Live Security Platinum malware [Closed]

Yesterday, this malware installed on my Computer while browsing with Firefox, probably through either an outdated, Shockwave, Flash or Java plugin. The "execute as administrator" popup started to come up (while I clicked on "No" all the time) and Avira Antivirus showed a message that an infected file was found but was unable to remove it.

To prevent further damage I shutdown the computer, but after i restarted it, some annoying windows from the malware started to pop up and prevented running any other software.

I rebooted Windows and entered the protected mode and somehow managed to remove it by running several antivirus programms and malware scanners and by manually removing a startup entry and the folder where that software was located.

Subsequently, I run the following antivirus/malware removal tools and made complete scans and removed everything any of the programms reported:
Kaspersky Antivirus Standalone Scanner
ESET Online Scanner
Avira Free Antivirus
Kaspersky TDSS
Malwarebytes Anti Malware

I am still unsure though, if everything was removed or if I need to do more to assure that everything is fine again. I am running Sophos Rootkit Scanner for several hours now and that's when I found your site.

I hope you can help me with my problem.

Below is the OTL log file of my system:

OTL logfile created on: 28.08.2012 23:23:00 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = E:\APP CONTAINER
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,91% Memory free
7,99 Gb Paging File | 6,09 Gb Available in Paging File | 76,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 317,79 Gb Free Space | 68,24% Space Free | Partition Type: NTFS
Drive D: | 331,10 Gb Total Space | 269,32 Gb Free Space | 81,34% Space Free | Partition Type: FAT32
Drive E: | 299,98 Gb Total Space | 39,88 Gb Free Space | 13,29% Space Free | Partition Type: FAT32
Drive F: | 299,97 Gb Total Space | 144,09 Gb Free Space | 48,04% Space Free | Partition Type: FAT32

Computer Name: RAVEN | User Name: Phoebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\APP CONTAINER\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Gigabyte\ET6\GUI.exe ()
PRC - C:\Program Files (x86)\Common Files\AOL\1322030542\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe (Sophos Plc)
PRC - C:\Users\Phoebe\AppData\Local\Temp\bbcvcs.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\work.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Normal.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\HM.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\OCK.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\SF.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\MFCCPU.DLL ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\GVTunner.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\STT.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\GUI.exe ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\ycc.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\StabilityLib.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\GPTT.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\IccLibDll.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\AMD8.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Platform.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Device.dll ()
MOD - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar4.dll ()
MOD - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar3.dll ()
MOD - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar1.dll ()
MOD - C:\Users\Phoebe\AppData\Local\Temp\bbcvcs.exe ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\CIAMIB.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\aticlocklib.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Sound.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ocster_backup) -- c:\Programme\Ocster Backup\bin\backupService-ox.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft Inc.)
SRV - (DAZContentManagementService) -- C:\Programme\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV:64bit: - (dump_wmimmc) -- C:\Program Files\Rappelz\GameGuard\dump_wmimmc.sys File not found
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (DigiartyVirtualCDBus) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys (Digiarty Software, Inc.)
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (Hfsplus) -- C:\Windows\SysNative\drivers\hfsplus.sys (Paragon Software Group)
DRV:64bit: - (gpt_loader) -- C:\Windows\SysNative\drivers\gpt_loader.sys (Paragon Software Group)
DRV:64bit: - (apmwin) -- C:\Windows\SysNative\drivers\apmwin.sys (Paragon Software Group)
DRV:64bit: - (mounthlp) -- C:\Windows\SysNative\drivers\mounthlp.sys (Paragon Software Group)
DRV:64bit: - (HfsplusRec) -- C:\Windows\SysNative\drivers\hfsplusrec.sys (Paragon Software Group)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SafDskNT) -- C:\Windows\SysNative\drivers\SAFDSKNT.SYS (PC Dynamics, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\49FC.tmp (Sophos Plc)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (scramby_out) -- C:\Windows\SysNative\drivers\scramby_out.sys (RapidSolution Software AG)
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys (RapidSolution Software AG)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (AODDriver) -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys (Advanced Micro Devices)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (atillk64) -- C:\Program Files (x86)\Gigabyte\ET6\atillk64.sys (ATI Technologies Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 BB B8 B9 4D 9F CB 01 [binary data]
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes\{88B1E58D-5589-4851-B26F-1E81B0DB268A}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.backup.ftp: "188.64.188.169"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "108.73.29.84"
FF - prefs.js..network.proxy.backup.gopher_port: 11769
FF - prefs.js..network.proxy.backup.socks: "188.64.188.169"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "188.64.188.169"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "188.64.188.169"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "165.193.102.220"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "188.64.188.169"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "188.64.188.169"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "188.64.188.169"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.28 21:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.28 11:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.04 10:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.11.24 23:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Extensions
[2010.11.24 23:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.28 21:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions
[2010.11.29 05:01:28 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012.03.30 10:43:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.30 10:43:54 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions\[email protected]
[2012.05.14 17:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.28 21:58:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.14 17:47:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 21:58:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.14 17:47:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.14 17:47:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.14 17:47:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.14 17:47:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.08.28 20:14:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [apmwinapp] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0 Special Edition\apmwinsrv.exe ()
O4:64bit: - HKLM..\Run: [Ocster Backup] C:\Program Files\Ocster Backup\bin\backupClient-ox.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0 Special Edition\activation\hfsactivator.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1322030542\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1012..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe ()
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E01537-B141-42E8-8B89-532F77980D94}: NameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A77FD157-2791-4797-B7BD-3A8A9435FBCE}: NameServer = 192.168.0.10,194.8.194.60
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.27 21:59:50 | 000,001,104 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000.11.28 02:03:50 | 000,001,095 | -HS- | M] () - D:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2004.07.19 20:29:44 | 000,001,283 | -HS- | M] () - D:\AUTOEXEC.BAK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.28 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.28 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.08.28 20:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.28 20:44:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.28 20:44:19 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.28 20:02:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.28 14:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.28 09:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.08.28 09:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.08.28 09:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.28 09:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.08.28 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Riut
[2012.08.28 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Coohgu
[2012.08.28 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Atoqh
[2012.08.24 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2012.08.16 18:29:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 18:29:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 18:29:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 18:29:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 18:29:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 18:29:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 18:29:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 18:29:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 18:29:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 18:29:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 18:29:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 18:29:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 18:29:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 18:17:57 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 18:17:56 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 18:17:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 18:17:55 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 18:17:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 18:17:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 18:17:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 18:17:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.10 18:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.28 21:08:58 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 21:08:58 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 21:01:43 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.08.28 21:01:43 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.08.28 21:01:34 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.08.28 21:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 21:00:28 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 20:44:09 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.28 20:44:09 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.28 20:44:09 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.28 20:44:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.28 20:44:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.28 20:44:09 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.28 20:14:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.28 11:41:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.28 11:41:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.28 11:23:07 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2012.08.28 09:06:34 | 000,001,262 | ---- | M] () -- C:\Users\Phoebe\Desktop\Spybot - Search & Destroy.lnk
[2012.08.25 15:32:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.24 21:46:31 | 000,001,030 | ---- | M] () -- C:\Users\Phoebe\Desktop\Miranda IM.lnk
[2012.08.16 18:56:50 | 000,386,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.11 08:55:30 | 000,004,714 | ---- | M] () -- C:\Users\Phoebe\AppData\Local\recently-used.xbel
[2012.08.11 07:54:16 | 000,001,941 | ---- | M] () -- C:\Users\Phoebe\Desktop\Blender.lnk
[2012.08.11 07:54:16 | 000,001,928 | ---- | M] () -- C:\Users\Phoebe\Desktop\DAZ Studio 4 (64bit).lnk
[2012.08.11 07:54:15 | 000,001,095 | ---- | M] () -- C:\Users\Phoebe\Desktop\WinX DVD Copy Pro.lnk
[2012.08.10 18:59:52 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.05 18:35:16 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 18:35:16 | 000,666,512 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 18:35:16 | 000,625,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 18:35:16 | 000,135,440 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 18:35:16 | 000,110,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.28 20:17:40 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.08.28 09:06:34 | 000,001,262 | ---- | C] () -- C:\Users\Phoebe\Desktop\Spybot - Search & Destroy.lnk
[2012.08.11 08:55:30 | 000,004,714 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\recently-used.xbel
[2012.03.14 08:59:38 | 000,000,600 | ---- | C] () -- C:\Users\Phoebe\AppData\Roaming\winscp.rnd
[2012.03.14 08:54:19 | 000,000,600 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\PUTTY.RND
[2012.02.20 09:29:51 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.11.23 08:34:21 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011.11.23 07:52:28 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.09.15 22:18:38 | 000,005,120 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\Databases.db
[2011.08.31 05:12:59 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011.06.17 18:23:38 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011.06.17 18:23:15 | 000,208,155 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011.05.07 19:03:16 | 000,652,275 | ---- | C] () -- C:\Users\Phoebe\.fonts.cache-1
[2011.01.21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2010.12.12 03:29:48 | 000,000,092 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\fusioncache.dat
[2010.12.12 03:28:44 | 001,558,722 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.11 01:48:26 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.12.06 22:56:15 | 000,012,800 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.02 08:33:05 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2010.11.26 07:54:44 | 000,007,607 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\Resmon.ResmonCfg
[2010.11.23 21:51:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.11.23 21:47:04 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.11.23 21:42:39 | 000,000,022 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.11.23 21:26:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2010.11.25 10:17:34 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\.BitTornado
[2011.04.23 08:22:04 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\4Media
[2012.03.14 21:48:26 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\5AA5B421-EE90-4F77-907F-A12B99EF7B5D
[2012.03.14 21:49:37 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Acronis
[2010.12.03 01:08:22 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ASCOMP Software
[2011.12.22 06:12:08 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Ashampoo
[2012.08.28 08:25:26 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Atoqh
[2011.06.19 05:20:06 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Auslogics
[2011.06.04 23:05:24 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Avnex
[2011.09.23 13:31:41 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Blender Foundation
[2012.08.28 08:31:08 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Coohgu
[2012.03.06 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\DAZ 3D
[2012.01.06 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Digiarty
[2011.06.02 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Engelmann Media
[2011.12.05 02:11:00 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Firestorm
[2010.11.24 21:04:46 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\GetRightToGo
[2011.11.11 09:04:00 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\gtk-2.0
[2010.11.24 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ICQ
[2012.03.26 00:25:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ImgBurn
[2011.07.01 08:05:28 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Imprudence
[2011.05.27 20:23:56 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ImTOO
[2011.06.18 06:29:13 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\IrfanView
[2011.10.13 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\IsolatedStorage
[2012.07.24 06:45:08 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\JPEGsnoop
[2010.11.26 05:12:40 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Leadertech
[2011.12.24 19:24:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\MAGIX
[2010.11.24 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Miranda
[2011.06.12 06:40:56 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Miranda IM
[2010.12.29 07:13:03 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\mp3DirectCut
[2011.12.06 06:03:50 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\NeoDownloader
[2011.12.01 09:57:31 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Nik Software
[2011.06.06 01:10:01 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\NoteTab Light
[2010.11.25 04:06:12 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\OpenOffice.org
[2010.11.29 10:08:35 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Opera
[2012.01.06 01:31:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ProcessLasso
[2011.09.27 07:16:45 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\RainbowViewer
[2012.08.28 11:04:52 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Riut
[2011.07.15 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Screaming Bee
[2012.02.23 06:46:28 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\SecondLife
[2011.06.15 06:02:42 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Softplicity
[2011.07.21 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Solveig Multimedia
[2012.02.23 23:48:29 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\thriXXX
[2010.12.06 07:09:38 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Thunderbird
[2011.04.20 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\TrueCrypt
[2010.11.25 03:23:35 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Wings3D
[2012.03.22 09:23:35 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\WinISO Computing
[2012.06.05 18:22:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#1
Spacebeam

Posted 28 August 2012 - 04:12 PM

Advertisements

#2
Spacebeam

Posted 28 August 2012 - 06:35 PM

#3
Render

Posted 01 September 2012 - 10:34 AM

#4
Render

Posted 04 October 2012 - 10:07 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us