Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with Windows after malware (Windows Recovery) removal


  • This topic is locked This topic is locked

#1
karabogaz

karabogaz

    New Member

  • Member
  • Pip
  • 6 posts
Hi!

Here is my story:


How it started (first symptoms)

On Monday (09.05.2011) evening, I realized that my computer is infected, as I got constantly the pop-up windows saying that "dwwin.exe is not working". The same happened after rebooting. Additionaly, "Windows Recovery" program started (I got pretty scared) with all these "Data loss" information. There were a few more windows saying about other malfunctions - dwwin.exe appeared most frequently, the other one I recall was about "LSA.exe". After some time, the computer mostly rebooted or was hanging. I noticed that it was impossible to start Task Manager with Ctrl+Alt+Delete.


What I did till now

From that time I worked (and still work) under the safe mode of Windows with the network turned on. I had some free release of Avira installed on the machine, so I started a virus scan only to find "TR/Kazy.mekml.1" which I removed (no quarantine). Then I ran an online scan from BitDefender which shown again "TR/Kazy". Next, I created a rescue USB (on another computer) from Kaspersky and scaned the computer but I did not manage to update the virus database - at that point it was 2 days old (from 08.05.2011). Then I did the same with the rescue USB from AVG, but this time I managed to update the database. Kaspersky found 2 infected files and AVG 3 or 4 of them, which I removed. Unfortunately, I don't remember the names of viruses, but there was some "Exploit.pdfka" and for sure some Trojans. Next, I installed Malwarebytes and ran a scan. This time 9 files were found infected with "Trojan.FakeAV", "Trojan.FakeAlert" or "Trojan.Agent" and I put them to the quarantine. In the meantime I uninstalled Avira and installed AVG Free Edition 2011, but its virus database is from 09.05.2011 (can't/don't know how to upgrade in safe mode). Last scans with AVG (rescue USB) and Malwarebytes show no problems


Current situation

As I mentioned, I am working currently in the safe mode and there are no problems with it except of surprising rebooting from time to time. In the normal mode, it seems to work O.K. for a normal user but when I log in as admin then the following issues might happen in various combinations (I have a German Windows so I tried to translate the messages):

- Just rebooting, sometimes with the blue screen for a short time
- Message: winlogon.exe must quit (I can send a protocle to Microsoft)
- Message: LSA Shell (export version) resulted with an error and must be quited (I can send a protocle to Microsoft)
- Message: Microsoft Windows will be run again after a sever mistake (I can send a protocle to Microsoft)
- Message: Error with dwwin.exe (it cannot be initialized (0xc0000142), click OK to close)
- Message: Error with dwwin.exe (it cannot be initialized (0xc0000005), click OK to close)
- Message: Error with drwtsn32.exe ((it cannot be initialized (0xc0000142), click OK to close)
- Message: Error with Windows (it cannot be initialized (0xc0000005), click OK to close)
- Message: Error with GoogleCrashHandler.exe (cannot execute "read" on the memory at"0x009d03b2", click OK to close)
- Message: Must shutdown because RPC (some remote procedure) ended unexpected - with 1 minute counter ticking
- Message: Must shutdown because c:\windows\system32\lsass.exe ended abruptly with some code - with 1 minute counter ticking
- Message: Must shutdown because DCOM-Server-Prozess ended unexpected - with 1 minute counter ticking

These are the ones which I observed after about 30 reboots, maybe there is even more of that. It always end with a reboot, max. after 5 minutes from login. I cannot execute any programs in that time, the system seems to be very busy. Usually, after a few seconds the icons and the taskbar disappear, the wallpaper stays. Occasionally, the following messages appear:

- Message: startelock.exe generated exception which could not be handled (process id=0xd68(3432), thread id=0xae0(2784))
- Acer.Empowering.Launcher.exe - common language runtime debugging services (exception that could not be handled, process id=0x624(1572), thread id=0x628(1576))

These are in English and I think they might come from Acer (my machine is Acer). I didn't observe "Windows Recovery" anymore so I believe it's gone.


A downloaded pdf-file from "filestube.com" is believed to be the source of the problem (I cannot find it now anyway). I was using Firefox, "pajacyk.pl" is the intended start page.

I would like to ask you kindly for any advice/assistance that you might provide, to bring my Windows XP back to work again.

Below is the requested content of OTL.Txt


OTL logfile created on: 14/05/2011 00:21:04 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Warczoczki\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71.33 Gb Total Space | 46.64 Gb Free Space | 65.39% Space Free | Partition Type: NTFS
Drive D: | 71.84 Gb Total Space | 35.97 Gb Free Space | 50.07% Space Free | Partition Type: FAT32

Computer Name: SZCZENITOP | User Name: Warczoczki | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 00:07:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki\Desktop\OTL.exe
PRC - [2007/06/13 15:21:46 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 00:07:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki\Desktop\OTL.exe
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/07 15:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/01/16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/01 18:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/01/17 12:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/08 23:15:30 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008/12/30 11:55:20 | 000,102,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 11:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/12/10 17:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/12/10 17:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/12/10 17:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2007/05/30 21:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/02 20:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/05/02 04:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/22 20:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 20:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 20:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.pajacyk.pl/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.9.5.5
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011/05/13 02:08:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/01/28 22:24:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/12/09 16:14:00 | 000,000,000 | ---D | M]

[2008/09/11 22:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Extensions
[2011/05/14 00:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\extensions
[2009/09/04 09:29:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/10 23:17:56 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/04/08 23:11:07 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\extensions\[email protected]
[2010/05/29 12:24:47 | 000,000,000 | ---D | M] (Illimitux) -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\extensions\[email protected]
[2009/02/20 01:28:49 | 000,000,000 | ---D | M] ("TurnTool Viewer") -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\extensions\[email protected]
[2011/04/08 23:10:57 | 000,002,059 | ---- | M] () -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\searchplugins\daemon-search.xml
[2011/05/10 03:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/07/13 22:19:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/09 14:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/13 02:08:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4
[2010/10/09 14:32:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/09 14:32:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 22:19:16 | 000,001,538 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 22:19:16 | 000,000,947 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 22:19:16 | 000,000,769 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 22:19:16 | 000,001,135 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [StarteLock] C:\Acer\Empowering Technology\eLock\Service\startelock.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [4CB087F7DE022E9C] C:\x86fix.bin\x86fix.bin.exe ()
O4 - HKCU..\Run: [Picasa Media Detector] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Warczoczki\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2011/05/09 10:59:28 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2011/05/09 10:59:28 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2011/05/09 10:59:28 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{52506d94-803b-11dd-bf80-0017c422e03f}\Shell\AutoRun\command - "" = G:\USBNB.exe
O33 - MountPoints2\{7d26fb78-7eac-11de-80e1-0017c422e03f}\Shell - "" = AutoRun
O33 - MountPoints2\{7d26fb78-7eac-11de-80e1-0017c422e03f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d26fb78-7eac-11de-80e1-0017c422e03f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2bb1114-7e18-11de-80dd-0017c422e03f}\Shell - "" = AutoRun
O33 - MountPoints2\{b2bb1114-7e18-11de-80dd-0017c422e03f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2bb1114-7e18-11de-80dd-0017c422e03f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2bb1118-7e18-11de-80dd-0017c422e03f}\Shell - "" = AutoRun
O33 - MountPoints2\{b2bb1118-7e18-11de-80dd-0017c422e03f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2bb1118-7e18-11de-80dd-0017c422e03f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 00:07:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki\Desktop\OTL.exe
[2011/05/13 09:09:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki\Startmenü\Programme\CyberLink PowerDVD
[2011/05/13 02:10:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\AVG10
[2011/05/13 02:09:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG 2011
[2011/05/13 02:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011/05/13 02:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/13 02:07:52 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2011/05/13 00:59:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/05/12 00:40:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Malwarebytes
[2011/05/12 00:40:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/12 00:40:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/05/12 00:40:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/05/12 00:40:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/12 00:40:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011/05/10 23:18:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\QuickScan
[2011/05/10 03:52:05 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/10 03:42:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011/05/10 03:22:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/10 03:20:36 | 000,000,000 | ---D | C] -- C:\cd1da4e2dee384ea3b89a54b9785
[2011/05/09 22:35:41 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/05/08 01:35:27 | 000,000,000 | ---D | C] -- C:\0fed69fe777803586d2eccae683035f1
[2011/05/07 02:10:00 | 000,000,000 | ---D | C] -- C:\c2b959e36c77c9554cc768
[2011/05/06 01:23:51 | 000,000,000 | ---D | C] -- C:\1b93b62f1fca53083216ce76
[2011/05/05 14:59:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki\Desktop\NOWE
[2011/04/14 21:28:42 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2008/09/12 03:39:44 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2008/09/12 03:37:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2008/09/12 03:37:03 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[2 C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/14 00:20:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 00:07:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki\Desktop\OTL.exe
[2011/05/13 23:59:40 | 112,188,310 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/05/13 23:52:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/13 02:09:42 | 000,000,674 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2011/05/13 02:09:26 | 114,586,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/13 01:03:40 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\{ABA99FB3-3F32-45BB-A3A3-E5DA6589C257}
[2011/05/13 01:01:32 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\{E1F84CF1-3549-46F8-8C67-E4CE2E020402}
[2011/05/12 10:21:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/12 10:06:31 | 000,521,872 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/12 10:06:31 | 000,493,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/12 10:06:31 | 000,110,792 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/12 10:06:31 | 000,091,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/12 00:40:40 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 23:29:43 | 000,000,309 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bdinstall.bin
[2011/05/10 03:51:31 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2011/05/10 01:03:44 | 000,116,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 00:13:38 | 000,000,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15851300r
[2011/05/10 00:13:38 | 000,000,152 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15851300
[2011/05/10 00:12:36 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15851300
[2011/05/05 15:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2 C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/13 23:59:40 | 112,188,310 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/05/13 02:09:42 | 000,000,674 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2011/05/13 01:03:23 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\{ABA99FB3-3F32-45BB-A3A3-E5DA6589C257}
[2011/05/13 01:01:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\{E1F84CF1-3549-46F8-8C67-E4CE2E020402}
[2011/05/12 00:40:40 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 23:29:42 | 000,000,309 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bdinstall.bin
[2011/05/10 03:51:31 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2011/05/10 00:13:38 | 000,000,160 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15851300r
[2011/05/10 00:13:38 | 000,000,152 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15851300
[2011/05/10 00:12:36 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15851300
[2011/05/09 08:42:10 | 114,586,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/04/08 23:27:52 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2011/02/03 00:47:00 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/03 00:38:56 | 000,000,089 | ---- | C] () -- C:\WINDOWS\bctester_de.INI
[2010/12/10 23:42:33 | 000,000,010 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\systemdate.dat
[2010/09/27 23:51:16 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\Atlas.INI
[2010/08/20 21:39:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/10 01:24:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/01/10 01:24:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/11/08 22:49:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/08 22:49:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/08 22:49:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/08 22:49:25 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/08 22:49:25 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/08 22:49:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/28 21:53:56 | 000,116,736 | ---- | C] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/12 03:40:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008/09/12 03:38:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008/09/12 03:37:04 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008/09/12 03:33:08 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/09/11 22:34:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/11 22:18:22 | 000,206,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\mdbu.bin
[2008/09/11 22:12:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/13 11:58:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/03/23 00:58:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/23 00:58:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/23 00:33:22 | 000,521,872 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/03/23 00:33:22 | 000,493,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/03/23 00:33:22 | 000,110,792 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/03/23 00:33:22 | 000,091,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/03/22 22:57:28 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/22 21:34:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/05 17:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/06/05 16:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/28 15:56:14 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007/05/28 15:55:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/05/28 15:54:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007/03/22 20:59:10 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2007/01/04 15:10:22 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006/08/28 19:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/08/01 16:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/10 15:18:16 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/06 11:39:48 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/06 11:37:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 14:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2004/01/27 17:05:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\renderer.dll
[2003/11/24 16:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 16:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2002/09/12 23:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/12 23:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002/04/21 20:30:14 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/04/19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 15:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2002/04/02 00:16:30 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/04/02 00:16:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/04/02 00:15:40 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/06/22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll

========== LOP Check ==========

[2010/09/07 23:13:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlawarWrapper
[2011/05/13 02:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011/05/13 00:59:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/04/08 23:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/03/11 21:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto-Designer
[2010/08/20 21:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2011/05/13 02:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010/12/01 21:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2008/06/13 11:51:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008/11/30 00:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/05/13 02:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\AVG10
[2010/03/14 22:47:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\BESTplayer
[2011/04/08 23:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\DAEMON Tools Lite
[2009/01/10 02:00:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Gearbox Software
[2009/04/25 22:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\IrfanView
[2010/05/15 20:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\NAVIGON
[2009/01/06 15:45:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\OpenOffice.org
[2011/05/10 23:18:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\QuickScan
[2010/09/07 23:13:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki\Anwendungsdaten\Settlement. Colossus

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can get to the bottom of this - run from normal mode if possible

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [4CB087F7DE022E9C] C:\x86fix.bin\x86fix.bin.exe ()
    O4 - HKCU..\Run: [Picasa Media Detector] File not found
    [2011/05/10 00:13:38 | 000,000,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15851300r
    [2011/05/10 00:13:38 | 000,000,152 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15851300
    [2011/05/10 00:12:36 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15851300

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
karabogaz

karabogaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello Essexboy!

I am glad to have your attention and I am sorry for taking your weekend time. I just want you to know, I can read, follow and respond to your instructions only in the late evening/night hours in Europe (which seems to corespond with 2 P.M. - 5 P.M. of the "Forum time").

I hope not to distract you but maybe this will be helpful. As I looked in the previously posted OTL-log, I realized that "C:\spoolerlogs" was created very close to the time when the problems on my computers appeared (09.05.2011 in the late evening).


Now to your instructions

I ran Windows in normal mode and logged in as a normal user. I pasted the commands given by you to the "Custom Scans/Fixes" box and clicked the "Run Fix" button. Unfortunately, an OTL window popped up saying "Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts.". I clicked OK but then the system froze. OTL was in the stage "Resetting HOSTS file. DO NOT INTERRUPT...". At that point, there were no icons on the desktop and the Windows taskbar was not accessible. I waited 5 minutes more but nothing changed so I rebooted the computer. When I logged in as a normal user again, I noticed that Windows Media Player shortcut icon appeared on the desktop (I think it was there before the infection but it was certainly not there in the last days). Next, I performed the Quick scan with OTL, the result of which is pasted at the end of this post.


Do you think this error comes because I was not logged in as admin? Well, I am able to start OTL as admin but the computer reboots before I get the results of the Quick scan. In principle, I could run OTL as admin, open the text file with your commands (I put it on the desktop in the safe mode), paste the text to "Custom Scans/Fixes", click on Run Fix and hope to finish before the next reboot. Shall I try it? (Is it safe enough to interrupt this Run Fix a couple of times?)

In my opinion, I was not able to follow strictly your instruction "Let the program run unhindered, reboot the PC when it is done", so I didn't do anything with "aswMBR.exe" (i.e. I ignored your instructions after the word "THEN").


Here is the current OTL.Txt content

OTL logfile created on: 14/05/2011 23:49:09 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Warczoczki_2\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 455.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71.33 Gb Total Space | 45.05 Gb Free Space | 63.16% Space Free | Partition Type: NTFS
Drive D: | 71.84 Gb Total Space | 35.97 Gb Free Space | 50.07% Space Free | Partition Type: FAT32

Computer Name: SZCZENITOP | User Name: Warczoczki_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 22:50:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008/04/30 13:49:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\Service\starteLock.exe
PRC - [2008/03/22 21:36:40 | 000,208,896 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2007/10/17 19:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007/07/12 11:36:40 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2007/07/11 14:07:46 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/06/13 15:21:46 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 15:56:16 | 000,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/02 11:25:08 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 22:50:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.c...://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011/05/13 02:08:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/01/28 22:24:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/12/09 16:14:00 | 000,000,000 | ---D | M]

[2008/09/15 20:35:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Mozilla\Extensions
[2011/05/14 22:04:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Mozilla\Firefox\Profiles\vs6gsxp0.default\extensions
[2010/05/03 23:33:12 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Mozilla\Firefox\Profiles\vs6gsxp0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/14 22:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/07/13 22:19:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/09 14:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/13 02:08:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4
[2010/10/09 14:32:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/09 14:32:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 22:19:16 | 000,001,538 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 22:19:16 | 000,000,947 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 22:19:16 | 000,000,769 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 22:19:16 | 000,001,135 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [StarteLock] C:\Acer\Empowering Technology\eLock\Service\startelock.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [ckvacGUXRMcAmh] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Warczoczki_2\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 23:46:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Startmenü\Programme\CyberLink PowerDVD
[2011/05/14 23:01:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 22:52:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
[2011/05/14 01:40:27 | 007,592,248 | ---- | C] (AVG ) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\avg_pct_stf_all_2011_24_c4.exe
[2011/05/13 23:53:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\AVG10
[2011/05/13 02:09:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG 2011
[2011/05/13 02:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011/05/13 02:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/13 02:07:52 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2011/05/13 01:40:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Malwarebytes
[2011/05/13 00:59:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/05/12 00:40:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/12 00:40:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/05/12 00:40:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/05/12 00:40:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/12 00:40:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011/05/10 08:46:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Recent
[2011/05/10 03:52:05 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/10 03:42:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011/05/10 03:22:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/10 03:20:36 | 000,000,000 | ---D | C] -- C:\cd1da4e2dee384ea3b89a54b9785
[2011/05/09 23:57:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Eigene Dateien\Downloads
[2011/05/09 23:41:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\skypePM
[2011/05/09 23:40:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Skype
[2011/05/09 22:35:41 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/05/08 01:35:27 | 000,000,000 | ---D | C] -- C:\0fed69fe777803586d2eccae683035f1
[2011/05/07 02:10:00 | 000,000,000 | ---D | C] -- C:\c2b959e36c77c9554cc768
[2011/05/06 01:23:51 | 000,000,000 | ---D | C] -- C:\1b93b62f1fca53083216ce76
[2008/09/12 03:39:44 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2008/09/12 03:37:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2008/09/12 03:37:03 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/14 23:46:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/14 23:45:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 23:45:45 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 23:21:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 22:50:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
[2011/05/14 21:54:29 | 114,957,371 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/14 03:04:47 | 000,521,872 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/14 03:04:47 | 000,493,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/14 03:04:47 | 000,110,792 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/14 03:04:47 | 000,091,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/14 01:40:27 | 007,592,248 | ---- | M] (AVG ) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\avg_pct_stf_all_2011_24_c4.exe
[2011/05/13 02:09:42 | 000,000,674 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2011/05/12 00:40:40 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 23:29:43 | 000,000,309 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bdinstall.bin
[2011/05/10 08:30:46 | 000,003,584 | -H-- | M] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 15:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/14 21:54:29 | 114,957,371 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/14 09:04:37 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 02:09:42 | 000,000,674 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2011/05/12 00:40:40 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 23:29:42 | 000,000,309 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bdinstall.bin
[2011/05/10 08:30:45 | 000,003,584 | -H-- | C] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 23:27:52 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2011/02/03 00:47:00 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/03 00:38:56 | 000,000,089 | ---- | C] () -- C:\WINDOWS\bctester_de.INI
[2010/12/10 23:42:33 | 000,000,010 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\systemdate.dat
[2010/09/27 23:51:16 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\Atlas.INI
[2010/08/20 21:39:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/10 01:24:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/01/10 01:24:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/11/08 22:49:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/08 22:49:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/08 22:49:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/08 22:49:25 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/08 22:49:25 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/08 22:49:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/12 03:40:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008/09/12 03:38:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008/09/12 03:37:04 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008/09/11 22:34:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/11 22:12:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/11 21:52:34 | 000,000,145 | -H-- | C] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/06/13 11:58:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/03/23 00:58:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/23 00:58:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/23 00:33:22 | 000,521,872 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/03/23 00:33:22 | 000,493,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/03/23 00:33:22 | 000,110,792 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/03/23 00:33:22 | 000,091,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/03/22 22:57:28 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/22 21:34:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/05 17:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/06/05 16:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/28 15:56:14 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007/05/28 15:55:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/05/28 15:54:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007/03/22 20:59:10 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2007/01/04 15:10:22 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006/08/28 19:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/08/01 16:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/10 15:18:16 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/06 11:39:48 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/06 11:37:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 14:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2004/01/27 17:05:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\renderer.dll
[2003/11/24 16:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 16:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2002/09/12 23:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/12 23:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002/04/21 20:30:14 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/04/19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 15:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2002/04/02 00:16:30 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/04/02 00:16:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/04/02 00:15:40 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/06/22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll

========== LOP Check ==========

[2010/09/07 23:13:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlawarWrapper
[2011/05/13 02:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011/05/13 00:59:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/04/08 23:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/03/11 21:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto-Designer
[2010/08/20 21:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2011/05/13 02:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010/12/01 21:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2008/06/13 11:51:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008/11/30 00:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/05/13 23:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\AVG10
[2009/04/06 20:54:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\BESTplayer
[2011/03/13 01:24:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\OpenOffice.org

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will reset the hosts file later as that appears to be part of the problem area. Run this OTL fix in any mode that works for you, followed by the aswMBR programme. As I do need a look at your MBR

At some stage I may need you to uninstall AVG for a short period, but we will cross that bridge when we get to it

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [ckvacGUXRMcAmh] File not found
    [2011/05/09 22:35:41 | 000,000,000 | ---D | C] -- C:\spoolerlogs

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
karabogaz

karabogaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
What I did:

1. OTL

- pasted your quotes from the last post (#4) to the Custom Scans/Fixes box
- clicked on Run Fix bottom
- waited till the window popped up saying that the reboot should be done (clicked OK)
- performed Quick Scan (after reboot)

2. aswMBR

- downloaded aswMBR.exe to the desktop
- clicked on the icon


Status:

OTL Run Fix proceeded without any problems ("cmd.bat" file appeared on the desktop after rebooting). Quick Scan results are at the end of the post. I was unable to perform a scan in aswMBR, as the button is inaccessible (as shown on the screenshot). As far as I get it, something is wrong with some driver.

aswMBR_1.PNG


Remarks:

- The mentioned "c:\spoolerlogs" (which seems to me to be created at the time of infection) still exists. It contains the data "spooler.xml" which was created at the same time as the directory. As far as I understand Google results, it should be responsible for the cooperation with the printers. I just wanted to state that this laptop was never connected to any printer (I just thought that this might be important).

- I noticed that "Accessories" are missing in the Start Menu of Windows (I found in Google how to restore it, no help required here :) )



Below is the content of the OTL.Txt:


OTL logfile created on: 15/05/2011 23:00:12 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Warczoczki_2\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 449.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71.33 Gb Total Space | 44.78 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
Drive D: | 71.84 Gb Total Space | 35.97 Gb Free Space | 50.07% Space Free | Partition Type: FAT32

Computer Name: SZCZENITOP | User Name: Warczoczki_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 22:59:01 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2011/05/14 22:50:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008/04/30 13:49:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\Service\starteLock.exe
PRC - [2007/10/17 19:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007/07/12 11:36:40 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2007/07/11 14:07:46 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/06/13 15:21:46 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 15:56:16 | 000,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/02 11:25:08 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 22:50:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.c...://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011/05/13 02:08:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/01/28 22:24:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/12/09 16:14:00 | 000,000,000 | ---D | M]

[2008/09/15 20:35:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Mozilla\Extensions
[2011/05/14 22:04:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Mozilla\Firefox\Profiles\vs6gsxp0.default\extensions
[2010/05/03 23:33:12 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Mozilla\Firefox\Profiles\vs6gsxp0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/14 22:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/07/13 22:19:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/09 14:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/13 02:08:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4
[2010/10/09 14:32:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/09 14:32:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/22 22:19:16 | 000,001,538 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/22 22:19:16 | 000,000,947 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/22 22:19:16 | 000,000,769 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/22 22:19:16 | 000,001,135 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [StarteLock] C:\Acer\Empowering Technology\eLock\Service\startelock.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Warczoczki_2\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 22:58:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Startmenü\Programme\CyberLink PowerDVD
[2011/05/14 23:01:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/14 22:52:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
[2011/05/14 01:40:27 | 007,592,248 | ---- | C] (AVG ) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\avg_pct_stf_all_2011_24_c4.exe
[2011/05/13 23:53:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\AVG10
[2011/05/13 02:09:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG 2011
[2011/05/13 02:08:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011/05/13 02:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/13 02:07:52 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2011/05/13 01:40:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Malwarebytes
[2011/05/13 00:59:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/05/12 00:40:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/12 00:40:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/05/12 00:40:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/05/12 00:40:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/12 00:40:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011/05/10 08:46:42 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Recent
[2011/05/10 03:52:05 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/05/10 03:42:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011/05/10 03:22:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/10 03:20:36 | 000,000,000 | ---D | C] -- C:\cd1da4e2dee384ea3b89a54b9785
[2011/05/09 23:57:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Eigene Dateien\Downloads
[2011/05/09 23:41:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\skypePM
[2011/05/09 23:40:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\Skype
[2011/05/09 22:35:41 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/05/08 01:35:27 | 000,000,000 | ---D | C] -- C:\0fed69fe777803586d2eccae683035f1
[2011/05/07 02:10:00 | 000,000,000 | ---D | C] -- C:\c2b959e36c77c9554cc768
[2011/05/06 01:23:51 | 000,000,000 | ---D | C] -- C:\1b93b62f1fca53083216ce76
[2008/09/12 03:39:44 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2008/09/12 03:37:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2008/09/12 03:37:03 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 22:58:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 22:57:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 22:57:39 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 22:53:22 | 000,521,872 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/15 22:53:22 | 000,493,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/15 22:53:22 | 000,110,792 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/15 22:53:22 | 000,091,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/15 22:50:47 | 115,063,255 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/15 22:50:41 | 000,000,085 | ---- | M] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\cmd.bat
[2011/05/15 00:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 22:50:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\OTL.exe
[2011/05/14 01:40:27 | 007,592,248 | ---- | M] (AVG ) -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\avg_pct_stf_all_2011_24_c4.exe
[2011/05/13 02:09:42 | 000,000,674 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2011/05/12 00:40:40 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 23:29:43 | 000,000,309 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bdinstall.bin
[2011/05/10 08:30:46 | 000,003,584 | -H-- | M] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 15:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/15 22:50:47 | 115,063,255 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/15 22:50:41 | 000,000,085 | ---- | C] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Desktop\cmd.bat
[2011/05/15 00:10:13 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 02:09:42 | 000,000,674 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2011/05/12 00:40:40 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 23:29:42 | 000,000,309 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bdinstall.bin
[2011/05/10 08:30:45 | 000,003,584 | -H-- | C] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 23:27:52 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2011/02/03 00:47:00 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/03 00:38:56 | 000,000,089 | ---- | C] () -- C:\WINDOWS\bctester_de.INI
[2010/12/10 23:42:33 | 000,000,010 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\systemdate.dat
[2010/09/27 23:51:16 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\Atlas.INI
[2010/08/20 21:39:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/01/10 01:24:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/01/10 01:24:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/11/08 22:49:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/08 22:49:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/08 22:49:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/08 22:49:25 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/08 22:49:25 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/08 22:49:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/12 03:40:21 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008/09/12 03:38:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008/09/12 03:37:04 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008/09/11 22:34:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/11 22:12:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/11 21:52:34 | 000,000,145 | -H-- | C] () -- C:\Dokumente und Einstellungen\Warczoczki_2\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/06/13 11:58:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/03/23 00:58:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/23 00:58:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/23 00:33:22 | 000,521,872 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/03/23 00:33:22 | 000,493,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/03/23 00:33:22 | 000,110,792 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/03/23 00:33:22 | 000,091,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/03/22 22:57:28 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/22 21:34:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/03/22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/05 17:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/06/05 16:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/28 15:56:14 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007/05/28 15:55:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/05/28 15:54:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007/03/22 20:59:10 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2007/01/04 15:10:22 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006/08/28 19:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/08/01 16:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/10 15:18:16 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/06 11:39:48 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/06 11:37:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 14:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2004/01/27 17:05:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\renderer.dll
[2003/11/24 16:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 16:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2002/09/12 23:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/12 23:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002/04/21 20:30:14 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/04/19 16:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[2002/04/19 15:51:04 | 000,211,760 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2002/04/02 00:16:30 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/04/02 00:16:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/04/02 00:15:40 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/06/22 13:06:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll

========== LOP Check ==========

[2010/09/07 23:13:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlawarWrapper
[2011/05/13 02:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011/05/13 00:59:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011/04/08 23:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/03/11 21:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto-Designer
[2010/08/20 21:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2011/05/13 02:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010/12/01 21:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2008/06/13 11:51:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008/11/30 00:16:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/05/13 23:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\AVG10
[2009/04/06 20:54:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\BESTplayer
[2011/03/13 01:24:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Warczoczki_2\Anwendungsdaten\OpenOffice.org

========== Purity Check ==========



< End of report >

Edited by karabogaz, 15 May 2011 - 04:43 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
aswMBR report is a tad weird so I will run one other programme first before we try combofix

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
karabogaz

karabogaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
What I did:

- logged in as a normal user in the normal mode
- downloaded TDSSKiller and saved it to the Desktop
- extracted its content to the directory placed on the Desktop
- clicked on the TDSSKiller.exe icon (2 windows appeared: "Warning: Can't initialize log" and "Warning: Can't load driver")
- clicked on Start scan
- after the scan completion clicked on Close
- clicked on Report

Here is the screenshot when the scan was completed.

tdsskiller_failed.PNG

The report did not show up after I clicked on Report and I couldn't find the report file on my computer.


THEN

This brilliant idea reached my mind, that you will probably not mind if I try these things in the safe mode (which you actually suggested in post #4). So:

What I did (2):

- logged in as admin in the safe mode with the network active
- downloaded and executed aswMBR.exe (as requested by you in post #4)
- clicked on Scan
- after the scan was completed, I clicked on Save log (attached at the end of this post)

followed by

- downloaded TDSSKiller and saved it to the Desktop
- extracted its content to the directory placed on the Desktop
- clicked on the TDSSKiller.exe icon
- clicked on Start scan
- after the scan completion clicked on Close
- clicked on Report (it is attached at the end of this post after the log from aswMBR. No reboot was necessary)

Additionally, I tried to run TDSSKiller.exe as admin in normal mode. I was able to start the scan and the system held, till the end of it. I saw that nothing was found but was unable to save a log or make a screenshot (system didn't react and rebooted after a while).


Status:

- Both aswMBR and TDSSKiller scans ran without problems on safe mode.
- They didn't work (could not be initialized properly?) in the normal mode as a normal user.
- As far as I understand the output of the logs, I would guess it could be worse with my machine


Remarks:

- I am sorry for catching the safe mode idea so late - I know it might have spared your time.
- I didn't try aswMBR as admin in normal mode, wasn't sure if it is a good idea to touch MBR from there.



Below is the requested (post #4) log from aswMBR followed by the report from TDSSKiller (both taken in the safe mode)



aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-16 23:17:23
-----------------------------
23:17:23.265 OS Version: Windows 5.1.2600 Service Pack 2
23:17:23.265 Number of processors: 2 586 0xF0D
23:17:23.265 ComputerName: SZCZENITOP UserName: Warczoczki
23:17:26.046 Initialize success
23:18:54.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:18:54.890 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
23:18:56.921 Disk 0 MBR read successfully
23:18:56.921 Disk 0 MBR scan
23:18:56.937 Disk 0 unknown MBR code
23:18:58.953 Disk 0 scanning sectors +312576705
23:18:58.984 Disk 0 scanning C:\WINDOWS\system32\drivers
23:19:02.968 Service scanning
23:19:06.218 Disk 0 trace - called modules:
23:19:06.250 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:19:06.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ec33b8]
23:19:06.281 3 CLASSPNP.SYS[f78ec05b] -> nt!IofCallDriver -> \Device\000000bb[0x86ed69e8]
23:19:06.296 5 ACPI.sys[f77c1620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86ed7940]
23:19:06.328 Scan finished successfully
23:20:13.687 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Warczoczki\Desktop\MBR.dat"
23:20:13.734 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Warczoczki\Desktop\aswMBR.txt"


################################################################################################################################################


2011/05/16 23:36:01.0359 1648 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 23:36:01.0421 1648 ================================================================================
2011/05/16 23:36:01.0421 1648 SystemInfo:
2011/05/16 23:36:01.0421 1648
2011/05/16 23:36:01.0421 1648 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/16 23:36:01.0421 1648 Product type: Workstation
2011/05/16 23:36:01.0421 1648 ComputerName: SZCZENITOP
2011/05/16 23:36:01.0421 1648 UserName: Warczoczki
2011/05/16 23:36:01.0421 1648 Windows directory: C:\WINDOWS
2011/05/16 23:36:01.0421 1648 System windows directory: C:\WINDOWS
2011/05/16 23:36:01.0421 1648 Processor architecture: Intel x86
2011/05/16 23:36:01.0421 1648 Number of processors: 2
2011/05/16 23:36:01.0421 1648 Page size: 0x1000
2011/05/16 23:36:01.0421 1648 Boot type: Safe boot with network
2011/05/16 23:36:01.0421 1648 ================================================================================
2011/05/16 23:36:01.0703 1648 Initialize success
2011/05/16 23:36:30.0500 2000 ================================================================================
2011/05/16 23:36:30.0500 2000 Scan started
2011/05/16 23:36:30.0500 2000 Mode: Manual;
2011/05/16 23:36:30.0500 2000 ================================================================================
2011/05/16 23:36:31.0828 2000 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/16 23:36:31.0843 2000 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/16 23:36:31.0875 2000 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/16 23:36:31.0906 2000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/16 23:36:31.0937 2000 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/05/16 23:36:32.0062 2000 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/16 23:36:32.0109 2000 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/16 23:36:32.0140 2000 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/16 23:36:32.0171 2000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/16 23:36:32.0203 2000 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/16 23:36:32.0218 2000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/16 23:36:32.0265 2000 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/16 23:36:32.0312 2000 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/16 23:36:32.0343 2000 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/16 23:36:32.0359 2000 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/16 23:36:32.0453 2000 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/05/16 23:36:32.0578 2000 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/16 23:36:32.0625 2000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/16 23:36:32.0656 2000 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/16 23:36:32.0687 2000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/16 23:36:32.0750 2000 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/16 23:36:32.0781 2000 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/16 23:36:32.0843 2000 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/16 23:36:32.0968 2000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/16 23:36:33.0046 2000 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/16 23:36:33.0078 2000 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/16 23:36:33.0187 2000 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/16 23:36:33.0250 2000 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/16 23:36:33.0328 2000 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/16 23:36:33.0453 2000 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/16 23:36:33.0531 2000 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/16 23:36:33.0671 2000 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/16 23:36:33.0750 2000 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/16 23:36:33.0890 2000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/16 23:36:33.0953 2000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/16 23:36:33.0968 2000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/16 23:36:34.0031 2000 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/16 23:36:34.0078 2000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/16 23:36:34.0125 2000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/16 23:36:34.0218 2000 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/16 23:36:34.0281 2000 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/16 23:36:34.0359 2000 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/16 23:36:34.0375 2000 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/16 23:36:34.0406 2000 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/16 23:36:34.0484 2000 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/16 23:36:34.0515 2000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/16 23:36:34.0546 2000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/16 23:36:34.0593 2000 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/16 23:36:34.0703 2000 DKbFltr (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/05/16 23:36:34.0796 2000 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/16 23:36:34.0906 2000 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/16 23:36:34.0937 2000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/16 23:36:35.0000 2000 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/16 23:36:35.0031 2000 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/16 23:36:35.0062 2000 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/16 23:36:35.0125 2000 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
2011/05/16 23:36:35.0281 2000 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/16 23:36:35.0359 2000 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/16 23:36:35.0390 2000 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/05/16 23:36:35.0406 2000 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/16 23:36:35.0468 2000 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/16 23:36:35.0578 2000 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/16 23:36:35.0640 2000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/16 23:36:35.0671 2000 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/16 23:36:35.0765 2000 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/05/16 23:36:35.0812 2000 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/16 23:36:35.0828 2000 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/16 23:36:35.0984 2000 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/16 23:36:36.0078 2000 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/16 23:36:36.0109 2000 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/16 23:36:36.0218 2000 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/16 23:36:36.0312 2000 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/16 23:36:36.0421 2000 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/16 23:36:36.0531 2000 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/05/16 23:36:36.0656 2000 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2011/05/16 23:36:36.0796 2000 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/16 23:36:36.0843 2000 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/16 23:36:36.0875 2000 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/16 23:36:37.0187 2000 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/16 23:36:37.0484 2000 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/16 23:36:37.0578 2000 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/16 23:36:37.0609 2000 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/16 23:36:37.0671 2000 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys
2011/05/16 23:36:37.0765 2000 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/05/16 23:36:38.0015 2000 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/16 23:36:38.0281 2000 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/16 23:36:38.0312 2000 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/16 23:36:38.0359 2000 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/16 23:36:38.0390 2000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/16 23:36:38.0421 2000 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/16 23:36:38.0468 2000 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/16 23:36:38.0593 2000 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/16 23:36:38.0640 2000 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/16 23:36:38.0671 2000 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/16 23:36:38.0718 2000 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/16 23:36:38.0875 2000 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/16 23:36:38.0953 2000 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/16 23:36:39.0015 2000 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/16 23:36:39.0203 2000 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/16 23:36:39.0328 2000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/16 23:36:39.0359 2000 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/16 23:36:39.0390 2000 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/16 23:36:39.0453 2000 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/16 23:36:39.0484 2000 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/16 23:36:39.0609 2000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/16 23:36:39.0625 2000 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/16 23:36:39.0703 2000 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/16 23:36:39.0875 2000 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/16 23:36:39.0921 2000 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/16 23:36:39.0984 2000 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/16 23:36:40.0015 2000 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/16 23:36:40.0125 2000 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/16 23:36:40.0203 2000 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/16 23:36:40.0234 2000 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/16 23:36:40.0343 2000 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/16 23:36:40.0390 2000 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/16 23:36:40.0437 2000 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/16 23:36:40.0484 2000 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/16 23:36:40.0609 2000 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/16 23:36:40.0625 2000 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/16 23:36:40.0671 2000 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/16 23:36:40.0703 2000 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/16 23:36:40.0750 2000 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/16 23:36:40.0921 2000 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/16 23:36:40.0968 2000 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/16 23:36:41.0000 2000 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/05/16 23:36:41.0031 2000 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/16 23:36:41.0203 2000 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/05/16 23:36:41.0250 2000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/16 23:36:41.0281 2000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/16 23:36:41.0312 2000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/16 23:36:41.0359 2000 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/16 23:36:41.0390 2000 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/16 23:36:41.0515 2000 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/16 23:36:41.0546 2000 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/16 23:36:41.0562 2000 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/16 23:36:41.0640 2000 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/16 23:36:41.0671 2000 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/16 23:36:41.0812 2000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/16 23:36:41.0828 2000 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/16 23:36:41.0937 2000 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/16 23:36:41.0968 2000 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/16 23:36:42.0109 2000 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/16 23:36:42.0156 2000 psdfilter (32338659e9da79055406f2157cd0e1df) C:\WINDOWS\system32\Drivers\psdfilter.sys
2011/05/16 23:36:42.0203 2000 psdvdisk (4c7947014674df40b7af52342a9157d0) C:\WINDOWS\system32\Drivers\psdvdisk.sys
2011/05/16 23:36:42.0234 2000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/16 23:36:42.0359 2000 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/16 23:36:42.0390 2000 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/16 23:36:42.0421 2000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/16 23:36:42.0453 2000 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/16 23:36:42.0484 2000 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/16 23:36:42.0515 2000 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/16 23:36:42.0546 2000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/16 23:36:42.0593 2000 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/16 23:36:42.0625 2000 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/16 23:36:42.0656 2000 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/16 23:36:42.0687 2000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/16 23:36:42.0812 2000 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/16 23:36:42.0843 2000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/16 23:36:42.0906 2000 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/16 23:36:42.0953 2000 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/16 23:36:42.0984 2000 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/16 23:36:43.0187 2000 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/16 23:36:43.0218 2000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/16 23:36:43.0265 2000 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/16 23:36:43.0328 2000 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/16 23:36:43.0421 2000 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/16 23:36:43.0531 2000 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/16 23:36:43.0609 2000 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/16 23:36:43.0750 2000 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/16 23:36:43.0781 2000 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/16 23:36:43.0828 2000 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/16 23:36:43.0890 2000 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/16 23:36:43.0953 2000 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/16 23:36:43.0984 2000 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/16 23:36:44.0093 2000 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/16 23:36:44.0140 2000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/16 23:36:44.0171 2000 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/16 23:36:44.0203 2000 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/16 23:36:44.0218 2000 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/16 23:36:44.0265 2000 SynTP (cc5da243cfdac58fc0408f7ce24084c5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/16 23:36:44.0296 2000 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/16 23:36:44.0453 2000 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/16 23:36:44.0500 2000 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/16 23:36:44.0531 2000 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/16 23:36:44.0640 2000 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/16 23:36:44.0718 2000 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
2011/05/16 23:36:44.0828 2000 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/16 23:36:44.0906 2000 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
2011/05/16 23:36:44.0921 2000 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/05/16 23:36:44.0968 2000 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/16 23:36:45.0000 2000 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/16 23:36:45.0046 2000 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/16 23:36:45.0218 2000 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/16 23:36:45.0250 2000 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/16 23:36:45.0281 2000 usbehci (b0d7020386c7187ef9c5a9643f289cd3) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/16 23:36:45.0312 2000 usbhub (ace960e54148821e8e48f5d191562c28) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/16 23:36:45.0421 2000 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/16 23:36:45.0468 2000 usbuhci (ff6e4fdeb82dc228efa490336409c6bd) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/16 23:36:45.0515 2000 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/16 23:36:45.0546 2000 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/16 23:36:45.0656 2000 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/16 23:36:45.0671 2000 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/16 23:36:45.0718 2000 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/16 23:36:45.0765 2000 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/16 23:36:45.0828 2000 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/16 23:36:45.0906 2000 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/16 23:36:46.0093 2000 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/16 23:36:46.0171 2000 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/16 23:36:46.0234 2000 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
2011/05/16 23:36:46.0406 2000 ================================================================================
2011/05/16 23:36:46.0406 2000 Scan finished
2011/05/16 23:36:46.0406 2000 ================================================================================

Edited by karabogaz, 16 May 2011 - 04:56 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK before I fix the MBR I need to know if the system is a Dell manufactured one

We will need to uninstall AVG for this next bit

Download to your desktop a fresh copy of AVG
Download to your desktop AVG removal tool
Downoad to your desktop Combofix
Link 1
Link 2

Uninstall AVG via control panel and reboot
Run the AVG removal tool and reboot

[*]Double click on ComboFix.exe & follow the prompts.


[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.[/list]
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
karabogaz

karabogaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

OK before I fix the MBR

So it needs a repair? Great...

I need to know if the system is a Dell manufactured one

How do I recognize it? It is Acer laptop so I guess it is not Dell manufactured...


Now back to my homework:

What I did:
(everything was performed as admin in safe mode)

- Downloaded the newest version of AVG (avg_free_stb_all_2011_1375_cnet.exe), AVG remover (avg_remover_stf_x86_2011_1322.exe) and Combofix (from bleepingcomputer.com)
- uninstalled AVG using control panel and rebooted
- ran AVG remover and rebooted
- ran Combofix.exe. I got a message that AVG Internet Security 2011 is still active.
- ran AVG remover 3 more times, rebooting after every run
- ran Combofix.exe. I got again 2 messages that AVG Internet Security 2011 is still active. I just ignored it (clicking on OK)
- accepted the instalation of the Windows Recovery Console
- waited till Combofix finishes


Status:

- AVG uninstalled, but maybe not completely
- Microsoft Windows Recovery Console installed (I can see it after every reboot)
- Combofix run performed


Remarks:

- Combofix worked in German - I think it is due to the German Windows which I have. I guess you are quite familiar with Combofix logs so you will know what is there. Nevertheless, let me know if there is anything you want me to translate.


Below is the content of ComboFix.txt:

ComboFix 11-05-17.01 - Warczoczki 18/05/2011 10:00:08.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.43.1031.18.1014.797 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Warczoczki\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Warczoczki\WINDOWS
c:\dokumente und einstellungen\Warczoczki_2\WINDOWS
C:\winxnet.bin
c:\winxnet.bin\config.bin
c:\winxnet.bin\winxnet.bin.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-18 bis 2011-05-18 ))))))))))))))))))))))))))))))
.
.
2011-05-17 22:58 . 2011-05-17 22:58 -------- d-----w- c:\windows\LastGood.Tmp
2011-05-17 22:47 . 2011-05-17 22:47 -------- d-----w- C:\Rbackup
2011-05-17 22:46 . 2011-05-17 23:14 -------- d-----w- c:\programme\Perfect Uninstaller
2011-05-16 21:01 . 2011-05-16 21:02 -------- d-----w- c:\windows\system32\NtmsData
2011-05-16 18:01 . 2011-05-16 18:01 -------- d-----w- C:\8500ef13acfe2386414799424911
2011-05-16 18:01 . 2011-05-16 18:01 -------- d-----w- C:\f09e0cfe20afc88d8c
2011-05-14 21:01 . 2011-05-14 21:01 -------- d-----w- C:\_OTL
2011-05-13 21:53 . 2011-05-13 21:53 -------- d-----w- c:\dokumente und einstellungen\Warczoczki_2\Anwendungsdaten\AVG10
2011-05-13 00:08 . 2011-05-17 23:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG10
2011-05-12 23:40 . 2011-05-12 23:40 -------- d-----w- c:\dokumente und einstellungen\Warczoczki_2\Anwendungsdaten\Malwarebytes
2011-05-12 23:03 . 2011-05-12 23:03 0 ---ha-w- c:\dokumente und einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\BITA.tmp
2011-05-12 23:01 . 2011-05-12 23:01 0 ---ha-w- c:\dokumente und einstellungen\Warczoczki\Lokale Einstellungen\Anwendungsdaten\BIT6.tmp
2011-05-12 22:59 . 2011-05-12 22:59 -------- d--h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2011-05-11 22:40 . 2011-05-11 22:40 -------- d-----w- c:\dokumente und einstellungen\Warczoczki\Anwendungsdaten\Malwarebytes
2011-05-11 22:40 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 22:40 . 2011-05-11 22:40 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-05-11 22:40 . 2011-05-11 22:40 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-05-11 22:40 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 21:29 . 2011-05-10 21:29 309 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\bdinstall.bin
2011-05-10 21:18 . 2011-05-10 21:18 -------- d-----w- c:\dokumente und einstellungen\Warczoczki\Anwendungsdaten\QuickScan
2011-05-10 01:52 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-10 01:42 . 2011-05-17 23:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2011-05-10 01:20 . 2011-05-10 01:21 -------- d-----w- C:\cd1da4e2dee384ea3b89a54b9785
2011-05-09 21:41 . 2011-05-09 21:41 -------- d--h--w- c:\dokumente und einstellungen\Warczoczki_2\Anwendungsdaten\skypePM
2011-05-09 21:40 . 2011-05-09 21:43 -------- d--h--w- c:\dokumente und einstellungen\Warczoczki_2\Anwendungsdaten\Skype
2011-05-09 20:35 . 2011-05-09 20:35 -------- d-----w- C:\spoolerlogs
2011-05-07 23:35 . 2011-05-07 23:35 -------- d-----w- C:\0fed69fe777803586d2eccae683035f1
2011-05-07 00:10 . 2011-05-07 00:10 -------- d-----w- C:\c2b959e36c77c9554cc768
2011-05-05 23:23 . 2011-05-05 23:23 -------- d-----w- C:\1b93b62f1fca53083216ce76
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 01:46 . 2008-09-12 01:22 90112 ----a-w- c:\windows\DUMP8d4b.tmp
2011-04-08 21:15 . 2011-04-08 21:11 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-11 20:02 . 2008-09-11 20:18 206742 ----a-w- c:\dokumente und einstellungen\Warczoczki\Anwendungsdaten\mdbu.bin
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\programme\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"StarteLock"="c:\acer\Empowering Technology\eLock\Service\startelock.exe" [2008-04-30 24576]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
c:\dokumente und einstellungen\Warczoczki_2\Startmen\Programme\Autostart\
OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\dokumente und einstellungen\Warczoczki\Startmen\Programme\Autostart\
OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-9-12 45056]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Warczoczki^Startmenü^Programme^Autostart^Ubisoft register.lnk]
path=c:\dokumente und einstellungen\Warczoczki\Startmenü\Programme\Autostart\Ubisoft register.lnk
backup=c:\windows\pss\Ubisoft register.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"MSSQL$MSSMLBIZ"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [08/04/2011 23:11 218688]
S0 kevail;kevail;c:\windows\system32\drivers\oucm.sys --> c:\windows\system32\drivers\oucm.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [23/10/2009 21:03 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [23/10/2009 21:03 133104]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [31/07/2009 23:28 102656]
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-23 19:03]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-23 19:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = my.daemon-search.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Warczoczki\Anwendungsdaten\Mozilla\Firefox\Profiles\zk2zfuks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pajacyk.pl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: TurnTool Viewer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Illimitux: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DAEMON Tools Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Picasa Media Detector - c:\programme\Picasa2\PicasaMediaDetector.exe
HKCU-Run-4CB087F7DE022E9C - c:\x86fix.bin\x86fix.bin.exe
HKCU-Run-3A1BE7505F6BED46 - c:\winxnet.bin\winxnet.bin.exe
HKLM-Run-eLockMonitor - c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 10:03
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-18 10:05:01
ComboFix-quarantined-files.txt 2011-05-18 08:04
.
Vor Suchlauf: 27 Verzeichnis(se), 48,532,008,960 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 51,702,632,448 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2F5781A742411BC1D26BAFE20F37FA27
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Actually I may not need to repair your MBR - but at least I know I can if it is an Acer

What problems are you experiencing at the moment
  • 0

#11
karabogaz

karabogaz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Bless my heart! The problems are gone! :unsure:

I can work as admin in normal mode and no messages are appearing. There are no unprovoked reboots observed. :)

There was just one thing left, but I handled it myself. EVERY time I logged in as admin in normal mode, I was getting the message window saying:

"Either another instance of OpenOffice.org is accessing your personal settings or your personal settings are locked. Simultaneous access can lead to inconsistencies in your personal settings. Before continuing, you should make sure user 'ungs??' closes OpenOffice.org on host 'SZCZENITOP'. Do you really want to continue?"

with (yes) and (no) buttons. So I made AVG scan (sorry, I installed it again without asking - can uninstall it again if you wish) which found 2 data infected with PSW.Generic8 in c:\system volume information. Next, I also removed OpenOffice from Startup folder (was surprised to find it there). Now the problem is gone (no window after log in or opening OpenOffice)

Do you have any commetns on that issue?

If not, then I think you might be done with me (unless stated otherwise). So before you close this topic, let me thank you cordially for your help and time you spent on my problem. I might try to take a GeekU course, become as clever as you are, and pay it forward, though I am not sure if I have the enough of brain for it. :yes:

Edited by karabogaz, 20 May 2011 - 06:20 AM.

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem with AVG saves me asking you to re-install :unsure:

The items detected by AVG were in the system restore and relatively harmless as the next task will be to purge them.

As for open office as it was in the start menu that means the programme would start with the computer, hence the allready running dialogue

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP