Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista won't boot after malware infection

Started by Skily , May 01 2011 09:04 AM

  • This topic is locked This topic is locked

#1
Skily
Posted 01 May 2011 - 09:04 AM

Skily

    Member

  • Member
  • PipPip
  • 28 posts
Hi,
New to the forum, hope somebody can help me here.

Got a malware infection "Windows anti spyware 2011", since then Vista is not booting neither in normal nor in safe nor in any other mode.
Laptop is an Acer, don't have any Windows CDs/DVDs, but there is probably a hidden recovery folder or partition.

What I did already
1. Created OTLPE cd, system boots so can make scans and post logs if helpful (see log below)
2. Followed the unbootable system tutorial, created the AVG rescue cd, ran the scans and renamed the identified infected files

System is still not booting though. Read already quite a few posts like THIS and THIS one, but don't want to blindly follow instructions for other users.

Below is the OLTPE log, maybe thats helpful.

Thanks a lot in advance!

OTL logfile created on: 5/1/2011 7:54:40 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.62 Gb Total Space | 7.99 Gb Free Space | 11.31% Space Free | Partition Type: NTFS
Drive D: | 70.61 Gb Total Space | 36.63 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive E: | 316.83 Mb Total Space | 39.47 Mb Free Space | 12.46% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2011/04/15 07:36:02 | 001,378,040 | -H-- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/23 11:59:32 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- D:\Programme\TuneUp\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/09/30 11:12:34 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- D:\Programme\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/09/30 11:09:20 | 000,030,016 | -H-- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/10/16 11:26:20 | 000,860,160 | -H-- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 10:54:34 | 000,466,944 | -H-- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/01/02 03:33:24 | 000,135,168 | -H-- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/11/17 10:56:32 | 000,101,152 | -H-- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (dsltestSp5)
DRV - [2010/02/25 05:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- D:\Programme\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/11/17 01:40:22 | 003,668,480 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/01/20 22:21:28 | 002,225,664 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/02/05 12:01:00 | 004,456,320 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/20 12:02:42 | 000,847,392 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/11/17 10:53:30 | 001,962,784 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/02 03:30:56 | 000,044,544 | -H-- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2004/10/08 04:51:08 | 001,270,540 | -H-- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nils_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Nils_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..extensions.enabledItems: [email protected]:0.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.0.4280
FF - prefs.js..extensions.enabledItems: {05BF52F6-A4F9-48B9-84ED-F8D83762E619}:0.5.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.0.0.0
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7pre.080830
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.75
FF - prefs.js..extensions.enabledItems: {1a45a8a0-3278-11dd-bd11-0800200c9a66}:1.0.1
FF - prefs.js..extensions.enabledItems: {269FB356-C69F-7349-D092-AB28AF836D0E}:3.0.02
FF - prefs.js..extensions.enabledItems: {47e5a66c-0e35-11dc-8314-0800200c9a66}:3.0.1
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.071508

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: D:\Programme\Online\Firefox\components [2010/12/20 06:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: D:\Programme\Online\Firefox\plugins [2010/12/20 06:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programme\Online\Firefox 4\components [2011/04/25 13:36:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programme\Online\Firefox 4\plugins

[2008/08/30 15:12:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Extensions
[2011/04/29 14:10:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions
[2010/05/10 02:29:45 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/03 15:12:43 | 000,000,000 | -H-D | M] (Aquatint Redone) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2010/05/29 13:51:09 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/23 18:20:25 | 000,000,000 | -H-D | M] ("BilderHerunterlader") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{af2f0750-c598-4826-8e5f-bb98aab519a5}
[2010/03/13 14:22:39 | 000,000,000 | -H-D | M] (iPox) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010/03/13 14:22:21 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\[email protected]
[2009/11/13 16:39:26 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\[email protected]
[2011/03/26 10:23:19 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\[email protected]
[2010/03/13 14:22:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010/03/13 14:22:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/12/31 13:59:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions
[2008/08/30 16:04:57 | 000,000,000 | -H-D | M] (New Tab Button on Tab Right) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}
[2008/03/30 13:31:48 | 000,000,000 | -H-D | M] (MR Tech Disable XPI Install Delay) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{0F25ED9F-9213-422D-9AB9-7DA9BD416FFA}
[2008/08/30 15:28:15 | 000,000,000 | -H-D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2008/08/30 15:31:30 | 000,000,000 | -H-D | M] (Strata Aero) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}
[2008/07/26 12:53:13 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/06/16 16:37:03 | 000,000,000 | -H-D | M] (Aquatint Redone) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2010/12/31 13:59:42 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2008/08/30 15:45:19 | 000,000,000 | -H-D | M] (Image Toolbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2010/05/29 13:51:09 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008/08/30 15:45:19 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/08/30 15:18:09 | 000,000,000 | -H-D | M] (iPox) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2008/06/19 16:41:43 | 000,000,000 | -H-D | M] (Download Statusbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/08/30 16:08:18 | 000,000,000 | -H-D | M] ("Tab Mix Plus") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2008/06/08 09:53:18 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/08/30 15:45:19 | 000,000,000 | -H-D | M] (CustomizeGoogle) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/08/30 15:49:06 | 000,000,000 | -H-D | M] (Ctrl-Tab) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\[email protected]
[2008/08/23 09:28:43 | 000,000,000 | -H-D | M] (PicLens) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\[email protected]
[2008/08/23 09:28:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\[email protected]
[2008/06/21 05:18:55 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/07/29 13:33:42 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Acrobat\Acrobat 7\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Watch for Browser Events) - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - D:\Programme\Keyboard Express 3\kie.dll (Insight Software Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Nils_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\OrbiCam.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Nils_ON_C..\Run: [GHWAUC6NNZ] File not found
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AWC.lnk = D:\Programme\Media\AWC\AWC.exe (Steve Murphy)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Nils_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\Nils_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with Xilisoft YouTube to iPod Converter - D:\Programme\Online\YouTube iPod\upod_link.HTM ()
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat\Acrobat 7\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c4de58cd-60d3-11df-a300-0016d350f8dc}\Shell\AutoRun\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O33 - MountPoints2\{c4de58cd-60d3-11df-a300-0016d350f8dc}\Shell\open\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 16:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 10:30:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/29 15:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/29 15:49:34 | 000,000,000 | -H-D | C] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2011/04/29 15:37:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/29 15:37:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/29 15:37:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/29 15:36:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/29 15:36:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/29 15:36:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/29 15:36:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/29 15:36:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/29 15:36:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/29 15:36:45 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/29 15:36:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/29 15:36:44 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/29 15:36:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/29 15:36:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/29 15:36:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/29 15:36:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/29 15:36:42 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/29 15:36:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/29 15:36:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/29 15:36:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/29 15:36:39 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/29 15:36:38 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/29 15:36:38 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/29 15:36:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/29 15:36:37 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/29 15:36:37 | 000,000,000 | -H-D | C] -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/04/29 15:36:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/29 15:36:34 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/29 15:36:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/29 15:36:34 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/29 15:36:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/29 15:36:33 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/29 15:36:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/29 15:36:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/29 15:36:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/29 15:36:32 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/29 15:36:22 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/29 15:36:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/29 15:36:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/29 15:36:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/29 15:32:07 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/04/29 15:32:07 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/04/29 15:32:07 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/04/29 15:32:07 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/04/29 15:32:07 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/04/29 15:32:07 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/04/29 15:30:49 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/04/29 15:30:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/04/29 15:30:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/04/29 15:30:45 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/29 15:30:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/04/29 15:30:44 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/04/29 15:30:44 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/04/29 15:30:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/04/29 15:30:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/04/29 15:30:43 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/04/29 15:30:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/04/29 15:30:43 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/04/29 15:30:43 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/04/29 15:30:43 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/04/29 15:30:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/04/29 15:30:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/04/29 15:30:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/04/29 15:30:42 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/29 15:27:23 | 000,136,704 | ---- | C] (videosoft) -- C:\Windows\Bfyfaa_exe_1304270612.arl
[2011/04/29 15:27:16 | 000,520,704 | -H-- | C] (WinTrust) -- C:\ProgramData\CbvYHAgAAxMvT_exe_1304270593.arl
[2011/04/29 15:27:10 | 000,188,928 | -H-- | C] (videosoft) -- C:\Windows\System32\sshnas21_dll_1304270613.arl
[2011/04/29 15:26:48 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/04/29 15:26:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/04/29 15:26:48 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/04/29 15:26:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/04/29 15:26:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/04/29 15:26:48 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/04/29 15:15:12 | 000,348,160 | -HS- | C] (Microsoft Corporation) -- C:\Users\Nils\AppData\Local\kjt_exe_1304270595.arl
[2011/04/15 07:49:19 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 07:49:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 07:48:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/15 07:48:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 07:48:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 07:48:05 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/15 07:47:47 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2008/03/30 14:01:49 | 000,053,248 | -H-- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2006/11/20 12:10:16 | 000,204,824 | -H-- | C] (Acer Inc.) -- C:\Program Files\VideoControl.dll
[2006/11/20 12:09:20 | 000,079,384 | -H-- | C] (Acer Inc.) -- C:\Program Files\LogiMail.dll
[2006/11/20 12:09:08 | 000,366,104 | -H-- | C] (Acer Inc.) -- C:\Program Files\IPPJPEG.dll
[2006/11/20 12:08:58 | 000,280,088 | -H-- | C] (Acer Inc.) -- C:\Program Files\EFVal.dll
[2001/09/05 15:00:58 | 001,700,352 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 11:39:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 11:38:03 | 2145,574,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 11:36:26 | 000,373,504 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/30 04:39:12 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/04/29 16:06:31 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 16:06:30 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 15:47:27 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/29 15:43:30 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 15:43:29 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/29 15:41:41 | 000,001,098 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 15:37:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/29 15:37:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/29 15:37:03 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/29 15:37:03 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/29 15:37:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/29 15:36:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/29 15:36:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/29 15:36:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/29 15:36:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/29 15:36:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/29 15:36:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/29 15:36:45 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/29 15:36:45 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/29 15:36:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/29 15:36:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/29 15:36:44 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/29 15:36:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/29 15:36:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/29 15:36:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/29 15:36:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/29 15:36:42 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/29 15:36:41 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/29 15:36:40 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/29 15:36:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/29 15:36:38 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/29 15:36:38 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/29 15:36:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/29 15:36:38 | 000,000,589 | -H-- | M] () -- C:\Users\Nils\Desktop\Windows Recovery.lnk
[2011/04/29 15:36:38 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~34987784r
[2011/04/29 15:36:38 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~34987784
[2011/04/29 15:36:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/29 15:36:34 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/29 15:36:34 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/29 15:36:34 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/29 15:36:34 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/29 15:36:34 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/29 15:36:33 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/29 15:36:33 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/29 15:36:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/29 15:36:33 | 000,000,336 | -H-- | M] () -- C:\ProgramData\34987784
[2011/04/29 15:36:32 | 000,444,928 | -H-- | M] () -- C:\ProgramData\34987784_exe_1304270592.arl
[2011/04/29 15:36:32 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/29 15:36:32 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/29 15:36:22 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/29 15:36:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/29 15:36:22 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/29 15:36:22 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/29 15:32:07 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/04/29 15:32:07 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/04/29 15:32:07 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/04/29 15:32:07 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/04/29 15:32:07 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/04/29 15:32:07 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/04/29 15:30:49 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/04/29 15:30:45 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/04/29 15:30:45 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/04/29 15:30:45 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/29 15:30:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/04/29 15:30:44 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/04/29 15:30:44 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/04/29 15:30:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/04/29 15:30:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/04/29 15:30:43 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/04/29 15:30:43 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/04/29 15:30:43 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/04/29 15:30:43 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/04/29 15:30:43 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/04/29 15:30:43 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/04/29 15:30:43 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/04/29 15:30:43 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/04/29 15:30:42 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/29 15:30:26 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows
[2011/04/29 15:30:26 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/29 15:30:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programme
[2011/04/29 15:30:25 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/29 15:30:25 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/29 15:30:25 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
[2011/04/29 15:30:25 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/29 15:27:15 | 000,520,704 | -H-- | M] (WinTrust) -- C:\ProgramData\CbvYHAgAAxMvT_exe_1304270593.arl
[2011/04/29 15:27:12 | 000,136,704 | ---- | M] (videosoft) -- C:\Windows\Bfyfaa_exe_1304270612.arl
[2011/04/29 15:27:10 | 000,188,928 | -H-- | M] (videosoft) -- C:\Windows\System32\sshnas21_dll_1304270613.arl
[2011/04/29 15:26:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui
[2011/04/29 15:26:48 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/04/29 15:26:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/04/29 15:26:48 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/04/29 15:26:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/04/29 15:26:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/04/29 15:26:48 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/04/29 15:18:01 | 000,012,328 | -HS- | M] () -- C:\ProgramData\1o48v14h3a2tp000028
[2011/04/29 15:18:00 | 000,012,328 | -HS- | M] () -- C:\Users\Nils\AppData\Local\1o48v14h3a2tp000028
[2011/04/29 15:15:12 | 000,348,160 | -HS- | M] (Microsoft Corporation) -- C:\Users\Nils\AppData\Local\kjt_exe_1304270595.arl
[2011/04/29 15:06:30 | 000,037,210 | -H-- | M] () -- C:\Users\Nils\AppData\Roaming\nvModes.001
[2011/04/29 15:05:30 | 000,000,220 | -H-- | M] () -- C:\Windows\tasks\OGALogon.job
[2011/04/29 15:05:28 | 000,001,094 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 13:50:37 | 000,037,210 | -H-- | M] () -- C:\Users\Nils\AppData\Roaming\nvModes.dat
[2011/04/29 13:35:51 | 000,000,220 | -H-- | M] () -- C:\Windows\tasks\OGADaily.job
[2011/04/27 17:37:21 | 000,000,680 | -H-- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2011/04/27 14:51:39 | 000,621,952 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/27 14:51:39 | 000,590,082 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 14:51:39 | 000,123,852 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/27 14:51:39 | 000,102,094 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 14:38:51 | 000,241,152 | -H-- | M] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 11:35:34 | 2145,574,912 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/29 15:36:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/29 15:36:38 | 000,000,589 | -H-- | C] () -- C:\Users\Nils\Desktop\Windows Recovery.lnk
[2011/04/29 15:36:38 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~34987784r
[2011/04/29 15:36:38 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~34987784
[2011/04/29 15:36:33 | 000,000,336 | -H-- | C] () -- C:\ProgramData\34987784
[2011/04/29 15:36:32 | 000,444,928 | -H-- | C] () -- C:\ProgramData\34987784_exe_1304270592.arl
[2011/04/29 15:27:21 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 15:27:20 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/04/29 15:27:14 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/29 15:15:12 | 000,012,328 | -HS- | C] () -- C:\Users\Nils\AppData\Local\1o48v14h3a2tp000028
[2011/04/29 15:15:12 | 000,012,328 | -HS- | C] () -- C:\ProgramData\1o48v14h3a2tp000028
[2010/10/24 14:23:08 | 000,015,880 | -H-- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/07/04 11:39:01 | 000,121,832 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/10 16:54:55 | 000,000,127 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2010/01/17 09:20:17 | 000,000,680 | -H-- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2009/11/26 15:57:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/26 15:57:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/26 15:56:46 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/11/26 15:56:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/09 16:26:39 | 000,042,594 | -H-- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/31 11:04:42 | 000,691,560 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/31 11:04:42 | 000,528,744 | -H-- | C] () -- C:\Windows\System32\OGAVerify.exe
[2008/09/02 16:55:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/02 19:10:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/23 09:46:58 | 000,000,009 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\mdb.bin
[2008/04/05 06:17:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2008/04/01 15:18:27 | 000,037,210 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\nvModes.001
[2008/03/31 14:11:08 | 000,037,210 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\nvModes.dat
[2008/03/30 14:01:49 | 000,331,776 | -H-- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2008/03/30 13:58:18 | 000,000,176 | -H-- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/03/30 13:17:41 | 000,007,168 | -H-- | C] () -- C:\Windows\System32\Dtctrace.dll
[2008/03/30 13:07:02 | 000,164,352 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2008/03/30 13:07:00 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/30 13:07:00 | 002,085,376 | -H-- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/03/30 13:07:00 | 000,159,839 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/03/30 12:14:54 | 000,241,152 | -H-- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/21 04:24:09 | 000,621,952 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:24:09 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:24:09 | 000,123,852 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:24:09 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/09/20 06:33:52 | 003,190,784 | -H-- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 06:33:52 | 000,741,376 | -H-- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 06:33:52 | 000,662,016 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 06:33:52 | 000,511,488 | -H-- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 06:33:52 | 000,405,504 | -H-- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 06:33:52 | 000,245,760 | -H-- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 06:33:52 | 000,221,184 | -H-- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 06:33:52 | 000,200,704 | -H-- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 06:33:52 | 000,155,648 | -H-- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 06:33:52 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 06:33:52 | 000,122,880 | -H-- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 06:33:52 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 06:33:52 | 000,114,688 | -H-- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 06:33:52 | 000,097,280 | -H-- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 06:33:52 | 000,079,872 | -H-- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 06:33:52 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 06:33:52 | 000,038,400 | -H-- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 06:33:52 | 000,026,624 | -H-- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/20 06:33:52 | 000,007,680 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006/11/20 12:11:48 | 000,023,576 | -H-- | C] () -- C:\Program Files\MSNCmRes.dll
[2006/11/20 12:11:36 | 001,078,808 | -H-- | C] () -- C:\Program Files\LAppRes.DLL
[2006/11/20 12:11:36 | 000,206,360 | -H-- | C] () -- C:\Program Files\ATWizardRes.dll
[2006/11/20 12:09:54 | 000,754,712 | -H-- | C] () -- C:\Program Files\OrbiCam.exe
[2006/11/20 12:09:42 | 000,032,280 | -H-- | C] () -- C:\Program Files\MSNCam.dll
[2006/11/20 12:09:32 | 000,316,952 | -H-- | C] () -- C:\Program Files\LogiMailApp.exe
[2006/11/20 12:08:34 | 000,292,888 | -H-- | C] () -- C:\Program Files\ATWizard.exe
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,373,504 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,590,082 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,094 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/30 05:40:18 | 000,246,011 | -H-- | C] () -- C:\Program Files\orbicam.chm
[2006/10/25 08:04:00 | 000,008,690 | -H-- | C] () -- C:\Program Files\ReadMe_KOR.htm
[2006/10/25 08:00:56 | 000,009,168 | -H-- | C] () -- C:\Program Files\ReadMe_JPN.htm
[2006/10/25 08:00:26 | 000,007,909 | -H-- | C] () -- C:\Program Files\ReadMe_CHT.htm
[2006/10/25 07:59:54 | 000,007,929 | -H-- | C] () -- C:\Program Files\ReadMe_CHS.htm
[2006/10/25 07:58:36 | 000,062,682 | -H-- | C] () -- C:\Program Files\readme.htm
[2005/09/29 08:39:40 | 000,011,014 | -H-- | C] () -- C:\Program Files\logo.bmp

========== LOP Check ==========

[2008/03/30 12:32:03 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\ACD Systems
[2009/06/14 13:57:40 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\avidemux
[2009/06/26 09:33:19 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\BSplayer PRO
[2010/10/22 12:16:57 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2011/04/29 15:50:18 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2009/12/15 20:08:45 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Imaxel
[2010/02/19 12:34:23 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Kingston
[2008/06/07 11:02:33 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\LEAPS
[2008/10/26 16:27:09 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Mp3tag
[2008/06/07 10:47:58 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Pegasys Inc
[2010/02/19 12:34:23 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\SecureTraveler
[2011/03/22 13:52:10 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Security_File
[2009/11/28 10:26:40 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Thinstall
[2010/10/23 11:58:49 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2008/12/21 19:43:21 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Xilisoft Corporation
[2008/03/30 12:31:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\ACD Systems
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/30 12:42:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Insight Software Solutions
[2008/10/01 14:26:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\Pictomio
[2009/10/11 08:30:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\Roaming
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/10/23 14:34:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\T-Online
[2011/04/29 15:50:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/02/19 12:45:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\TrueCrypt
[2010/10/23 11:58:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\TuneUp Software
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/03/21 14:01:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 10:38:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 14:52:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:02:17 | 000,000,000 | -H-D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/23 11:57:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/10/24 10:20:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2011/04/29 13:35:51 | 000,000,220 | -H-- | M] () -- C:\Windows\Tasks\OGADaily.job
[2011/04/29 15:05:30 | 000,000,220 | -H-- | M] () -- C:\Windows\Tasks\OGALogon.job
[2011/04/29 15:52:17 | 000,032,510 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/29 15:43:30 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/29 15:43:29 | 000,000,244 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/29 15:47:27 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========


< End of report >
  • 0

Advertisements

#2
Skily
Posted 02 May 2011 - 12:29 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Anybody able to crack this?

Would really appreciate some help....

Thanks
  • 0

#3
Skily
Posted 03 May 2011 - 01:41 PM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hello....?
  • 0

#4
Render
Posted 04 May 2011 - 04:03 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Skily! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Forum and helpers has been busy and we're sorry about the delay.

  • Please boot from OTLPE CD
  • Run OTL and under the custom scans and fixes box copy this:

    SAVEMBR:0
  • Click on Quick scan
  • When the scan completes there will be a file on your root C drive called PhysicalMBR.bin
  • Please compress (zip) that file and attach it in your next reply.

  • 0

#5
Skily
Posted 05 May 2011 - 04:05 PM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Render, thanks for your response, really appreciate it!

There was only a file called Physical0MBR.bin, but not without the 0. Correct? Attached the file, hope it helps.

Thanks again!

Attached Files


  • 0

#6
Render
Posted 05 May 2011 - 04:19 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Master boot record seems clean.

Now please tell me approximately where Vista stops booting?
  • 0

#7
Skily
Posted 06 May 2011 - 09:29 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
So, it is normal that it says "Invalid partition table Error loading operating system Missing operating system". This is what I get when opening the file with Notepad.

In the beginning Vista it stopped shortly before the welcome/login screen, just restarted automatically. Then I used a Vista reovery CD and tried to repair (before you responded). It couldn't repair it, but since this I get an error message. It stops very quickly after the selection of normal/safe/... mode.

Message:
Windows failed to start...
File: \Windows\system32\drivers\volsnap.sys
Status: 0Xc0000221

Hope this helps.
Thx
  • 0

#8
Render
Posted 06 May 2011 - 09:44 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

"Invalid partition table Error loading operating system Missing operating system"
This is what I get when opening the file with Notepad.

What file is that? I hope that this isn't true.

Please carefully follow instructions below:

Start OTLPE as you did previously from CD
Copy the attached fix.txt to a USB drive Attached File  fix.txt   1.85KB   128 downloads

  • Insert your USB drive with fix.txt on it
  • Start OTL
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible

NEXT... (If Vista cannot boot and probably will not)

Copy the attached scan.txt to a USB drive Attached File  scan.txt   273bytes   139 downloads

  • Reboot your system using the OTLPE CD.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Insert your USB drive with scan.txt on it.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to: select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#9
Skily
Posted 06 May 2011 - 10:12 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
It is what came up when opening the Physical0MBR.bin I posted with notepad (among some cryptic symbols).

Will do now what you posted and report soon.
  • 0

#10
Skily
Posted 06 May 2011 - 10:41 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Did the step, but still didn't boot. Got the same error message as before.

In step 2, when trying to drag/drop the scan.txt into the custom scans/fixes box, I get the error message "not a valix fix file".

What shall I do now?

Thx!
  • 0

Advertisements

#11
Render
Posted 06 May 2011 - 11:21 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Did the step, but still didn't boot. Got the same error message as before.


OK. I have expected that.

What shall I do now?


Please use one these two methods:

Method 1:
  • Double-click in Custom Scans/Fixes text box area.
  • OTL window will open with a message Click Ok to load a custom scan from a file or Cancel to cancel.
  • Click on on OK button.
  • Open window will open.
  • Please navigate to your USB drive, find and select scan.txt file.
  • Click on Open button.
Method 2:
  • Please navigate to your USB drive, find and double-click on scan.txt file.
  • The file will one in Notepad.
  • Select all content in Notepad (CTRL+A) and copy all (CTRL+C).
  • Now click in Custom Scans/Fixes text box area in open OTL.
  • Paste contents of Notepad (CTRL+V).
Now proceed with instructions from my previous post.
  • 0

#12
Skily
Posted 06 May 2011 - 11:54 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks, expected that after a while. Scan is running since quite a while. In-between I got the message "out of memory". Clicked okay and scan seems to continue. At least the program window is still there, I can move the mouse and according to task manager the program is running. Can't scroll in the custom scans/fixes boxes though?

In the bottom of OTL it says "Manual file scan - Getting folder structure...". That didn't change since 1h or so...

Is this normal or shall I stop and restat?
Thx
  • 0

#13
Render
Posted 06 May 2011 - 12:04 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
This is not normal. Well... Give him some more time (let's say 15 minutes) then if not successful please restart your computer and try one more time but with this new scan.txt script. Attached File  scan.txt   224bytes   117 downloads
  • 0

#14
Skily
Posted 06 May 2011 - 02:01 PM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Tried 2x with the new file, but same result. Error message regarding memory and "Manual file scan - Getting folder structure...".

Please advise, much appreciated!
  • 0

#15
Render
Posted 06 May 2011 - 02:13 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. For start just open OTL and click on Quick Scan then post that log here.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP