Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus or Trojan I think? [Solved]

Started by Woodpecker22 , Jan 12 2010 02:12 PM

  • This topic is locked This topic is locked

#1
Woodpecker22
Posted 12 January 2010 - 02:12 PM

Woodpecker22

    Member

  • Member
  • PipPip
  • 21 posts
I have some sort of a Virus or Trojan on my System, I cannot open IE,Firefox or Safari also cannot open Avira anti virus, it just gives me a message saying 'could not open will check for solutions' , when I try to go through the control pannel my system crashes and gives me a bluescreen. Also I have tried to do a System restore but it says 'one of the drives is not responding' or something similar.

EDIT sorry did not read the sticky here are my logs in order ark.txt,otl.txt,extras.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 22:56:04
Windows 6.0.6002 Service Pack 2
Running: wow2.exe; Driver: C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\ufryafow.sys


---- System - GMER 1.0.15 ----

Code 86F3E208 ZwEnumerateKey
Code 86F86EB8 ZwFlushInstructionCache
Code 86F49B55 IofCallDriver
Code 87044DB6 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\H8SRTstyuivvtfm.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTstyuivvtfm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTstyuivvtfm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTstjbynysps.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTeptvmopplx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTnuqobcmpcr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTuxeviqxoon.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTstyuivvtfm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTstyuivvtfm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTstjbynysps.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTeptvmopplx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTnuqobcmpcr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTuxeviqxoon.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x1B 0x59 0xF4 0x25 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\S.A.D\i-Studio\x00a03\hdx4_dshow.dll 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\S.A.D\i-Studio\x00a03\HDX4AACDecoder.ax 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\S.A.D\i-Studio\x00a03\HDX4AMRDecoder.ax 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\S.A.D\i-Studio\x00a03\HDX4mp4Source.ax 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\S.A.D\i-Studio\x00a03\RecDev.dll 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\S.A.D\i-Studio\x00a03\SoftCore.dll 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\S.A.D\i-Studio\x00a03\wnaspi32.dll 1
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823

---- Files - GMER 1.0.15 ----

File C:\Users\Benno Mosser\AppData\Local\Temp\h8srtmainqt.dll 0 bytes
File C:\Windows\System32\drivers\H8SRTstyuivvtfm.sys 40448 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\H8SRTeptvmopplx.dat 245 bytes
File C:\Windows\System32\H8SRTnuqobcmpcr.dll 36864 bytes executable
File C:\Windows\System32\H8SRTstjbynysps.dll 23040 bytes executable
File C:\Windows\System32\H8SRTuxeviqxoon.dll 40960 bytes executable
File C:\Windows\Temp\H8SRT1c08.tmp 246 bytes
File C:\Windows\Temp\H8SRT694d.tmp 245 bytes
File C:\Windows\Temp\H8SRTdc98.tmp 679936 bytes executable

---- EOF - GMER 1.0.15 ----










OTL logfile created on: 12/01/2010 23:00:04 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 209.81 Gb Total Space | 129.35 Gb Free Space | 61.65% Space Free | Partition Type: NTFS
Drive D: | 23.06 Gb Total Space | 13.19 Gb Free Space | 57.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 6.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHILIPMOSSER-PC
Current User Name: Benno Mosser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/12 21:19:02 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.com.exe
PRC - [2010/01/05 22:50:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/23 20:49:50 | 00,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 08:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/07 18:28:29 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007/09/19 13:50:44 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/04 19:51:38 | 01,702,360 | ---- | M] () -- C:\Program Files\NETGEAR\WN111\wn111.exe
PRC - [2007/09/04 11:41:00 | 00,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007/09/04 11:39:54 | 00,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2007/08/31 10:41:56 | 01,021,224 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/08/31 10:04:26 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/16 09:31:40 | 01,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007/07/12 15:36:12 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 15:36:10 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/13 17:14:28 | 00,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007/04/13 17:14:26 | 00,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007/03/18 19:19:16 | 00,917,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
PRC - [2007/01/09 09:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2001/11/12 12:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2010/01/12 21:19:02 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.com.exe
MOD - [2009/04/11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/23 20:49:50 | 00,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 06:49:12 | 00,103,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\nxcezmt.dll -- (ptkcotds)
SRV - [2008/01/07 18:28:29 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007/10/15 09:15:08 | 00,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/09/11 14:37:58 | 00,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007/09/04 11:39:54 | 00,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/08/16 09:31:40 | 01,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007/07/12 15:36:12 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/04/13 17:14:26 | 00,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007/01/09 09:25:30 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 12:31:48 | 00,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 20:40:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 22:18:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/21 22:23:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/12/23 20:56:08 | 00,000,000 | ---D | M]

[2010/01/12 20:40:54 | 00,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions
[2010/01/12 21:42:34 | 00,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\gqpyz5eb.default\extensions
[2010/01/11 01:36:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: () - {99275601-976E-44EA-9F96-E4F311F7C026} - C:\Windows\System32\nxcezmt.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [settdebugx.exe] C:\Windows\System32\config\SYSTEM~1\AppData\Local\Temp\settdebugx.exe File not found
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\joamenwk: DllName - nxcezmt.dll - C:\Windows\System32\nxcezmt.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/12/28 21:21:54 | 00,065,536 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/01/24 13:23:54 | 00,000,046 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d962cba5-f894-11de-a703-0016d3888721}\Shell - "" = AutoRun
O33 - MountPoints2\{d962cba5-f894-11de-a703-0016d3888721}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2006/12/28 21:21:54 | 00,065,536 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/08/12 20:50:01 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: ptkcotds - C:\Windows\System32\nxcezmt.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/12 22:03:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\WinRAR
[2010/01/12 22:02:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/12 22:02:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/12 22:02:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/12 22:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/12 21:50:40 | 05,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Windows\system32\config\systemprofile\Desktop\wow.exe
[2010/01/12 21:50:22 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/12 21:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/12 21:47:19 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Windows\system32\config\systemprofile\Desktop\erunt_setup.exe
[2010/01/12 21:27:19 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\TFC.exe
[2010/01/12 21:19:02 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.com.exe
[2010/01/12 20:40:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla
[2010/01/12 20:40:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Mozilla
[2010/01/12 20:40:00 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Tracing
[2010/01/12 19:32:03 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Spyware Terminator
[2010/01/12 19:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malware Defense
[2010/01/12 19:30:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Apple Computer
[2010/01/12 19:29:59 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/01/12 19:29:22 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Downloads
[2010/01/12 19:29:21 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Videos
[2010/01/12 19:29:21 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Pictures
[2010/01/12 19:29:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2010/01/12 19:29:08 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2010/01/12 19:29:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2010/01/12 19:29:04 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2010/01/04 16:53:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2010/01/04 16:53:05 | 00,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/01/04 16:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/01/04 11:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/01/03 20:32:43 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/01/01 02:48:48 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/12/31 12:36:30 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2007/10/22 12:45:46 | 00,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/10/22 12:45:45 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 14 Days ==========

[2010/01/12 22:57:59 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E3BD2C64-716A-4ED2-85CA-1D6B25E51F4E}.job
[2010/01/12 22:02:24 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/12 21:59:23 | 05,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Windows\system32\config\systemprofile\Desktop\wow.exe
[2010/01/12 21:49:33 | 00,000,749 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\NTREGOPT.lnk
[2010/01/12 21:49:33 | 00,000,730 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\ERUNT.lnk
[2010/01/12 21:48:18 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Windows\system32\config\systemprofile\Desktop\erunt_setup.exe
[2010/01/12 21:42:49 | 00,028,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\nvModes.dat
[2010/01/12 21:42:49 | 00,028,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\nvModes.001
[2010/01/12 21:42:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/12 21:41:33 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 21:41:33 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 21:41:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/12 21:41:04 | 21,458,37056 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 21:27:38 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\TFC.exe
[2010/01/12 21:19:02 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.com.exe
[2010/01/12 20:46:10 | 01,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/12 20:46:10 | 00,630,948 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/01/12 20:46:10 | 00,608,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/12 20:46:10 | 00,131,226 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/01/12 20:46:10 | 00,109,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/12 20:36:49 | 02,614,954 | -H-- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\IconCache.db
[2010/01/12 20:27:27 | 38,030,0250 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/12 19:42:03 | 00,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/01/12 15:51:12 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/01/12 12:59:06 | 00,000,434 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/01/10 22:14:24 | 00,000,398 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/05 21:25:26 | 00,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010/01/05 21:25:26 | 00,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010/01/05 21:25:26 | 00,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010/01/05 13:40:05 | 00,000,246 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2010/01/04 16:53:09 | 00,017,192 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010/01/04 16:53:09 | 00,001,690 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/01/04 16:53:06 | 00,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/01/04 16:53:06 | 00,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2009/12/31 12:36:30 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/12/31 11:43:58 | 00,000,873 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/31 11:39:48 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini

========== Files Created - No Company Name ==========

[2010/01/12 22:04:46 | 00,293,376 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\wow2.exe
[2010/01/12 22:02:24 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/12 21:49:33 | 00,000,749 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\NTREGOPT.lnk
[2010/01/12 21:49:33 | 00,000,730 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\ERUNT.lnk
[2010/01/12 20:39:53 | 00,028,000 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\nvModes.001
[2010/01/12 20:35:31 | 00,028,000 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\nvModes.dat
[2010/01/11 18:35:15 | 00,000,434 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/01/04 16:55:25 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/01/04 16:55:25 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/01/04 16:55:25 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/01/04 16:53:09 | 00,017,192 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/01/04 16:53:09 | 00,001,690 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/01/04 16:53:06 | 00,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2009/12/31 11:43:58 | 00,000,873 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/31 11:42:39 | 00,000,246 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2009/12/31 11:39:48 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/23 20:49:50 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/12/02 18:02:50 | 01,632,887 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2009/12/02 17:56:10 | 04,840,081 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/11/04 19:45:44 | 00,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/11/04 19:43:20 | 00,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/11/03 21:11:22 | 00,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/11/03 21:11:00 | 00,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/11/03 21:10:42 | 00,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/11/03 21:09:18 | 00,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/11/03 21:08:58 | 00,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/11/03 21:08:12 | 00,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/11/03 21:07:16 | 00,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/11/03 20:36:06 | 00,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/11/03 20:34:56 | 00,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/11/03 20:34:38 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/03 19:07:24 | 00,895,308 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/03 19:05:02 | 00,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/10/27 23:46:26 | 00,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/10/21 08:37:14 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/29 08:55:57 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/21 21:56:26 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/01/21 21:56:25 | 00,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/21 11:50:24 | 00,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/01/21 11:50:24 | 00,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/01/21 11:43:51 | 00,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/01/10 23:17:32 | 00,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 23:16:56 | 00,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 23:16:50 | 00,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 23:16:14 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 23:15:54 | 00,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 23:15:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 23:15:32 | 00,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 23:15:28 | 00,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 23:15:12 | 00,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 23:14:08 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 23:14:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 23:11:50 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 17:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/07 18:28:46 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/12/27 13:25:59 | 00,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/10/25 09:43:09 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/10/25 09:43:08 | 00,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/10/23 05:51:49 | 00,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2007/10/23 03:39:12 | 00,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007/10/23 03:39:12 | 00,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007/10/23 03:20:15 | 00,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/10/22 12:45:45 | 01,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/10/22 12:45:45 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/10/22 12:45:45 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/10/22 12:45:45 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007/10/13 10:30:20 | 00,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/09/18 08:33:27 | 00,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2007/09/12 08:36:27 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/12 08:35:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/09/12 08:35:31 | 00,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006/11/02 14:02:10 | 00,000,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/01/12 12:59:06 | 00,000,434 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/01/12 21:41:33 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/10 22:14:24 | 00,000,398 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010/01/12 22:57:59 | 00,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E3BD2C64-716A-4ED2-85CA-1D6B25E51F4E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/04/17 09:30:38 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007/04/17 09:30:38 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008/02/17 17:37:53 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/17 17:37:53 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/17 17:37:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/17 17:37:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 21:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2009/12/23 23:04:22 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007/07/12 15:35:44 | 00,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >










OTL Extras logfile created on: 12/01/2010 23:00:04 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 209.81 Gb Total Space | 129.35 Gb Free Space | 61.65% Space Free | Partition Type: NTFS
Drive D: | 23.06 Gb Total Space | 13.19 Gb Free Space | 57.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 6.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHILIPMOSSER-PC
Current User Name: Benno Mosser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-86674787-822068555-128484576-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F348373-748B-4B70-93D5-5AF73B5C4714}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8B1E8FC2-C768-43BC-BF3F-57FAED84F085}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE4DB0AA-2147-4B38-A96D-8F5D01E9BFFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F365AB19-60AF-4DAB-A0A9-BDD15358C47F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022BEC5F-4776-41A9-B273-979091EBF42E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{03A74111-2DA6-41AC-BABD-C85E35289F7F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{03E8DB81-C4A7-4DC5-A4A6-3DDE8D925EE6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{046C0F9A-7442-4C6E-AFB2-6B93CB2A07FE}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{075CFCF0-5E12-4905-8771-DF8F973670D6}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0A05ADBF-E1C0-495E-968B-57B45F8F4CDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1419E62E-FC23-491E-923C-E100B737F7CE}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{20E000B0-E56E-4E1E-92A0-6783716DCFA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{244CD199-B060-4256-A6DA-24545B6EA89A}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{2B295A11-11D5-4634-AF67-ED634FA1AEB7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2E9337DE-E815-4F9C-B26C-06B0EE4B3B65}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3FDA1E37-A3A4-423C-A6F1-0F5E6E149CA4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4C0873A8-48EE-4ADB-A738-E100A30A26EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69BE9341-E8BE-4DBB-BBD8-94931C5A8732}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6A390413-15CC-49A0-B586-56E0BA99ED93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C0F08DF-1200-4088-8EF1-9EC286E95BDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{70B04270-8DCB-48EA-9D4B-4C5681E0344D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7DCE6BE7-8C71-41F6-8077-FEF98326F216}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{89A0DDAB-4AAA-4551-9C89-AD9146402B29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{935A3DFF-A84D-4917-A88B-18066ED05E8C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{99194A52-B709-4684-905A-5B11C495B353}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9BCBDA88-B6CC-49C4-B2AF-879EE7EBE400}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6094089-7AFA-4976-AD56-DDF6F01B6DCB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE1BCA90-B64C-423D-8AF4-8CB1A3AD584F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DB3ECFA8-2CE0-4160-A2A5-BBF64B9F7BFE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DF18028A-45E1-4942-B0F2-270D299E9122}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EB8B3EFA-1F99-473D-B2E6-3469FF6C4DE7}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{F086FA19-8659-4332-91B3-5329DC5515EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3319212-0879-4099-B3FC-CB85C6FE7C8C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{F9AFCB83-976F-4A12-AD4E-7F2C71312C9B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{FD0EC875-5BFA-46D0-8AFA-6E44C4FAC4C7}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{10CD1A52-2F65-4535-8071-DD6708D7C20A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{334DDE28-955F-4FAE-B30F-7E673677168F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{91C421AB-40AE-4C31-B458-181AFFADCC42}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{D3AE8110-563D-4566-856F-ACF2BC390DA3}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{EBEA89EC-FF4B-4BF4-AF8F-6D9749971893}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{18739A1A-8E84-4051-99C1-E40367A4F9E3}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{95B0C3D2-75A7-417E-B6D7-0DE422E88497}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9C253487-F918-45FE-8F2D-C075AC6D4D72}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{AC3165F8-65EF-42AA-BF37-C89CEC7606E2}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{F5BB21A0-A816-40FF-B3F6-32CFEEB70A08}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A817E8DF-08EE-472E-0001-87A658FA101C}" = i-Studio 3
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8B5182-6F21-4DB1-9E17-E157966659E7}" = AuthenTec Fingerprint Sensor Minimum Install
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.74
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Foxit Reader" = Foxit Reader
"Free RAR Extract Frog" = Free RAR Extract Frog
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}" = Belkin F6D4050 Enhanced Wireless USB Adapter
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.1
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.85
"Smart Defrag_is1" = Smart Defrag
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware™

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/08/2009 10:11:41 | Computer Name = BennoMosser-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/09/2009 07:03:22 | Computer Name = BennoMosser-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 17/09/2009 07:33:53 | Computer Name = BennoMosser-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18813 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ffc Start Time: 01ca378081ffa9b0 Termination Time: 0

Error - 18/09/2009 02:45:34 | Computer Name = BennoMosser-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module AcroRd32.dll, version 8.1.2.86, time stamp 0x478854a9, exception
code 0xc0000005, fault offset 0x00003b56, process id 0x174c, application start time
0x01ca382b9a4012c0.

Error - 24/09/2009 03:53:04 | Computer Name = BennoMosser-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30/09/2009 07:15:43 | Computer Name = BennoMosser-PC | Source = RasClient | ID = 20227
Description =

Error - 30/09/2009 07:16:35 | Computer Name = BennoMosser-PC | Source = RasClient | ID = 20227
Description =

Error - 30/09/2009 07:18:16 | Computer Name = BennoMosser-PC | Source = RasClient | ID = 20227
Description =

Error - 02/10/2009 03:45:45 | Computer Name = BennoMosser-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/10/2009 15:06:12 | Computer Name = BennoMosser-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18813 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2d8 Start Time: 01ca46b642787070 Termination Time: 0

[ Media Center Events ]
Error - 30/12/2009 17:17:17 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 30/12/2009 17:17:17 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 05/01/2010 09:00:05 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 4
Description = Event Info: An unknown connection failure occurred. Windows Media
Center was unable to connect to the Internet. See Help for more information. Process:
DefaultDomain Object Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 06/01/2010 12:29:24 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 06/01/2010 12:29:24 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 07/01/2010 09:01:16 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 07/01/2010 09:09:43 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 08/01/2010 09:08:20 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 08/01/2010 09:08:20 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 13
Description = Event Info: Failure attempting to download new Guide data. Please
check your Internet connection settings. If you are connecting through a firewall
or proxy, please verify that it has been properly configured. Process: DefaultDomain
Object
Name: Microsoft.Ehome.Epg.EhepgdatSingleton

Error - 08/01/2010 09:08:55 | Computer Name = PhilipMosser-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2010 16:42:38 | Computer Name = PhilipMosser-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >

Edited by Woodpecker22, 12 January 2010 - 04:23 PM.

  • 0

Advertisements

#2
Rorschach112
Posted 12 January 2010 - 05:20 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O32 - AutoRun File - [2006/12/28 21:21:54 | 00,065,536 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/01/24 13:23:54 | 00,000,046 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d962cba5-f894-11de-a703-0016d3888721}\Shell - "" = AutoRun
O33 - MountPoints2\{d962cba5-f894-11de-a703-0016d3888721}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2006/12/28 21:21:54 | 00,065,536 | R--- | M] ()
NetSvcs: ptkcotds - C:\Windows\System32\nxcezmt.dll (Microsoft Corporation)



:Services

:Reg

:Files
C:\Windows\tasks\At*.job
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the Avenger folder to your desktop
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
H8SRTd.sys 

Files to delete:
C:\Users\Benno Mosser\AppData\Local\Temp\h8srtmainqt.dll 
C:\Windows\System32\drivers\H8SRTstyuivvtfm.sys 
C:\Windows\System32\H8SRTeptvmopplx.dat 
C:\Windows\System32\H8SRTnuqobcmpcr.dll 
C:\Windows\System32\H8SRTstjbynysps.dll 
C:\Windows\System32\H8SRTuxeviqxoon.dll 
C:\Windows\Temp\H8SRT1c08.tmp 
C:\Windows\Temp\H8SRT694d.tmp 
C:\Windows\Temp\H8SRTdc98.tmp 
C:\Windows\System32\nxcezmt.dll
C:\Windows\System32\srcr.dat
C:\Windows\System32\krl32mainweq.dll
C:\ProgramData\sysReserve.ini
C:\Windows\system32\config\systemprofile\Desktop\wow2.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
  • 0

#3
Woodpecker22
Posted 12 January 2010 - 05:59 PM

Woodpecker22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for youre help everything seems to be fine now but i had to restart the computer by hand when it got a blue screen after the avenger restart, this is the message details windows has given me,

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 10d
BCP1: 00000005
BCP2: 00000000
BCP3: 00001028
BCP4: 911A8008
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini011310-01.dmp
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER-73679-0.sysdata.xml
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER9108.tmp.version.txt

Read our privacy statement:
http://go.microsoft....mp;clcid=0x0409



here is the contents of the file avenger.txt

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTstyuivvtfm.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "H8SRTd.sys" deleted successfully.
File "C:\Users\Benno Mosser\AppData\Local\Temp\h8srtmainqt.dll" deleted successfully.
File "C:\Windows\System32\drivers\H8SRTstyuivvtfm.sys" deleted successfully.
File "C:\Windows\System32\H8SRTeptvmopplx.dat" deleted successfully.
File "C:\Windows\System32\H8SRTnuqobcmpcr.dll" deleted successfully.
File "C:\Windows\System32\H8SRTstjbynysps.dll" deleted successfully.
File "C:\Windows\System32\H8SRTuxeviqxoon.dll" deleted successfully.
File "C:\Windows\Temp\H8SRT1c08.tmp" deleted successfully.
File "C:\Windows\Temp\H8SRT694d.tmp" deleted successfully.
File "C:\Windows\Temp\H8SRTdc98.tmp" deleted successfully.

Error: file "C:\Windows\System32\nxcezmt.dll" not found!
Deletion of file "C:\Windows\System32\nxcezmt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\System32\srcr.dat" deleted successfully.
File "C:\Windows\System32\krl32mainweq.dll" deleted successfully.
File "C:\ProgramData\sysReserve.ini" deleted successfully.
File "C:\Windows\system32\config\systemprofile\Desktop\wow2.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




I hope this is finally my problem solved as this is my brothers laptop and he didnt even know it had a virus on it!

Also Avira never used to open on startup and now it does and it is saying that otl.exe is a problem or something i cant read it properly as my bro bought this computer in Austria and the Avira version is in german.

And lastly do you have any tips on how to make this PC run a bit faster or am I pushing my luck

Thank You for all youre help Fliss x



also now I cant play music as it is saying my soundcard isnt installed or doesnt exist, skype also does not work sorry to bother x

Edited by Woodpecker22, 12 January 2010 - 06:24 PM.

  • 0

#4
Rorschach112
Posted 12 January 2010 - 06:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I will give you some tips a tthe end

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
Woodpecker22
Posted 12 January 2010 - 07:14 PM

Woodpecker22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I did it once and there was no log, twice and no log but if i search then i find the file ComboFix.txt all it has in is this

ComboFix 10-01-12.02 - SYSTEM 13/01/2010 1:52:13.1.2 - x86
Running from: C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
.

also all the programs that usually startup automatically are not there anymore, this is not really a problem for my brother i dont think (if anything it makes the PC go faster) just including it incase it means something.
  • 0

#6
Rorschach112
Posted 12 January 2010 - 07:22 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
Woodpecker22
Posted 12 January 2010 - 08:14 PM

Woodpecker22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Funny thing happened after I rebooted after using the Malware program, ComboFix was there and ,all my normal programs started as usual, said it was creating the log so I waited and then tried to open the other Malware log to check it, it said registry files have been marked to delete or something so I rebooted again and now all files can be opened here are the ComboFixx and Malware logs in that order, i will do the kapersky aswell now but I have a very slow internet connection here so it might take a while.

EDIT/ My connection is capped at 12kbps and one of these downloads for Kaspersky 79079kb so it will take atleast an hour or two i think



ComboFix 10-01-12.02 - SYSTEM 13/01/2010 1:52.1.2 - x86
Running from: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Malware Defense

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Apple Mobile Device


((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-13 01:40 . 2010-01-13 01:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-01-13 01:01 . 2010-01-13 01:41 -------- d-----w- c:\users\Benno Mosser\AppData\Local\temp
2010-01-13 01:01 . 2010-01-13 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 01:01 . 2010-01-13 01:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-01-13 00:50 . 2010-01-13 00:51 -------- d-----w- C:\32788R22FWJFW
2010-01-13 00:01 . 2010-01-13 00:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Skype
2010-01-12 23:33 . 2010-01-12 23:33 -------- d-----w- C:\_OTL
2010-01-12 21:02 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 21:02 . 2010-01-12 21:02 -------- d-----w- c:\programdata\Malwarebytes
2010-01-12 21:02 . 2010-01-12 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:02 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 20:49 . 2010-01-12 20:49 -------- d-----w- c:\program files\ERUNT
2010-01-12 19:40 . 2010-01-12 19:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-01-12 19:40 . 2010-01-13 01:57 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-01-12 18:32 . 2010-01-12 18:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Spyware Terminator
2010-01-12 18:30 . 2010-01-12 18:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apple Computer
2010-01-12 18:29 . 2010-01-12 18:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-01-08 11:03 . 2010-01-08 11:03 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\DivX
2010-01-05 21:50 . 2010-01-05 21:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 15:55 . 2010-01-05 20:25 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-04 15:55 . 2010-01-05 20:25 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-04 15:55 . 2010-01-05 20:25 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-01-04 15:53 . 2010-01-04 15:53 17192 ----a-w- c:\windows\DIIUnin.dat
2010-01-04 15:53 . 2010-01-04 15:53 2829 ----a-w- c:\windows\DIIUnin.pif
2010-01-04 15:53 . 2010-01-04 15:53 102400 ----a-w- c:\windows\DIIUnin.exe
2010-01-04 15:41 . 2010-01-04 23:17 -------- d-----w- c:\program files\Diablo II
2010-01-03 19:32 . 2010-01-03 19:32 -------- d-sh--w- c:\windows\ftpcache
2010-01-01 01:48 . 2010-01-01 01:48 -------- d-----w- c:\program files\VS Revo Group
2009-12-31 11:36 . 2009-12-31 11:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-30 10:22 . 2009-12-30 10:22 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Sonavis
2009-12-23 22:52 . 2009-12-23 22:52 -------- d-----w- c:\program files\Common Files\Skype
2009-12-23 22:52 . 2009-12-23 22:52 -------- d-----r- c:\program files\Skype
2009-12-23 22:44 . 2010-01-01 01:52 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\CBS Interactive
2009-12-23 20:03 . 2009-12-23 20:03 -------- d-----w- c:\windows\system32\custom matrices
2009-12-23 20:03 . 2009-12-23 20:03 -------- d-----w- c:\windows\system32\C2MP
2009-12-23 20:03 . 2009-12-23 20:03 -------- d-----w- c:\windows\system32\QuickTime
2009-12-23 19:59 . 2009-12-23 19:59 -------- d-----w- c:\users\Benno Mosser\AppData\Local\Mozilla
2009-12-23 19:57 . 2009-12-23 19:57 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\IObit
2009-12-23 19:57 . 2009-12-23 19:57 -------- d-----w- c:\program files\IObit
2009-12-23 19:56 . 2009-12-23 19:56 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Foxit
2009-12-23 19:56 . 2009-12-23 19:56 -------- d-----w- c:\program files\Foxit Software
2009-12-23 19:54 . 2009-12-23 19:54 -------- d-----w- c:\program files\YouTube Downloader
2009-12-23 19:49 . 2009-12-23 19:49 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-23 19:49 . 2010-01-12 19:25 -------- d-----w- c:\programdata\Spyware Terminator
2009-12-23 19:49 . 2010-01-12 18:55 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Spyware Terminator
2009-12-23 19:49 . 2010-01-12 19:25 -------- d-----w- c:\program files\Spyware Terminator
2009-12-23 17:01 . 2009-12-23 17:01 -------- d-----w- c:\program files\Belkin
2009-12-23 17:00 . 2009-12-23 17:00 -------- d-----w- c:\windows\{87148734-424B-4DD9-89B9-1413C2840D29}
2009-12-22 14:41 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-22 14:41 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-22 14:41 . 2009-12-22 14:41 -------- d-----w- c:\programdata\Avira
2009-12-22 14:41 . 2009-12-22 14:41 -------- d-----w- c:\program files\Avira
2009-12-21 21:59 . 2009-12-21 21:59 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-21 21:59 . 2009-12-21 22:00 -------- d-----w- c:\program files\DivX
2009-12-21 21:59 . 2009-12-21 21:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-21 21:25 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-21 21:25 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-21 21:25 . 2009-12-21 21:25 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-21 21:24 . 2009-12-21 21:24 -------- d-----w- c:\program files\iPod
2009-12-21 21:24 . 2009-12-21 21:25 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-21 21:24 . 2009-12-21 21:25 -------- d-----w- c:\program files\iTunes
2009-12-21 21:22 . 2009-12-21 21:23 -------- d-----w- c:\program files\QuickTime
2009-12-20 22:33 . 2009-12-20 22:33 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Sierra
2009-12-17 16:33 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-17 12:54 . 2009-12-17 12:54 -------- d-----w- c:\program files\Free RAR Extract Frog
2009-12-16 20:55 . 2009-12-16 20:55 -------- d-----w- c:\programdata\Azureus
2009-12-16 20:55 . 2010-01-12 18:25 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Azureus
2009-12-16 20:54 . 2009-12-16 20:54 -------- d-----w- c:\program files\Vuze
2009-12-16 14:33 . 2009-12-16 14:33 133516 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 14:05 . 2009-12-16 14:05 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\en-US
2009-12-16 14:02 . 2009-12-16 14:05 -------- d-----w- c:\windows\system32\wbem\en-US
2009-12-16 14:02 . 2009-12-16 14:02 -------- d-----w- c:\windows\system32\0409
2009-12-16 14:02 . 2009-12-16 14:05 -------- d-----w- c:\windows\en-US
2009-12-16 14:02 . 2009-12-16 14:02 -------- d-----w- c:\windows\system32\en
2009-12-16 14:02 . 2009-12-16 14:05 -------- d-----w- c:\windows\system32\drivers\en-US
2009-12-16 13:59 . 2009-12-16 13:59 -------- d-----w- c:\windows\system32\Vistalizator
2009-12-15 21:22 . 2010-01-12 20:32 -------- d-----w- c:\users\Benno Mosser\Tracing
2009-12-15 21:20 . 2009-12-15 21:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-15 21:20 . 2009-12-15 21:20 -------- d-----w- c:\program files\Microsoft
2009-12-15 21:19 . 2009-12-15 21:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-15 19:54 . 2009-12-15 19:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-14 09:37 . 2009-12-14 09:37 0 ----a-w- c:\windows\nsreg.dat
2009-12-14 09:37 . 2009-12-14 09:37 -------- d-----w- c:\users\Benno Mosser\AppData\Local\Thunderbird
2009-12-14 09:37 . 2009-12-23 19:57 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-14 09:28 . 2009-12-14 09:37 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Thunderbird
2009-12-14 09:28 . 2009-12-14 09:28 -------- d-----w- C:\ThunderbirdPortable

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 00:09 . 2009-01-27 14:15 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\skypePM
2010-01-12 20:42 . 2010-01-12 19:35 28000 ----a-w- c:\windows\system32\config\systemprofile\AppData\Roaming\nvModes.dat
2010-01-12 19:46 . 2006-11-02 15:33 630948 ----a-w- c:\windows\system32\perfh007.dat
2010-01-12 19:46 . 2006-11-02 15:33 131226 ----a-w- c:\windows\system32\perfc007.dat
2010-01-12 15:49 . 2009-01-27 14:13 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Skype
2010-01-05 21:50 . 2007-10-23 00:27 -------- d-----w- c:\program files\Java
2010-01-05 21:26 . 2007-12-27 13:09 28000 ----a-w- c:\users\Benno Mosser\AppData\Roaming\nvModes.dat
2009-12-30 21:43 . 2008-03-09 12:46 -------- d-----w- c:\users\Benno Mosser\AppData\Roaming\Apple Computer
2009-12-23 22:52 . 2009-01-27 13:54 -------- d-----w- c:\programdata\Skype
2009-12-23 22:04 . 2007-09-18 07:02 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-23 22:04 . 2007-09-18 07:02 305176 ----a-w- c:\windows\system32\drivers\iaStor.svs
2009-12-23 19:49 . 2009-12-23 19:49 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-12-23 19:49 . 2009-12-23 19:49 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-12-23 17:02 . 2007-09-18 07:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 21:24 . 2008-03-09 12:43 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 21:18 . 2009-12-21 21:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-21 21:14 . 2008-04-27 09:32 -------- d-----w- c:\program files\Safari
2009-12-21 21:11 . 2009-12-21 21:11 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-16 14:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-16 14:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-16 14:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-16 14:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-16 14:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-16 14:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-16 14:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-15 21:21 . 2007-12-26 09:34 -------- d-----w- c:\program files\Windows Live
2009-12-15 21:21 . 2007-12-26 09:55 -------- d-----w- c:\program files\Windows Live Toolbar
2009-12-15 19:54 . 2007-12-25 10:51 98824 ----a-w- c:\users\Benno Mosser\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-14 14:33 . 2009-12-14 14:33 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-11 02:02 . 2007-10-23 00:41 -------- d-----w- c:\programdata\Microsoft Help
2009-12-02 17:02 . 2009-12-02 17:02 1632887 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-12-02 16:56 . 2009-12-02 16:56 4840081 ----a-w- c:\windows\system32\libavcodec.dll
2009-11-21 06:40 . 2009-12-10 08:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 08:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 08:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 08:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 11:53 . 2009-11-17 11:53 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 11:48 . 2009-11-17 11:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 11:48 . 2009-11-17 11:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-09 12:31 . 2009-12-12 15:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 15:21 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 15:21 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-04 18:45 . 2009-11-04 18:45 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-11-04 18:43 . 2009-11-04 18:43 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-11-03 20:11 . 2009-11-03 20:11 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-11-03 20:11 . 2009-11-03 20:11 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-11-03 20:10 . 2009-11-03 20:10 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-11-03 20:09 . 2009-11-03 20:09 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-11-03 20:08 . 2009-11-03 20:08 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-11-03 20:08 . 2009-11-03 20:08 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-11-03 20:07 . 2009-11-03 20:07 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-11-03 19:36 . 2009-11-03 19:36 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-11-03 19:34 . 2009-11-03 19:34 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-11-03 19:34 . 2009-11-03 19:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-03 18:07 . 2009-11-03 18:07 895308 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-03 18:05 . 2009-11-03 18:05 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-10-29 09:17 . 2009-11-26 02:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2007-04-17 08:30 . 2007-04-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-23 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-09-04 2560000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-05 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-12-23 3037696]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

c:\users\Benno Mosser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2007-9-4 1702360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 08:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-03-12 13:51 663552 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-01-26 14:58 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
2007-09-06 09:23 188416 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
2007-09-01 12:03 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2006-12-26 09:23 180224 ----a-w- c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 18:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-02-20 14:19 360448 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2007-09-13 14:32 222504 ----a-w- c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2007-09-07 07:26 86016 ----a-w- c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):D0,af,5c,a9,d3,61,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-86674787-822068555-128484576-1003]
"EnableNotificationsRef"=dword:00000001

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FontCache;FontCache; [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-23 12:48]

2010-01-12 c:\windows\Tasks\User_Feed_Synchronization-{E3BD2C64-716A-4ED2-85CA-1D6B25E51F4E}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...37276-17534-5/4
FF - ProfilePath - c:\users\Benno Mosser\AppData\Roaming\Mozilla\Firefox\Profiles\gh7vz7no.default\
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 02:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\common files\gnab\service\servicecontroller.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-13 03:04:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 02:04

Pre-Run: 138,224,988,160 bytes free
Post-Run: 139,507,560,448 bytes free

- - End Of File - - 6018FEAA0DBCC2FDDF32564FC22C856D






Malwarebytes' Anti-Malware 1.44
Database version: 3552
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

13/01/2010 02:53:54
mbam-log-2010-01-13 (02-53-54).txt

Scan type: Quick Scan
Objects scanned: 89368
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99275601-976e-44ea-9f96-e4f311f7c026} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\joamenwk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99275601-976e-44ea-9f96-e4f311f7c026} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\nxcezmt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Edited by Woodpecker22, 12 January 2010 - 08:28 PM.

  • 0

#8
Rorschach112
Posted 13 January 2010 - 07:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok cool
  • 0

#9
Woodpecker22
Posted 13 January 2010 - 10:27 AM

Woodpecker22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey sorry for the late reply, I am scanning with Kaspersky Online and it has taken 2 hours so far and is 41% completed is this ok? Also the amount of objects scanned is higher than in any of my previous scans, I will continue and post the log when finished, Cheers Fliss x
  • 0

#10
Woodpecker22
Posted 13 January 2010 - 11:57 AM

Woodpecker22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the Kaspersky log





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, January 13, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, January 13, 2010 12:24:05
Records in database: 3305565
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 165214
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:06:30


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\drivers\iaStor.sys.vir Infected: Rootkit.Win32.TDSS.y 1
C:\Users\Benno Mosser\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\17990cd-74119df6 Infected: Exploit.Java.ByteVerify 1
C:\Users\Benno Mosser\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\13a2e652-503e7917 Infected: Exploit.Java.ByteVerify 1

Selected area has been scanned.
  • 0

Advertisements

#11
Rorschach112
Posted 13 January 2010 - 01:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
update mbam again and run a new quick scan and post that log

then do this

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#12
Woodpecker22
Posted 13 January 2010 - 01:05 PM

Woodpecker22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Should I delete anything if I find it in MBAM? x

EDIT/ here is the MBAM log




Malwarebytes' Anti-Malware 1.44
Database version: 3555
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

13/01/2010 20:11:22
mbam-log-2010-01-13 (20-11-22).txt

Scan type: Quick Scan
Objects scanned: 88911
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Woodpecker22, 13 January 2010 - 01:12 PM.

  • 0

#13
Rorschach112
Posted 13 January 2010 - 01:11 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes please
  • 0

#14
Woodpecker22
Posted 13 January 2010 - 01:20 PM

Woodpecker22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
above youre last post is the MBAM log, i didnt find anything but i know there is still a virus on here as I had to close a process if it starts again i will write what it was called here is the OTL log

OTL logfile created on: 13/01/2010 20:14:51 - Run 2
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 209.81 Gb Total Space | 132.71 Gb Free Space | 63.25% Space Free | Partition Type: NTFS
Drive D: | 23.06 Gb Total Space | 13.19 Gb Free Space | 57.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHILIPMOSSER-PC
Current User Name: Benno Mosser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/13 20:14:42 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2010/01/10 22:17:55 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/07 18:28:29 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007/09/04 11:41:00 | 00,069,632 | ---- | M] () -- C:\Program Files\Softex\OmniPass\opvapp.exe
PRC - [2007/09/04 11:39:54 | 00,040,960 | ---- | M] (Softex Inc.) -- C:\Program Files\Softex\OmniPass\OmniServ.exe
PRC - [2007/08/16 09:31:40 | 01,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007/07/12 15:36:12 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/04/13 17:14:28 | 00,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007/04/13 17:14:26 | 00,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007/01/09 09:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2001/11/12 12:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (SafeList) ==========

MOD - [2010/01/13 20:14:42 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/07 18:28:29 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007/10/15 09:15:08 | 00,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/20 08:51:46 | 00,853,288 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/09/11 14:37:58 | 00,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007/09/04 11:39:54 | 00,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/08/16 09:31:40 | 01,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007/07/12 15:36:12 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/04/13 17:14:26 | 00,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007/01/09 09:25:30 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 12:31:48 | 00,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 20:40:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 22:18:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/21 22:23:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/12/23 20:56:08 | 00,000,000 | ---D | M]

[2009/12/23 21:00:07 | 00,000,000 | ---D | M] -- C:\Users\Benno Mosser\AppData\Roaming\mozilla\Extensions
[2009/12/14 10:28:38 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Benno Mosser\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/01/11 01:36:21 | 00,000,000 | ---D | M] -- C:\Users\Benno Mosser\AppData\Roaming\mozilla\Firefox\Profiles\gh7vz7no.default\extensions
[2010/01/11 01:36:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/13 03:55:40 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/13 03:05:01 | 00,000,000 | ---D | C] -- C:\Users\Benno Mosser\AppData\Local\temp
[2010/01/13 02:56:13 | 00,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/01/13 01:51:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/13 01:50:59 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/13 01:34:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/13 01:34:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/13 01:34:56 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/13 01:34:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/13 00:33:45 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/12 22:02:21 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/12 22:02:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/12 22:02:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/12 22:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/12 21:50:22 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/12 21:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/12 20:40:00 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Tracing
[2010/01/12 19:29:59 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/01/12 19:29:22 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Downloads
[2010/01/12 19:29:21 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Videos
[2010/01/12 19:29:21 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Pictures
[2010/01/12 19:29:08 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2010/01/12 19:29:04 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2010/01/08 12:03:58 | 00,000,000 | ---D | C] -- C:\Users\Benno Mosser\AppData\Roaming\DivX
[2010/01/06 12:14:41 | 00,000,000 | ---D | C] -- C:\Users\Benno Mosser\Documents\CyberLink
[2010/01/04 16:53:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2010/01/04 16:53:05 | 00,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/01/04 16:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/01/04 11:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/01/03 20:32:43 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/01/01 02:48:48 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/12/31 12:36:30 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2007/10/22 12:45:46 | 00,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/10/22 12:45:45 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 14 Days ==========

[2010/01/13 19:19:49 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 19:19:49 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 15:18:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/13 15:18:48 | 21,458,37056 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/13 02:56:24 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/13 02:56:12 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/13 01:35:34 | 00,524,288 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat{99a9d854-88cc-11db-ae1c-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/01/13 01:35:34 | 00,065,536 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat{99a9d854-88cc-11db-ae1c-806e6f6e6963}.TM.blf
[2010/01/13 01:35:33 | 00,262,144 | ---- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat
[2010/01/13 00:48:51 | 20,744,6042 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/13 00:34:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/13 00:32:59 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E3BD2C64-716A-4ED2-85CA-1D6B25E51F4E}.job
[2010/01/12 22:02:24 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/12 21:39:17 | 04,050,541 | -H-- | M] () -- C:\Users\Benno Mosser\AppData\Local\IconCache.db
[2010/01/12 21:31:51 | 00,028,000 | ---- | M] () -- C:\Users\Benno Mosser\AppData\Roaming\nvModes.001
[2010/01/12 20:46:10 | 01,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/12 20:46:10 | 00,630,948 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/01/12 20:46:10 | 00,608,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/12 20:46:10 | 00,131,226 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/01/12 20:46:10 | 00,109,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/12 19:42:03 | 00,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/01/12 15:51:12 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/01/12 15:51:07 | 00,028,672 | ---- | M] () -- C:\Users\Benno Mosser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 21:40:40 | 00,050,770 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-46.jpg
[2010/01/09 21:40:33 | 00,080,144 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-45.jpg
[2010/01/09 21:40:28 | 00,045,278 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-40.jpg
[2010/01/09 21:40:24 | 00,046,912 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-37.jpg
[2010/01/09 21:40:19 | 00,039,747 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-32.jpg
[2010/01/09 21:40:14 | 00,033,205 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-27.jpg
[2010/01/09 21:40:10 | 00,055,590 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atlnig.jpg
[2010/01/09 21:40:05 | 00,059,037 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-35.jpg
[2010/01/09 21:38:51 | 00,041,456 | ---- | M] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-3.jpg
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/05 22:26:16 | 00,028,000 | ---- | M] () -- C:\Users\Benno Mosser\AppData\Roaming\nvModes.dat
[2010/01/05 21:25:26 | 00,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010/01/05 21:25:26 | 00,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010/01/05 21:25:26 | 00,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010/01/04 16:53:09 | 00,017,192 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010/01/04 16:53:09 | 00,001,690 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/01/04 16:53:06 | 00,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/01/04 16:53:06 | 00,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2010/01/01 02:48:49 | 00,001,061 | ---- | M] () -- C:\Users\Benno Mosser\Desktop\Revo Uninstaller.lnk
[2009/12/31 12:36:30 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

========== Files Created - No Company Name ==========

[2010/01/13 01:34:56 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/13 01:34:56 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/13 01:34:56 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/13 01:34:56 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/13 01:34:56 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/12 22:02:24 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/11 20:10:23 | 00,002,206 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Local\99275601-976E-44EA-9F96-E4F311F7C026.txt
[2010/01/09 21:40:40 | 00,050,770 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-46.jpg
[2010/01/09 21:40:33 | 00,080,144 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-45.jpg
[2010/01/09 21:40:28 | 00,045,278 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-40.jpg
[2010/01/09 21:40:24 | 00,046,912 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-37.jpg
[2010/01/09 21:40:19 | 00,039,747 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-32.jpg
[2010/01/09 21:40:14 | 00,033,205 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-27.jpg
[2010/01/09 21:40:10 | 00,055,590 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atlnig.jpg
[2010/01/09 21:40:05 | 00,059,037 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-35.jpg
[2010/01/09 21:38:49 | 00,041,456 | ---- | C] () -- C:\Users\Benno Mosser\Documents\09-best-of-spandex-club-pics-atl-3.jpg
[2010/01/04 16:55:25 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/01/04 16:55:25 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/01/04 16:55:25 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/01/04 16:53:09 | 00,017,192 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/01/04 16:53:09 | 00,001,690 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/01/04 16:53:06 | 00,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2010/01/01 02:48:49 | 00,001,061 | ---- | C] () -- C:\Users\Benno Mosser\Desktop\Revo Uninstaller.lnk
[2009/12/02 18:02:50 | 01,632,887 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2009/12/02 17:56:10 | 04,840,081 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/11/04 19:45:44 | 00,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/11/04 19:43:20 | 00,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/11/03 21:11:22 | 00,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/11/03 21:11:00 | 00,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/11/03 21:10:42 | 00,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/11/03 21:09:18 | 00,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/11/03 21:08:58 | 00,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/11/03 21:08:12 | 00,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/11/03 21:07:16 | 00,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/11/03 20:36:06 | 00,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/11/03 20:34:56 | 00,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/11/03 20:34:38 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/03 19:07:24 | 00,895,308 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/03 19:05:02 | 00,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/10/27 23:46:26 | 00,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/10/21 08:37:14 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/31 11:23:17 | 00,024,064 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Roaming\UserTile.png
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/29 08:55:57 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/21 17:03:30 | 00,000,000 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Roaming\Default.PLS
[2009/01/21 21:56:26 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/01/21 21:56:25 | 00,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/21 11:50:24 | 00,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/01/21 11:50:24 | 00,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/01/21 11:43:51 | 00,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/01/10 23:17:32 | 00,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 23:16:56 | 00,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 23:16:50 | 00,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 23:16:14 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 23:15:54 | 00,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 23:15:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 23:15:32 | 00,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 23:15:28 | 00,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 23:15:12 | 00,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 23:14:08 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 23:14:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 23:11:50 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 17:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 17:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/31 08:54:44 | 00,001,654 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Roaming\wklnhst.dat
[2008/01/07 18:28:46 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/01/07 18:28:46 | 00,022,328 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Roaming\PnkBstrK.sys
[2007/12/27 16:47:41 | 00,028,000 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Roaming\nvModes.001
[2007/12/27 14:09:22 | 00,028,000 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Roaming\nvModes.dat
[2007/12/27 13:25:59 | 00,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/12/27 10:42:42 | 00,000,680 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Local\d3d9caps.dat
[2007/12/26 10:00:00 | 00,028,672 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/25 11:51:25 | 00,000,100 | ---- | C] () -- C:\Users\Benno Mosser\AppData\Local\fusioncache.dat
[2007/10/25 09:43:09 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/10/25 09:43:08 | 00,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/10/23 05:51:49 | 00,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2007/10/23 03:39:12 | 00,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007/10/23 03:39:12 | 00,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007/10/23 03:20:15 | 00,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/10/22 12:45:45 | 01,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/10/22 12:45:45 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/10/22 12:45:45 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/10/22 12:45:45 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007/10/13 10:30:20 | 00,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/09/18 08:33:27 | 00,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2007/09/12 08:36:27 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/12 08:35:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/09/12 08:35:31 | 00,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/01/13 00:34:23 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/13 00:32:59 | 00,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E3BD2C64-716A-4ED2-85CA-1D6B25E51F4E}.job

========== Purity Check ==========


< End of report >
  • 0

#15
Rorschach112
Posted 13 January 2010 - 02:39 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
your logs are clean, why do you think there is a virus there ? What was the name of the process you had to kill

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP