/14 18:00:23 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/10/14 18:00:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010/10/14 18:00:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/10/10 15:23:56 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symtdiv.sys [2010/10/10 15:23:56 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symefa.sys [2010/10/10 15:23:55 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.sys [2010/10/10 15:23:55 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symds.sys [2010/10/10 15:23:55 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.sys [2010/10/10 15:23:55 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\ironx86.sys [2010/10/10 15:23:55 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.sys [2010/10/10 15:23:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0403000.005 [2010/10/10 11:43:42 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2010/10/10 11:43:39 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2010/10/10 11:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010/10/10 11:42:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360 [2010/10/10 11:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 [2010/10/09 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/10/09 15:22:41 | 000,000,000 | ---D | C] -- C:\Users\ellyangel\Documents\My Google Gadgets [2010/10/09 10:54:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010/10/09 10:54:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/10/09 10:54:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/10/09 10:54:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/10/08 23:02:16 | 000,000,000 | ---D | C] -- C:\Users\ellyangel\AppData\Local\{DA6ED62A-E801-47B5-8FD9-559FF80DF12A} [2010/09/28 15:28:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2008/08/19 01:55:53 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007/03/12 12:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005/11/23 13:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2010/10/26 16:19:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ellyangel\Desktop\OTL.exe [2010/10/26 16:15:06 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/10/26 16:06:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2136634944-1118908816-156827738-1000UA.job [2010/10/26 16:05:48 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/10/26 16:05:48 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/10/26 15:59:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010/10/26 15:59:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/26 15:59:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/26 15:59:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/10/26 15:59:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/26 15:49:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/10/26 15:38:02 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/26 15:15:01 | 001,853,694 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB [2010/10/26 12:06:05 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2136634944-1118908816-156827738-1000Core.job [2010/10/25 18:46:23 | 000,000,482 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ellyangel.job [2010/10/15 03:43:15 | 000,297,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/10/10 14:49:59 | 000,002,144 | ---- | M] () -- C:\Users\ellyangel\Documents\Norton 360.lnk [2010/10/10 13:05:01 | 000,000,120 | ---- | M] () -- C:\Users\ellyangel\AppData\Local\Fzezulodip.dat [2010/10/10 11:43:39 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2010/10/10 11:43:39 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2010/10/10 11:43:39 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2010/10/10 11:01:08 | 000,000,000 | ---- | M] () -- C:\Users\ellyangel\AppData\Local\Ilesaf.bin [2010/10/09 16:24:08 | 000,507,400 | ---- | M] () -- C:\Users\ellyangel\Documents\sdasetup[1].exe [2010/10/09 16:14:09 | 000,000,947 | ---- | M] () -- C:\Users\ellyangel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/09 15:32:13 | 000,001,752 | ---- | M] () -- C:\Users\ellyangel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/10/09 15:32:13 | 000,001,728 | ---- | M] () -- C:\Users\ellyangel\Documents\Mozilla Firefox.lnk [2010/10/08 23:12:40 | 000,000,680 | ---- | M] () -- C:\Users\ellyangel\AppData\Local\d3d9caps.dat [2010/10/08 23:00:14 | 000,000,020 | ---- | M] () -- C:\Users\ellyangel\AppData\Roaming\ldcpfk.dat ========== Files Created - No Company Name ========== [2010/10/26 15:38:02 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/13 15:39:39 | 001,853,694 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB [2010/10/10 15:23:56 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.cat [2010/10/10 15:23:56 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.cat [2010/10/10 15:23:56 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.cat [2010/10/10 15:23:56 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.inf [2010/10/10 15:23:56 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.inf [2010/10/10 15:23:56 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.inf [2010/10/10 15:23:55 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.cat [2010/10/10 15:23:55 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.cat [2010/10/10 15:23:55 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.cat [2010/10/10 15:23:55 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.cat [2010/10/10 15:23:55 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.cat [2010/10/10 15:23:55 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.inf [2010/10/10 15:23:55 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.inf [2010/10/10 15:23:55 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.inf [2010/10/10 15:23:55 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.inf [2010/10/10 15:23:55 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.inf [2010/10/10 15:23:08 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini [2010/10/10 11:43:39 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2010/10/10 11:43:39 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2010/10/10 11:43:24 | 000,002,144 | ---- | C] () -- C:\Users\ellyangel\Documents\Norton 360.lnk [2010/10/09 16:24:09 | 000,507,400 | ---- | C] () -- C:\Users\ellyangel\Documents\sdasetup[1].exe [2010/10/09 15:32:13 | 000,001,728 | ---- | C] () -- C:\Users\ellyangel\Documents\Mozilla Firefox.lnk [2010/10/08 23:02:23 | 000,000,120 | ---- | C] () -- C:\Users\ellyangel\AppData\Local\Fzezulodip.dat [2010/10/08 23:02:23 | 000,000,000 | ---- | C] () -- C:\Users\ellyangel\AppData\Local\Ilesaf.bin [2010/10/08 23:00:10 | 000,000,020 | ---- | C] () -- C:\Users\ellyangel\AppData\Roaming\ldcpfk.dat [2010/05/06 22:22:02 | 000,000,036 | ---- | C] () -- C:\Users\ellyangel\AppData\Local\housecall.guid.cache [2009/10/07 19:30:27 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/05/19 11:16:39 | 000,000,112 | ---- | C] () -- C:\Users\ellyangel\AppData\Roaming\wklnhst.dat [2008/11/30 13:51:47 | 000,000,680 | ---- | C] () -- C:\Users\ellyangel\AppData\Local\d3d9caps.dat [2008/10/29 15:02:18 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2008/10/29 14:57:16 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008/10/25 15:11:55 | 000,026,624 | ---- | C] () -- C:\Users\ellyangel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/23 23:47:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/08/29 11:00:21 | 000,006,048 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2008/08/19 02:02:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/08/19 02:02:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008/08/19 01:53:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008/08/19 01:43:17 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/08/19 01:37:28 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004/02/27 17:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:793F316E @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DAFD38AE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C46995DA @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:4220A65C @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:2F141B68 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F65733F1 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:9F683177 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:C946DB94 @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:753F86A9 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10/26/2010 4:23:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\ellyangel\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.89 Gb Total Space | 18.42 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Drive D: | 50.89 Gb Total Space | 50.73 Gb Free Space | 99.69% Space Free | Partition Type: NTFS
Computer Name: ELLYANGEL-PC | User Name: ellyangel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D13A087-978A-41DD-A392-F40B50C7EB19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{132A5CD1-E54E-4F59-AEEF-47FCD25E9F36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AEAEDDD-618E-4BF6-969E-33221F829D86}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{615D584C-848C-4A9D-B366-2581EAC47DD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{81786189-9098-484F-A46A-9C3E2BCDB604}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{9BCD1C92-0D26-4F15-94D2-366A67F5AB53}" = lport=9000 | protocol=6 | dir=in | name=icall port |
"{A2E0ECA3-DA56-495C-8E8C-C89680462381}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C588581E-D1D1-4A62-8B4A-6DEBE837BB91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CBB83891-1694-44CC-B757-9BEECD98C4A3}" = lport=4255 | protocol=17 | dir=in | name=icall port |
"{EBF851BA-1F98-4E5C-8E4E-B19FC0037B1E}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CC8ABB-4A22-42E0-8026-C686960E65B4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0E95ED54-4281-4CB0-8CF5-6D4597073AF0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{1322F43A-C0A2-4512-A588-AB4E00B73CC3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{177CC95A-9FBB-47C2-A22A-8F3DC878AAA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2BC2204A-B74A-4B43-8132-DB89B04C2CDB}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{2F02991F-C6F6-4013-A9BE-E87FF86BACED}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{4416A41C-2C98-428F-9431-8D15C475428F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{48BADDD7-E94B-4784-80B3-7B526F5A5F1C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{4DC1A946-C399-4028-8874-11545A3CAC36}" = protocol=6 | dir=out | app=system |
"{5586C986-98D2-48FB-A1D7-7528F198F029}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{5BE3165B-E617-4D35-B691-37E603E67A36}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{69814CA6-9F3C-462C-AC12-CB045D3747A4}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{6A59C664-39C7-4CFB-8D28-0CD1E331350F}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{6D8EDB31-338D-4915-A1DD-E0CADC44F7B4}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{72097E4D-044E-4B8D-9645-B6F6FB39147C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{72813EC9-08EE-4F3A-A01E-0ADB1501F50F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{8AE136F0-B16E-4D3E-BC18-9D8A7BADE25C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BA57F9E5-B21E-4380-9731-9F806FEF0A8C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BD515367-AC2D-4F65-80A9-504C8B335478}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E8B455EA-1548-4C42-BA01-0CFE52C27BE5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{ED96B05F-8294-4D8E-99AA-F9DF543BD6A2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FC6092C1-F0AF-4D6A-B4B9-0764A2014E9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{647A7AF7-95A0-44FC-A77E-D0B52A14E15E}C:\program files\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |
"TCP Query User{DF81E862-F830-4C73-864C-9B8CB14AB968}C:\program files\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |
"UDP Query User{5A9787F7-FCA1-4D52-A15D-0D657E2E8613}C:\program files\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |
"UDP Query User{921DEE47-64E4-499C-839F-1F07B8BB1C8A}C:\program files\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Betaversion)
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DE18AB5-540B-4981-87D5-6CF7E923D983}_is1" = CyberDefender Registry Cleaner
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110080840}" = Cue Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"BearShare MediaBar" = MediaBar 2.0
"Canon MX300 series User Registration" = Canon MX300 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MessengerDiscovery 2.1_is1" = MessengerDiscovery 2.1.79
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"N360" = Norton 360
"NSS" = Norton Security Scan
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 5/22/2009 1:33:38 PM | Computer Name = ellyangel-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 9/21/2010 11:58:16 PM | Computer Name = ellyangel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/9/2010 12:12:39 AM | Computer Name = ellyangel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/9/2010 12:52:40 AM | Computer Name = ellyangel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/9/2010 2:05:35 AM | Computer Name = ellyangel-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 588 Start Time: 01cb676dc078d579 Termination Time: 236
Error - 10/9/2010 3:21:07 PM | Computer Name = ellyangel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/9/2010 3:52:16 PM | Computer Name = ellyangel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/9/2010 5:31:08 PM | Computer Name = ellyangel-PC | Source = Perflib | ID = 1010
Description =
Error - 10/9/2010 5:31:09 PM | Computer Name = ellyangel-PC | Source = Perflib | ID = 1008
Description =
Error - 10/10/2010 3:50:04 PM | Computer Name = ellyangel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/10/2010 4:05:22 PM | Computer Name = ellyangel-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10/24/2010 7:39:57 PM | Computer Name = ellyangel-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 10/25/2010 11:44:38 AM | Computer Name = ellyangel-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10/25/2010 9:46:34 PM | Computer Name = ellyangel-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10/25/2010 9:47:03 PM | Computer Name = ellyangel-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10/26/2010 11:58:57 AM | Computer Name = ellyangel-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10/26/2010 12:01:04 PM | Computer Name = ellyangel-PC | Source = bowser | ID = 8003
Description =
Error - 10/26/2010 3:07:32 PM | Computer Name = ellyangel-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10/26/2010 4:56:56 PM | Computer Name = ellyangel-PC | Source = DCOM | ID = 10010
Description =
Error - 10/26/2010 4:59:09 PM | Computer Name = ellyangel-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 10/26/2010 4:59:16 PM | Computer Name = ellyangel-PC | Source = HTTP | ID = 15016
Description =
< End of report >
|
|
27.10.2010, 22:30
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | keylogger oder spyware drauf?Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ |
|
28.10.2010, 02:24
| #3 |
| | keylogger oder spyware drauf? Hier der VOLLSCAN......ist alles ok????
__________________alwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4968 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 10/27/2010 6:58:27 PM mbam-log-2010-10-27 (18-58-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 285241 Laufzeit: 1 Stunde(n), 46 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
28.10.2010, 18:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keylogger oder spyware drauf? Wieviele Durchgänge hast Du jetzt insgesamt mit Malwarebytes gemacht? Ich hab den Eindruck da sind noch weitere Logs vin diesem Tool.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.10.2010, 18:54
| #5 |
| | keylogger oder spyware drauf? Insgesamt 2 Durchlaufe, einmal quick scan und ein Full scan. Soll ich nochmal durchlaufen lassen? kannst Du schon was erkennen? |
|
28.10.2010, 19:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keylogger oder spyware drauf? Nein ist schon ok. Ich wollte nur wissen, ob Du vllt noch Logs hast, aber diese noch nicht gepostet wurden. Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (ZEHHZV) -- C:\Users\ELLYAN~1\AppData\Local\Temp\ZEHHZV.exe File not found
SRV - (ZCGN) -- C:\Users\ELLYAN~1\AppData\Local\Temp\ZCGN.exe File not found
SRV - (UAKIBV) -- C:\Users\ELLYAN~1\AppData\Local\Temp\UAKIBV.exe File not found
SRV - (RUAGSMJWWDLST) -- C:\Users\ELLYAN~1\AppData\Local\Temp\RUAGSMJWWDLST.exe File not found
[2010/10/10 11:01:08 | 000,000,000 | ---- | M] () -- C:\Users\ellyangel\AppData\Local\Ilesaf.bin
[2010/10/09 16:24:08 | 000,507,400 | ---- | M] () -- C:\Users\ellyangel\Documents\sdasetup[1].exe
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DAFD38AE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C46995DA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:4220A65C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:2F141B68
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F65733F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:9F683177
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:C946DB94
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:753F86A9
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> keylogger oder spyware drauf? |
|
28.10.2010, 23:08
| #7 |
| | keylogger oder spyware drauf? Ja, ok hab ich gemacht aber ich glaube ich habe was verissen dabei bzw falsch gemacht, hoffe ist nicht allzu schlimm. Habe das alles reinkopiert und auf fix geklickt als er fertig war blieb in dem Feld unten wo das Kopierte stand ....[emptytemp]....uebrig. Habe dann nochmal auf fix geklickt. Danach ist der Laptop runtergefahren von selber. Nach dem Neustart hatte ich zwei logfiles auf dem desktop . [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 [LocalizedFileNames] Microsoft Office - 60 Day Trial.lnk=@C:\PROGRA~1\MICROS~4\mui\oaa.dll,-103 Norton 360.lnk=@C:\PROGRA~1\NORTON~3\Branding\muis.dll,-109 [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 Was sagst Du? Danke Elke |
|
29.10.2010, 12:28
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keylogger oder spyware drauf? Das wollte ich nicht sehen. Ich wollte das Log vom OTL-Fix sehen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.10.2010, 17:32
| #9 |
| | keylogger oder spyware drauf? Da kam kein Log vom OTL - Fix, der Pc ist sofort runter gefahren nach dem scan. Ist es irgendwo gespeichert oder soll ich es nochmal versuchen? |
|
30.10.2010, 20:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keylogger oder spyware drauf? Schau nach in C:\_OTL - da müsste eine Textdatei sein.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.10.2010, 08:34
| #11 |
| | keylogger oder spyware drauf? Hab ich gefunden in C:\_OTL , aber....wenn ich oeffnen will oeffnet er ein neues Fenster als Moved Files, wenn ich das oeffnen will kommt neues Fenster mit einem File Foler und einem ONETOC2 Folder, dann wiederum neues Fenster mit 3 Files ( C_Users, C_Windows und ONETOC2 ) dann bei C_Users gehts weiter...ellyangel-App Data-Local- dann ein BIN File ( Ilesaf.bin) der sich aber nicht offnen laesst. Bei C_Windows schickt er mich..System32-drivers-etc-hosts. Nichts laesst sich offnen. Was soll ich jetzt machen??? Sorry, aber es ist so wichtig fuer mich zu wissen ob mein PC sauber ist. Danke |
|
31.10.2010, 13:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keylogger oder spyware drauf? Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2010, 23:58
| #13 |
| | keylogger oder spyware drauf? Ich habe es geschickt im uploadchannel...kann es aber hier nicht sehen. Bitte lass mich wissen ob Du es bekommen hast? |
|
02.11.2010, 15:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keylogger oder spyware drauf? Die sind angekommen, aber die Dateien sind leer - 0 byte groß. Sind die bei Dir auch leer?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.11.2010, 17:50
| #15 |
| | keylogger oder spyware drauf? Ich habs ochmal geschickt im upload channel. Size ist 371 KB (380,656 bytes). Bitte schau nochmal......und lass mich wissen . Danke |
|
| Themen zu keylogger oder spyware drauf? |
| 0 bytes, acer, adobe, alternate, antivirus, auswerten...hijackthis, avast!, bho, canon, components, corp./icp, desktop, explorer, firefox.exe, google, google chrome, hijack, hijackthis, hkus\s-1-5-18, install.exe, internet, internet explorer, intrusion prevention, keylogger, launch, location, messenger, micro, microsoft, microsoft office word, msvcp90.dll, nvstor.sys, office 2007, oldtimer, otl.exe, plug-in, programdata, registry, registry cleaner, rundll, saver, security scan, security update, shell32.dll, software, spyware, symantec, system, temp, trojan.agent.u, vista, windows, wmp |
Linear-Darstellung
