Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Live Security Platinum malware [Closed]


  • This topic is locked This topic is locked

#1
Spacebeam

Spacebeam

    New Member

  • Member
  • Pip
  • 2 posts
Yesterday, this malware installed on my Computer while browsing with Firefox, probably through either an outdated, Shockwave, Flash or Java plugin. The "execute as administrator" popup started to come up (while I clicked on "No" all the time) and Avira Antivirus showed a message that an infected file was found but was unable to remove it.

To prevent further damage I shutdown the computer, but after i restarted it, some annoying windows from the malware started to pop up and prevented running any other software.

I rebooted Windows and entered the protected mode and somehow managed to remove it by running several antivirus programms and malware scanners and by manually removing a startup entry and the folder where that software was located.

Subsequently, I run the following antivirus/malware removal tools and made complete scans and removed everything any of the programms reported:
Kaspersky Antivirus Standalone Scanner
ESET Online Scanner
Avira Free Antivirus
Kaspersky TDSS
Malwarebytes Anti Malware

I am still unsure though, if everything was removed or if I need to do more to assure that everything is fine again. I am running Sophos Rootkit Scanner for several hours now and that's when I found your site.

I hope you can help me with my problem.

Below is the OTL log file of my system:

OTL logfile created on: 28.08.2012 23:23:00 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = E:\APP CONTAINER
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,91% Memory free
7,99 Gb Paging File | 6,09 Gb Available in Paging File | 76,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 317,79 Gb Free Space | 68,24% Space Free | Partition Type: NTFS
Drive D: | 331,10 Gb Total Space | 269,32 Gb Free Space | 81,34% Space Free | Partition Type: FAT32
Drive E: | 299,98 Gb Total Space | 39,88 Gb Free Space | 13,29% Space Free | Partition Type: FAT32
Drive F: | 299,97 Gb Total Space | 144,09 Gb Free Space | 48,04% Space Free | Partition Type: FAT32

Computer Name: RAVEN | User Name: Phoebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\APP CONTAINER\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Gigabyte\ET6\GUI.exe ()
PRC - C:\Program Files (x86)\Common Files\AOL\1322030542\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe (Sophos Plc)
PRC - C:\Users\Phoebe\AppData\Local\Temp\bbcvcs.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\work.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Normal.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\HM.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\OCK.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\SF.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\MFCCPU.DLL ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\GVTunner.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\STT.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\GUI.exe ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\ycc.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\StabilityLib.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\GPTT.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\IccLibDll.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\AMD8.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Platform.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Device.dll ()
MOD - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar4.dll ()
MOD - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar3.dll ()
MOD - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sar1.dll ()
MOD - C:\Users\Phoebe\AppData\Local\Temp\bbcvcs.exe ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\CIAMIB.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\aticlocklib.dll ()
MOD - C:\Program Files (x86)\Gigabyte\ET6\Sound.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ocster_backup) -- c:\Programme\Ocster Backup\bin\backupService-ox.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft Inc.)
SRV - (DAZContentManagementService) -- C:\Programme\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dump_wmimmc) -- C:\Program Files\Rappelz\GameGuard\dump_wmimmc.sys File not found
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (DigiartyVirtualCDBus) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys (Digiarty Software, Inc.)
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (Hfsplus) -- C:\Windows\SysNative\drivers\hfsplus.sys (Paragon Software Group)
DRV:64bit: - (gpt_loader) -- C:\Windows\SysNative\drivers\gpt_loader.sys (Paragon Software Group)
DRV:64bit: - (apmwin) -- C:\Windows\SysNative\drivers\apmwin.sys (Paragon Software Group)
DRV:64bit: - (mounthlp) -- C:\Windows\SysNative\drivers\mounthlp.sys (Paragon Software Group)
DRV:64bit: - (HfsplusRec) -- C:\Windows\SysNative\drivers\hfsplusrec.sys (Paragon Software Group)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SafDskNT) -- C:\Windows\SysNative\drivers\SAFDSKNT.SYS (PC Dynamics, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\49FC.tmp (Sophos Plc)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (VCSVADHWSer) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (scramby_out) -- C:\Windows\SysNative\drivers\scramby_out.sys (RapidSolution Software AG)
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys (RapidSolution Software AG)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (AODDriver) -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys (Advanced Micro Devices)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (atillk64) -- C:\Program Files (x86)\Gigabyte\ET6\atillk64.sys (ATI Technologies Inc.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 BB B8 B9 4D 9F CB 01 [binary data]
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..\SearchScopes\{88B1E58D-5589-4851-B26F-1E81B0DB268A}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.backup.ftp: "188.64.188.169"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "108.73.29.84"
FF - prefs.js..network.proxy.backup.gopher_port: 11769
FF - prefs.js..network.proxy.backup.socks: "188.64.188.169"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "188.64.188.169"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "188.64.188.169"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "165.193.102.220"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "188.64.188.169"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "188.64.188.169"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "188.64.188.169"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.28 21:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.28 11:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.04 10:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.11.24 23:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Extensions
[2010.11.24 23:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.28 21:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions
[2010.11.29 05:01:28 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012.03.30 10:43:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.30 10:43:54 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Users\Phoebe\AppData\Roaming\mozilla\Firefox\Profiles\az0kjual.default\extensions\[email protected]
[2012.05.14 17:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.28 21:58:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.14 17:47:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 21:58:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.14 17:47:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.14 17:47:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.14 17:47:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.14 17:47:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.08.28 20:14:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [apmwinapp] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0 Special Edition\apmwinsrv.exe ()
O4:64bit: - HKLM..\Run: [Ocster Backup] C:\Program Files\Ocster Backup\bin\backupClient-ox.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0 Special Edition\activation\hfsactivator.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1322030542\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1012..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\Gigabyte\ET6\ETCall.exe ()
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKU\S-1-5-21-2444380980-3124335112-3468164858-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E01537-B141-42E8-8B89-532F77980D94}: NameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A77FD157-2791-4797-B7BD-3A8A9435FBCE}: NameServer = 192.168.0.10,194.8.194.60
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.27 21:59:50 | 000,001,104 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000.11.28 02:03:50 | 000,001,095 | -HS- | M] () - D:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2004.07.19 20:29:44 | 000,001,283 | -HS- | M] () - D:\AUTOEXEC.BAK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.28 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.28 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.08.28 20:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.28 20:44:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.28 20:44:19 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.28 20:02:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.28 14:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.28 09:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.08.28 09:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.08.28 09:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.28 09:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.08.28 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Riut
[2012.08.28 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Coohgu
[2012.08.28 08:25:26 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Atoqh
[2012.08.24 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
[2012.08.16 18:29:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 18:29:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 18:29:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 18:29:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 18:29:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 18:29:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 18:29:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 18:29:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 18:29:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 18:29:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 18:29:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 18:29:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 18:29:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 18:17:57 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 18:17:56 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 18:17:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 18:17:55 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 18:17:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 18:17:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 18:17:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 18:17:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.10 18:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.28 21:08:58 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 21:08:58 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 21:01:43 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012.08.28 21:01:43 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.08.28 21:01:34 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.08.28 21:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 21:00:28 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 20:44:09 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.28 20:44:09 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.28 20:44:09 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.28 20:44:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.28 20:44:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.28 20:44:09 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.28 20:14:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.28 11:41:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.28 11:41:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.28 11:23:07 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2012.08.28 09:06:34 | 000,001,262 | ---- | M] () -- C:\Users\Phoebe\Desktop\Spybot - Search & Destroy.lnk
[2012.08.25 15:32:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.24 21:46:31 | 000,001,030 | ---- | M] () -- C:\Users\Phoebe\Desktop\Miranda IM.lnk
[2012.08.16 18:56:50 | 000,386,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.11 08:55:30 | 000,004,714 | ---- | M] () -- C:\Users\Phoebe\AppData\Local\recently-used.xbel
[2012.08.11 07:54:16 | 000,001,941 | ---- | M] () -- C:\Users\Phoebe\Desktop\Blender.lnk
[2012.08.11 07:54:16 | 000,001,928 | ---- | M] () -- C:\Users\Phoebe\Desktop\DAZ Studio 4 (64bit).lnk
[2012.08.11 07:54:15 | 000,001,095 | ---- | M] () -- C:\Users\Phoebe\Desktop\WinX DVD Copy Pro.lnk
[2012.08.10 18:59:52 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.05 18:35:16 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 18:35:16 | 000,666,512 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 18:35:16 | 000,625,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 18:35:16 | 000,135,440 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 18:35:16 | 000,110,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.28 20:17:40 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2012.08.28 09:06:34 | 000,001,262 | ---- | C] () -- C:\Users\Phoebe\Desktop\Spybot - Search & Destroy.lnk
[2012.08.11 08:55:30 | 000,004,714 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\recently-used.xbel
[2012.03.14 08:59:38 | 000,000,600 | ---- | C] () -- C:\Users\Phoebe\AppData\Roaming\winscp.rnd
[2012.03.14 08:54:19 | 000,000,600 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\PUTTY.RND
[2012.02.20 09:29:51 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.11.23 08:34:21 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011.11.23 07:52:28 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.09.15 22:18:38 | 000,005,120 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\Databases.db
[2011.08.31 05:12:59 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011.06.17 18:23:38 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011.06.17 18:23:15 | 000,208,155 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2011.05.07 19:03:16 | 000,652,275 | ---- | C] () -- C:\Users\Phoebe\.fonts.cache-1
[2011.01.21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2010.12.12 03:29:48 | 000,000,092 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\fusioncache.dat
[2010.12.12 03:28:44 | 001,558,722 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.11 01:48:26 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.12.06 22:56:15 | 000,012,800 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.02 08:33:05 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2010.11.26 07:54:44 | 000,007,607 | ---- | C] () -- C:\Users\Phoebe\AppData\Local\Resmon.ResmonCfg
[2010.11.23 21:51:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.11.23 21:47:04 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2010.11.23 21:42:39 | 000,000,022 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.11.23 21:26:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2010.11.25 10:17:34 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\.BitTornado
[2011.04.23 08:22:04 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\4Media
[2012.03.14 21:48:26 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\5AA5B421-EE90-4F77-907F-A12B99EF7B5D
[2012.03.14 21:49:37 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Acronis
[2010.12.03 01:08:22 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ASCOMP Software
[2011.12.22 06:12:08 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Ashampoo
[2012.08.28 08:25:26 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Atoqh
[2011.06.19 05:20:06 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Auslogics
[2011.06.04 23:05:24 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Avnex
[2011.09.23 13:31:41 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Blender Foundation
[2012.08.28 08:31:08 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Coohgu
[2012.03.06 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\DAZ 3D
[2012.01.06 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Digiarty
[2011.06.02 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Engelmann Media
[2011.12.05 02:11:00 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Firestorm
[2010.11.24 21:04:46 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\GetRightToGo
[2011.11.11 09:04:00 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\gtk-2.0
[2010.11.24 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ICQ
[2012.03.26 00:25:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ImgBurn
[2011.07.01 08:05:28 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Imprudence
[2011.05.27 20:23:56 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ImTOO
[2011.06.18 06:29:13 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\IrfanView
[2011.10.13 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\IsolatedStorage
[2012.07.24 06:45:08 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\JPEGsnoop
[2010.11.26 05:12:40 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Leadertech
[2011.12.24 19:24:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\MAGIX
[2010.11.24 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Miranda
[2011.06.12 06:40:56 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Miranda IM
[2010.12.29 07:13:03 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\mp3DirectCut
[2011.12.06 06:03:50 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\NeoDownloader
[2011.12.01 09:57:31 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Nik Software
[2011.06.06 01:10:01 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\NoteTab Light
[2010.11.25 04:06:12 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\OpenOffice.org
[2010.11.29 10:08:35 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Opera
[2012.01.06 01:31:05 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\ProcessLasso
[2011.09.27 07:16:45 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\RainbowViewer
[2012.08.28 11:04:52 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Riut
[2011.07.15 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Screaming Bee
[2012.02.23 06:46:28 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\SecondLife
[2011.06.15 06:02:42 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Softplicity
[2011.07.21 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Solveig Multimedia
[2012.02.23 23:48:29 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\thriXXX
[2010.12.06 07:09:38 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Thunderbird
[2011.04.20 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\TrueCrypt
[2010.11.25 03:23:35 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\Wings3D
[2012.03.22 09:23:35 | 000,000,000 | ---D | M] -- C:\Users\Phoebe\AppData\Roaming\WinISO Computing
[2012.06.05 18:22:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
Spacebeam

Spacebeam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Luckily my friend came up with the old system drive that was on that computer before and that he luckily never deleted. So we decided, that the safest and maybe fastest way to get that computer back up and running, might be to go through the trouble and clone the old drive to the new drive and update everything on it afterwards.

Hopefully I didn't forget to backup any artwork or 3D files on it. :upset:

Might still be a lot of work, but it would leave me with a better feeling, to know, that the computer was never compromised.

Thanks for anyone who might have gone through the trouble reading through the log file. :upset:
  • 0

#3
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP