Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Fix & search engine redirect


  • This topic is locked This topic is locked
29 replies to this topic

#1 stinchen

stinchen

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 05 December 2011 - 01:42 PM

Hi,
A few days ago my computer was infected with system fix. At first I ignored it but it kept shutting down my computer and made my files "disappear". So I, unfortunately, reset it to the day before that started. My files reappeared but then google search didn't work correctly anymore: first the image search displayed only the first page, the arrow next to the entries (with cache and so on) was gone, and then google started to redirect me to random websites. The same happens with bing.

I followed your "system fix uninstall" and "how to remove google redirects" guides but I couldn't complete either because I cannot run tdsskiller.exe. I still have the redirect problem.

I have scanned my computer multiple times with super-anti-spyware and malwarebytes in the past few days. Malwarebytes usually not find anything, SAS often finds something (many cookies) after I have connected to the internet - which I avoid doing. But removing these things does not change anything.

I have also run mbrcheck and it said my mbr code was faked. I wanted to run fixmbr but I cannot access my recovery console.

I have disabled CD emulation software with defogger. I tried running dds scanner several times but it always freezes up my computer. I am attaching the gmer log. However, when I start gmer, there is an error message about something with a key and the only boxes that can be checked in gmer are services, registry, files and ads (and uncheck show all).

I have tried different guides from different websites and different tools and scans. Sorry if that made your task more difficult.

Thank you for helping me
Stínchen

P.S. I have an ASUS netbook without a CD drive (I have an external CD drive but no burner) that runs Windows XP SP3. It is a few years old but I would still like to repair it if possible.

Ok Sorry, I tried to upload the gmer log but I always get an error message - it is completely empty anyway, I just checked

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 07 December 2011 - 01:17 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 07 December 2011 - 10:13 PM

Wow, Gringo, that was so fast! I did not expect a reply so soon. Thank you!

2) I didn't have any problems running these things. My files were all see-through before and are now solid again.
BUT: My system is in German. Sorry, that didn't even occur to me earlier, since I do everything in English now. O_O Should I post in a German forum instead? I imagine that you won't be able to read some of the output?

1) Here is the OTL.txt log: (I hope it is fine that I am posting it, not attaching)
___________________________________________________________________________________________
OTL logfile created on: 07/12/2011 21:40:36 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

1015.17 Mb Total Physical Memory | 455.46 Mb Available Physical Memory | 44.87% Memory free
2.38 Gb Paging File | 0.99 Gb Available in Paging File | 41.70% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80.01 Gb Total Space | 28.50 Gb Free Space | 35.62% Space Free | Partition Type: NTFS
Drive D: | 69.00 Gb Total Space | 68.90 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: KLEINESLAPTOP | User Name: Assa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Assa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Asus\ASUS WebStorage Sync\1.0.9.46\AsusWSPanel.exe (eCareme Technologies, Inc.)
PRC - C:\Programme\Asus\ASUS WebStorage Sync\1.0.9.46\AsusWSService.exe ()
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\RALINK\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
PRC - C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Programme\Asus\ASUS WebStorage Sync\1.0.9.46\AsusWSService.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Programme\Asus\ASUS WebStorage Sync\1.0.9.46\AsusWSShellExt.dll ()
MOD - C:\Programme\RALINK\Common\RaWLAPI.dll ()
MOD - C:\WINDOWS\system32\DiagFunc.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Pml Driver HPZ12) -- File not found
SRV - (Net Driver HPZ12) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (RalinkRegistryWriter) -- C:\Programme\RALINK\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (RaMediaServer) -- C:\Programme\RALINK\Common\RaMediaServer.exe ()
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys ()
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-572259021-700302392-16939731-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-572259021-700302392-16939731-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-572259021-700302392-16939731-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 F9 9B 49 0C C8 CB 01 [binary data]
IE - HKU\S-1-5-21-572259021-700302392-16939731-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-572259021-700302392-16939731-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:4.0.11022100
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5863d9120000000000000015afef7e4b&tlver=1.4.35.10&affID=107763"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/11/22 11:46:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/10/26 08:59:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011/09/23 20:15:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2010/09/20 10:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\Mozilla\Extensions
[2011/04/05 06:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/20 10:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/12/19 21:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\Mozilla\Extensions\postbox@postbox-inc.com
[2011/12/02 00:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\Mozilla\Firefox\Profiles\xu4cwvfl.default\extensions
[2010/03/14 20:53:23 | 000,002,111 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\Mozilla\Firefox\Profiles\xu4cwvfl.default\searchplugins\googlede.xml
[2011/11/22 11:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/02/14 13:23:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/07/27 20:23:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/22 11:46:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/03/29 07:47:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/02 00:21:20 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011/10/16 13:45:16 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/12 13:28:57 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011/10/16 13:45:16 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/10/16 13:45:16 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/16 13:45:16 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/16 13:45:16 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/16 13:45:15 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2011/12/06 20:15:26 | 000,001,166 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.onlinenewsdigest.com
O1 - Hosts: 127.0.0.1 http://britishrecipes.com
O1 - Hosts: 127.0.0.1 http://activeden.net
O1 - Hosts: 127.0.0.1 http://www.atlantahomeimprovement.com
O1 - Hosts: 127.0.0.1 http://63.209.69.107/web/search/
O1 - Hosts: 127.0.0.1 http://www.get-answers-fast.com/jump2/
O1 - Hosts: 127.0.0.1 http://www.american-market.com/
O1 - Hosts: 127.0.0.1 http://american-market.com
O1 - Hosts: 127.0.0.1 http://63.209.69.107/search/web/
O1 - Hosts: 127.0.0.1 http://www.get-answers-fast.com/jump1/
O1 - Hosts: 127.0.0.1 ad.doubleclick.net
O1 - Hosts: 127.0.0.1 http://teenpicvideos.com
O1 - Hosts: 127.0.0.1 http://www.gimmeanswers.org
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-572259021-700302392-16939731-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-572259021-700302392-16939731-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Programme\ASUS\ASUS WebStorage Sync\1.0.9.46\AsusWSPanel.exe (eCareme Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-572259021-700302392-16939731-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-572259021-700302392-16939731-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Assa\Startmenü\Programme\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59E96AE1-1E65-4682-AE3A-B42B9FF53C56}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Assa\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/10 12:52:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{83cb79b8-d906-11de-8eca-002243aafd63}\Shell\AutoRun\command - "" = E:\DmailerSync_v9_0_15109.exe
O33 - MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\Shell - "" = AutoRun
O33 - MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 21:38:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Assa\Desktop\OTL.exe
[2011/12/07 05:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/05 07:40:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/12/04 21:01:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Assa\Desktop\dds.scr
[2011/12/04 19:41:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk
[2011/12/04 15:10:10 | 000,000,000 | ---D | C] -- C:\aws
[2011/12/04 13:30:18 | 000,000,000 | ---D | C] -- C:\ASUS WebStorage
[2011/12/04 13:29:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\Asus WebStorage
[2011/12/04 13:29:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\ASUS WebStorage
[2011/12/04 13:29:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ASUS WebStorage
[2011/12/04 11:58:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Accessories
[2011/12/04 09:57:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Emsisoft Anti-Malware
[2011/12/02 22:10:43 | 000,000,000 | ---D | C] -- C:\FRST
[2011/12/02 21:04:11 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2011/12/02 21:04:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\Anti-Malware
[2011/12/01 21:34:00 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Assa\Recent
[2011/12/01 18:49:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/01 12:13:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011/12/01 12:13:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/01 12:13:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011/11/24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Assa\Desktop\TDSSKiller.exe
[2011/11/16 19:00:38 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010/07/10 13:31:14 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe

========== Files - Modified Within 30 Days ==========

[2011/12/07 21:47:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/07 21:38:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Assa\Desktop\OTL.exe
[2011/12/07 21:25:59 | 000,684,297 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Desktop\unhide.exe
[2011/12/07 20:47:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 17:32:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/07 06:46:39 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/06 20:15:26 | 000,001,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/06 20:03:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/06 20:03:37 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/05 13:37:34 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\defogger_reenable
[2011/12/05 08:34:28 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Desktop\gmer.exe
[2011/12/05 08:34:08 | 000,294,195 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Desktop\gmer.zip
[2011/12/05 07:56:20 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Assa\Desktop\TDSSKiller.exe
[2011/12/05 07:55:11 | 001,547,774 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Desktop\tdsskiller.zip
[2011/12/05 07:41:08 | 000,484,220 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/12/05 07:41:08 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/05 07:41:08 | 000,094,528 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/12/05 07:41:08 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/04 21:01:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Assa\Desktop\dds.scr
[2011/12/04 20:46:33 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Desktop\Defogger.exe
[2011/12/04 19:41:20 | 000,000,272 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\.backup.dm
[2011/12/04 14:05:32 | 000,000,865 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WebStorage Sync.lnk
[2011/12/04 10:56:11 | 000,000,294 | ---- | M] () -- C:\boot.ini
[2011/12/01 21:33:01 | 000,001,822 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_213255.reg
[2011/12/01 20:48:46 | 000,017,342 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_204841.reg
[2011/12/01 20:04:59 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe
[2011/12/01 12:40:04 | 000,001,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_123958.reg
[2011/12/01 12:13:10 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 09:19:47 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Desktop\Google Chrome.lnk
[2011/12/01 08:27:05 | 000,010,874 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_082700.reg
[2011/11/30 06:20:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/28 10:48:40 | 002,189,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\KoppF_Strengthening-the -urban-poor_DA_Assa.pdf
[2011/11/26 16:32:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/25 10:36:47 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2011/11/17 15:37:23 | 000,039,628 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2011/12/07 21:25:58 | 000,684,297 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Desktop\unhide.exe
[2011/12/05 13:37:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\defogger_reenable
[2011/12/05 08:32:10 | 000,294,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Desktop\gmer.zip
[2011/12/05 07:55:09 | 001,547,774 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Desktop\tdsskiller.zip
[2011/12/04 20:46:32 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Desktop\Defogger.exe
[2011/12/04 19:41:20 | 000,000,272 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\.backup.dm
[2011/12/04 13:29:07 | 000,000,865 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WebStorage Sync.lnk
[2011/12/04 10:55:12 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/01 21:32:59 | 000,001,822 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_213255.reg
[2011/12/01 20:48:43 | 000,017,342 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_204841.reg
[2011/12/01 20:07:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe
[2011/12/01 12:40:02 | 000,001,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_123958.reg
[2011/12/01 12:13:10 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 09:19:47 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Desktop\Google Chrome.lnk
[2011/12/01 08:27:03 | 000,010,874 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\cc_20111201_082700.reg
[2011/11/28 10:41:19 | 002,189,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Eigene Dateien\KoppF_Strengthening-the -urban-poor_DA_Assa.pdf
[2011/10/07 09:38:26 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/10/07 09:38:26 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2011/10/07 09:38:26 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/10/07 09:38:26 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/10/07 09:37:30 | 000,014,119 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/09/09 20:12:45 | 000,115,096 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011/09/09 18:54:43 | 000,000,189 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/26 16:26:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/07/26 16:26:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/07/26 16:26:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/07/26 16:26:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/07/26 16:26:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/04/24 21:53:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/04/05 01:12:32 | 000,032,769 | ---- | C] () -- C:\WINDOWS\mXacUninstall.exe
[2011/03/10 10:20:56 | 000,012,858 | ---- | C] () -- C:\WINDOWS\hpwscr14.dat
[2010/11/25 13:33:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\wklnhst.dat
[2010/07/10 14:00:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/10 13:45:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/10 13:44:56 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/10 13:28:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/07/10 13:28:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/07/10 13:28:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/07/10 13:28:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/07/10 13:28:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/07/10 13:28:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/07/10 13:17:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\INSTALLEEE.EXE
[2010/07/10 13:12:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010/07/10 13:10:51 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010/07/10 12:55:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 12:50:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/17 11:56:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/12/18 01:40:52 | 000,000,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Anwendungsdaten\usb.inf
[2009/11/24 10:20:55 | 000,029,458 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/11/24 10:20:53 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/17 05:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 05:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/11/11 22:30:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/10 11:03:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/11/10 09:29:24 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/11/10 09:29:23 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/11/10 09:29:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/10/23 18:37:37 | 000,039,628 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/23 06:01:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/24 05:50:17 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 18:01:37 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Assa\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/02/26 01:50:32 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2008/07/24 14:13:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/08 08:59:10 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/08 08:59:07 | 000,484,220 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008/07/08 08:59:07 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008/07/08 08:59:07 | 000,094,528 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008/07/08 08:59:07 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008/07/08 08:59:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/08 08:59:00 | 000,441,458 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/08 08:59:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/08 08:59:00 | 000,071,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/08 08:59:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/08 08:58:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/08 08:58:59 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/08 08:58:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/08 08:58:57 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/08 08:58:57 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/08 08:58:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/08 08:58:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 06:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/03/17 08:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 191 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

< End of report >
_____________________________________________________________________________________________________________
Thanks again!
Stínchen

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 08 December 2011 - 09:23 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-572259021-700302392-16939731-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-572259021-700302392-16939731-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Assa\Startmenü\Programme\IMVU\Run IMVU.lnk File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\configure\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\Shell\install\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{83cb79b8-d906-11de-8eca-002243aafd63}\Shell\AutoRun\command - "" = E:\DmailerSync_v9_0_15109.exe
    O33 - MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\Shell - "" = AutoRun
    O33 - MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe  
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5863d9120000000000000015afef7e4b&tlver=1.4.35.10&affID=107763"
    [2011/10/16 13:45:16 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
    [2011/10/12 13:28:57 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
    [2011/10/16 13:45:16 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
    [2011/10/16 13:45:16 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
    [2011/10/16 13:45:16 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
    [2011/10/16 13:45:16 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
    [2011/10/16 13:45:15 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 08 December 2011 - 10:30 AM

Hello,
I ran the fix successfully, no problems. I am still being redirected and google image-search is still not working properly, though.

here is the log:
----------------------------------------------------
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-572259021-700302392-16939731-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-572259021-700302392-16939731-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7B499570-29C5-4a80-9F57-94A420D140CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B499570-29C5-4a80-9F57-94A420D140CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7B499570-29C5-4a80-9F57-94A420D140CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B499570-29C5-4a80-9F57-94A420D140CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b25ed44-7000-11de-8df4-806d6172696f}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83cb79b8-d906-11de-8eca-002243aafd63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83cb79b8-d906-11de-8eca-002243aafd63}\ not found.
File E:\DmailerSync_v9_0_15109.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83cb79b9-d906-11de-8eca-002243aafd63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83cb79b9-d906-11de-8eca-002243aafd63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83cb79b9-d906-11de-8eca-002243aafd63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83cb79b9-d906-11de-8eca-002243aafd63}\ not found.
File E:\.\Bin\ASSETUP.exe not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5863d9120000000000000015afef7e4b&tlver=1.4.35.10&affID=107763" removed from keyword.URL
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Assa\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Assa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Assa
->Temp folder emptied: 4134317 bytes
->Temporary Internet Files folder emptied: 228315 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111923684 bytes
->Google Chrome cache emptied: 7988113 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4515 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 716926 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Assa
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Assa
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12082011_095503

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

--------------------------------------------------------------------
Thanks
Stínchen

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 08 December 2011 - 10:40 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 10 December 2011 - 10:05 AM

Hello,
I have been trying to use combofix, but it does not work. I tried all three links, and renaming the file, too. Here is what always happens: after the scan starts the computer freezes after a while. The last message I see is that it should take about 10 minutes, but could take longer for highly infected computers. My last attempt was last night before I went to sleep. I left the computer alone, didn't even touch it so I wouldn't disturb the scan in any way. Now combofix is still "running". That is the blue box is still there, and the cursor is still blinking but I suspect that after all this time the computer is hanging again. Or do you think it is still scanning?
Thanks
Stínchen

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 10 December 2011 - 12:01 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 10 December 2011 - 06:32 PM

Hi,
The computer still froze, even in safe mode :( At first the cursor was still blinking but after a while the screen just went dark and stayed that way. I wonder why it happens.
Thanks
Stínchen

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 10 December 2011 - 09:45 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 11 December 2011 - 12:55 PM

Hi,
It won't let me run tdsskiller. Also not in safe mode. It will ask me if I really want to run it, when I click yes I see the hourglass for a few seconds and that's it. Another thing: If I click "run as" it lets me choose three accounts: me, administrator and helpassistant. That third one does not appear in the user accounts in the control panel and I also never set it up. Don't know if that is a normal feature. Just thought I should mention it.
Stínchen

Edited by stinchen, 11 December 2011 - 12:55 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 11 December 2011 - 04:23 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 12 December 2011 - 04:56 PM

Hi,
Was the site down earlier or was that my computer? Anyway, I ran fixtdss and it worked, yay. It shut down and restarted in the process. After the restart, it said "infected mbr detected" and asked me if I wanted to repair it. After I ok-ed it, it said the infection was cleared. I restarted the computer (hope I understood you correctly there). I am now running tdsskiller and it seems to have worked. No infections were found. I will put the report in my next post.

#14 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 12 December 2011 - 04:58 PM

16:45:58.0484 3452 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
16:45:58.0906 3452 ============================================================
16:45:58.0906 3452 Current date / time: 2011/12/12 16:45:58.0906
16:45:58.0906 3452 SystemInfo:
16:45:58.0906 3452
16:45:58.0906 3452 OS Version: 5.1.2600 ServicePack: 3.0
16:45:58.0906 3452 Product type: Workstation
16:45:58.0906 3452 ComputerName: KLEINESLAPTOP
16:45:58.0906 3452 UserName: Assa
16:45:58.0906 3452 Windows directory: C:\WINDOWS
16:45:58.0906 3452 System windows directory: C:\WINDOWS
16:45:58.0906 3452 Processor architecture: Intel x86
16:45:58.0906 3452 Number of processors: 2
16:45:58.0906 3452 Page size: 0x1000
16:45:58.0906 3452 Boot type: Normal boot
16:45:58.0906 3452 ============================================================
16:46:00.0671 3452 Initialize success
16:48:02.0875 2652 ============================================================
16:48:02.0875 2652 Scan started
16:48:02.0875 2652 Mode: Manual;
16:48:02.0875 2652 ============================================================
16:48:03.0203 2652 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys
16:48:03.0234 2652 a2acc - ok
16:48:03.0265 2652 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys
16:48:03.0281 2652 A2DDA - ok
16:48:03.0375 2652 Abiosdsk - ok
16:48:03.0406 2652 abp480n5 - ok
16:48:03.0468 2652 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:48:03.0484 2652 ACPI - ok
16:48:03.0515 2652 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:48:03.0531 2652 ACPIEC - ok
16:48:03.0546 2652 adpu160m - ok
16:48:03.0656 2652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:48:03.0718 2652 aec - ok
16:48:03.0812 2652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:48:03.0859 2652 AFD - ok
16:48:03.0906 2652 Aha154x - ok
16:48:03.0968 2652 aic78u2 - ok
16:48:04.0000 2652 aic78xx - ok
16:48:04.0093 2652 AliIde - ok
16:48:04.0109 2652 amsint - ok
16:48:04.0203 2652 asc - ok
16:48:04.0250 2652 asc3350p - ok
16:48:04.0296 2652 asc3550 - ok
16:48:04.0437 2652 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
16:48:04.0437 2652 AsusACPI - ok
16:48:04.0500 2652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:48:04.0515 2652 AsyncMac - ok
16:48:04.0609 2652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:48:04.0609 2652 atapi - ok
16:48:04.0625 2652 Atdisk - ok
16:48:04.0703 2652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:48:04.0718 2652 Atmarpc - ok
16:48:04.0812 2652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:48:04.0828 2652 audstub - ok
16:48:04.0906 2652 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
16:48:04.0921 2652 avgio - ok
16:48:05.0046 2652 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:48:05.0093 2652 avgntflt - ok
16:48:05.0140 2652 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:48:05.0171 2652 avipbb - ok
16:48:05.0265 2652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:48:05.0281 2652 Beep - ok
16:48:05.0390 2652 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
16:48:05.0468 2652 btaudio - ok
16:48:05.0593 2652 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
16:48:05.0625 2652 BTDriver - ok
16:48:05.0734 2652 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:48:05.0828 2652 BTKRNL - ok
16:48:05.0937 2652 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:48:05.0968 2652 BTWDNDIS - ok
16:48:06.0015 2652 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
16:48:06.0046 2652 btwhid - ok
16:48:06.0125 2652 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
16:48:06.0140 2652 btwmodem - ok
16:48:06.0234 2652 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
16:48:06.0250 2652 BTWUSB - ok
16:48:06.0343 2652 catchme - ok
16:48:06.0453 2652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:48:06.0468 2652 cbidf2k - ok
16:48:06.0531 2652 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:48:06.0546 2652 CCDECODE - ok
16:48:06.0578 2652 cd20xrnt - ok
16:48:06.0671 2652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:48:06.0687 2652 Cdaudio - ok
16:48:06.0734 2652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:48:06.0765 2652 Cdfs - ok
16:48:06.0828 2652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:48:06.0859 2652 Cdrom - ok
16:48:06.0921 2652 Changer - ok
16:48:07.0000 2652 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:48:07.0015 2652 CmBatt - ok
16:48:07.0062 2652 CmdIde - ok
16:48:07.0140 2652 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:48:07.0140 2652 Compbatt - ok
16:48:07.0218 2652 Cpqarray - ok
16:48:07.0296 2652 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programme\SystemRequirementsLab\cpudrv.sys
16:48:07.0328 2652 cpudrv - ok
16:48:07.0453 2652 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
16:48:07.0453 2652 CVirtA - ok
16:48:07.0531 2652 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
16:48:07.0625 2652 CVPNDRVA - ok
16:48:07.0703 2652 dac2w2k - ok
16:48:07.0750 2652 dac960nt - ok
16:48:07.0812 2652 dg_ssudbus (c9f9cafafbffaf7e380efc353ccc940c) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
16:48:07.0859 2652 dg_ssudbus - ok
16:48:07.0984 2652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:48:08.0000 2652 Disk - ok
16:48:08.0125 2652 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
16:48:08.0203 2652 dmboot - ok
16:48:08.0250 2652 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
16:48:08.0312 2652 dmio - ok
16:48:08.0421 2652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:48:08.0421 2652 dmload - ok
16:48:08.0484 2652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:48:08.0500 2652 DMusic - ok
16:48:08.0593 2652 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
16:48:08.0593 2652 DNE - ok
16:48:08.0640 2652 dpti2o - ok
16:48:08.0718 2652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:48:08.0734 2652 drmkaud - ok
16:48:08.0859 2652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:48:08.0906 2652 Fastfat - ok
16:48:08.0984 2652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:48:09.0000 2652 Fdc - ok
16:48:09.0015 2652 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
16:48:09.0046 2652 Fips - ok
16:48:09.0093 2652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:48:09.0109 2652 Flpydisk - ok
16:48:09.0218 2652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:48:09.0250 2652 FltMgr - ok
16:48:09.0281 2652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:48:09.0296 2652 Fs_Rec - ok
16:48:09.0406 2652 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:48:09.0437 2652 Ftdisk - ok
16:48:09.0515 2652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:48:09.0531 2652 GEARAspiWDM - ok
16:48:09.0593 2652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:48:09.0625 2652 Gpc - ok
16:48:09.0703 2652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:48:09.0718 2652 HDAudBus - ok
16:48:09.0796 2652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:48:09.0812 2652 HidUsb - ok
16:48:09.0828 2652 hpn - ok
16:48:09.0890 2652 HPZid412 - ok
16:48:09.0937 2652 HPZipr12 - ok
16:48:10.0000 2652 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:48:10.0031 2652 HPZius12 - ok
16:48:10.0109 2652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:48:10.0171 2652 HTTP - ok
16:48:10.0218 2652 i2omgmt - ok
16:48:10.0265 2652 i2omp - ok
16:48:10.0343 2652 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:48:10.0375 2652 i8042prt - ok
16:48:10.0781 2652 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:48:11.0171 2652 ialm - ok
16:48:11.0312 2652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:48:11.0328 2652 Imapi - ok
16:48:11.0359 2652 ini910u - ok
16:48:11.0656 2652 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:48:11.0875 2652 IntcAzAudAddService - ok
16:48:11.0984 2652 IntelIde - ok
16:48:12.0046 2652 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:48:12.0046 2652 intelppm - ok
16:48:12.0078 2652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:48:12.0109 2652 Ip6Fw - ok
16:48:12.0171 2652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:48:12.0187 2652 IpFilterDriver - ok
16:48:12.0218 2652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:48:12.0234 2652 IpInIp - ok
16:48:12.0312 2652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:48:12.0312 2652 IpNat - ok
16:48:12.0375 2652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:48:12.0390 2652 IPSec - ok
16:48:12.0500 2652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:48:12.0515 2652 IRENUM - ok
16:48:12.0593 2652 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:48:12.0609 2652 isapnp - ok
16:48:12.0703 2652 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:48:12.0734 2652 Kbdclass - ok
16:48:12.0781 2652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:48:12.0843 2652 kmixer - ok
16:48:12.0968 2652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:48:13.0000 2652 KSecDD - ok
16:48:13.0062 2652 Ktp (9ea9d6ba04629cb14260f46ff8bbd65a) C:\WINDOWS\system32\DRIVERS\ETD.sys
16:48:13.0093 2652 Ktp - ok
16:48:13.0171 2652 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
16:48:13.0171 2652 L1e - ok
16:48:13.0203 2652 lbrtfdc - ok
16:48:13.0312 2652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:48:13.0312 2652 mnmdd - ok
16:48:13.0375 2652 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
16:48:13.0390 2652 Modem - ok
16:48:13.0453 2652 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:48:13.0468 2652 Mouclass - ok
16:48:13.0515 2652 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:48:13.0531 2652 mouhid - ok
16:48:13.0593 2652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:48:13.0609 2652 MountMgr - ok
16:48:13.0625 2652 mraid35x - ok
16:48:13.0718 2652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:48:13.0765 2652 MRxDAV - ok
16:48:13.0890 2652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:48:13.0984 2652 MRxSmb - ok
16:48:14.0046 2652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:48:14.0062 2652 Msfs - ok
16:48:14.0125 2652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:48:14.0140 2652 MSKSSRV - ok
16:48:14.0234 2652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:48:14.0250 2652 MSPCLOCK - ok
16:48:14.0265 2652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:48:14.0281 2652 MSPQM - ok
16:48:14.0359 2652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:48:14.0359 2652 mssmbios - ok
16:48:14.0406 2652 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:48:14.0421 2652 MSTEE - ok
16:48:14.0484 2652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:48:14.0515 2652 Mup - ok
16:48:14.0562 2652 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:48:14.0609 2652 NABTSFEC - ok
16:48:14.0687 2652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:48:14.0734 2652 NDIS - ok
16:48:14.0796 2652 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:48:14.0812 2652 NdisIP - ok
16:48:14.0890 2652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:48:14.0906 2652 NdisTapi - ok
16:48:14.0953 2652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:48:14.0968 2652 Ndisuio - ok
16:48:15.0015 2652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:48:15.0046 2652 NdisWan - ok
16:48:15.0125 2652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:48:15.0156 2652 NDProxy - ok
16:48:15.0250 2652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:48:15.0265 2652 NetBIOS - ok
16:48:15.0359 2652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:48:15.0406 2652 NetBT - ok
16:48:15.0531 2652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:48:15.0546 2652 Npfs - ok
16:48:15.0625 2652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:48:15.0718 2652 Ntfs - ok
16:48:15.0781 2652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:48:15.0796 2652 Null - ok
16:48:15.0859 2652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:48:15.0875 2652 NwlnkFlt - ok
16:48:15.0937 2652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:48:15.0968 2652 NwlnkFwd - ok
16:48:16.0062 2652 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
16:48:16.0093 2652 Parport - ok
16:48:16.0171 2652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:48:16.0187 2652 PartMgr - ok
16:48:16.0265 2652 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:48:16.0281 2652 ParVdm - ok
16:48:16.0343 2652 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys
16:48:16.0359 2652 PCASp50 - ok
16:48:16.0406 2652 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
16:48:16.0421 2652 PCI - ok
16:48:16.0453 2652 PCIDump - ok
16:48:16.0484 2652 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:48:16.0500 2652 PCIIde - ok
16:48:16.0593 2652 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:48:16.0625 2652 Pcmcia - ok
16:48:16.0671 2652 PDCOMP - ok
16:48:16.0718 2652 PDFRAME - ok
16:48:16.0765 2652 PDRELI - ok
16:48:16.0812 2652 PDRFRAME - ok
16:48:16.0859 2652 perc2 - ok
16:48:16.0906 2652 perc2hib - ok
16:48:17.0046 2652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:48:17.0078 2652 PptpMiniport - ok
16:48:17.0125 2652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:48:17.0140 2652 PSched - ok
16:48:17.0187 2652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:48:17.0218 2652 Ptilink - ok
16:48:17.0265 2652 ql1080 - ok
16:48:17.0296 2652 Ql10wnt - ok
16:48:17.0328 2652 ql12160 - ok
16:48:17.0375 2652 ql1240 - ok
16:48:17.0406 2652 ql1280 - ok
16:48:17.0484 2652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:48:17.0500 2652 RasAcd - ok
16:48:17.0546 2652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:48:17.0562 2652 Rasl2tp - ok
16:48:17.0609 2652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:48:17.0656 2652 RasPppoe - ok
16:48:17.0734 2652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:48:17.0750 2652 Raspti - ok
16:48:17.0812 2652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:48:17.0875 2652 Rdbss - ok
16:48:18.0000 2652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:48:18.0015 2652 RDPCDD - ok
16:48:18.0062 2652 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:48:18.0109 2652 RDPWD - ok
16:48:18.0171 2652 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:48:18.0203 2652 redbook - ok
16:48:18.0578 2652 RT80x86 (121d1b58598d4182adf715f9c0218ce4) C:\WINDOWS\system32\DRIVERS\RT2860.sys
16:48:18.0687 2652 RT80x86 - ok
16:48:18.0796 2652 SASDIFSV (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
16:48:18.0812 2652 SASDIFSV - ok
16:48:18.0859 2652 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Programme\SUPERAntiSpyware\SASENUM.SYS
16:48:18.0890 2652 SASENUM - ok
16:48:18.0921 2652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
16:48:18.0968 2652 SASKUTIL - ok
16:48:19.0109 2652 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
16:48:19.0125 2652 Scutum50 - ok
16:48:19.0218 2652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:48:19.0234 2652 Secdrv - ok
16:48:19.0312 2652 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
16:48:19.0328 2652 Serial - ok
16:48:19.0453 2652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:48:19.0468 2652 Sfloppy - ok
16:48:19.0515 2652 Simbad - ok
16:48:19.0562 2652 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:48:19.0578 2652 SLIP - ok
16:48:19.0625 2652 Sparrow - ok
16:48:19.0687 2652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:48:19.0703 2652 splitter - ok
16:48:19.0765 2652 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
16:48:19.0781 2652 sr - ok
16:48:19.0906 2652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:48:19.0984 2652 Srv - ok
16:48:20.0062 2652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:48:20.0093 2652 ssmdrv - ok
16:48:20.0156 2652 ssudmdm (91970cc4a3a30a01c1573184a62f5143) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
16:48:20.0203 2652 ssudmdm - ok
16:48:20.0250 2652 ssudserd (4feef9bb272fe2cd8b7f09740acbcde6) C:\WINDOWS\system32\DRIVERS\ssudserd.sys
16:48:20.0312 2652 ssudserd - ok
16:48:20.0375 2652 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:48:20.0390 2652 streamip - ok
16:48:20.0484 2652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:48:20.0484 2652 swenum - ok
16:48:20.0546 2652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:48:20.0578 2652 swmidi - ok
16:48:20.0640 2652 symc810 - ok
16:48:20.0671 2652 symc8xx - ok
16:48:20.0703 2652 sym_hi - ok
16:48:20.0734 2652 sym_u3 - ok
16:48:20.0812 2652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:48:20.0828 2652 sysaudio - ok
16:48:20.0890 2652 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
16:48:20.0921 2652 taphss - ok
16:48:21.0000 2652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:48:21.0078 2652 Tcpip - ok
16:48:21.0156 2652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:48:21.0171 2652 TDPIPE - ok
16:48:21.0218 2652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:48:21.0234 2652 TDTCP - ok
16:48:21.0281 2652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:48:21.0296 2652 TermDD - ok
16:48:21.0328 2652 TfFsMon - ok
16:48:21.0343 2652 TfNetMon - ok
16:48:21.0375 2652 TfSysMon - ok
16:48:21.0421 2652 TosIde - ok
16:48:21.0468 2652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:48:21.0500 2652 Udfs - ok
16:48:21.0531 2652 ultra - ok
16:48:21.0593 2652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:48:21.0671 2652 Update - ok
16:48:21.0734 2652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:48:21.0750 2652 usbccgp - ok
16:48:21.0828 2652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:48:21.0859 2652 usbehci - ok
16:48:21.0906 2652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:48:21.0921 2652 usbhub - ok
16:48:22.0015 2652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:48:22.0031 2652 usbprint - ok
16:48:22.0109 2652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:48:22.0125 2652 usbscan - ok
16:48:22.0171 2652 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:48:22.0187 2652 usbstor - ok
16:48:22.0250 2652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:48:22.0265 2652 usbuhci - ok
16:48:22.0359 2652 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:48:22.0390 2652 usbvideo - ok
16:48:22.0437 2652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:48:22.0468 2652 VgaSave - ok
16:48:22.0531 2652 ViaIde - ok
16:48:22.0609 2652 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
16:48:22.0640 2652 VolSnap - ok
16:48:22.0703 2652 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
16:48:22.0875 2652 vsdatant - ok
16:48:23.0046 2652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:48:23.0062 2652 Wanarp - ok
16:48:23.0093 2652 WDICA - ok
16:48:23.0171 2652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:48:23.0203 2652 wdmaud - ok
16:48:23.0390 2652 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:48:23.0406 2652 WpdUsb - ok
16:48:23.0453 2652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:48:23.0468 2652 WS2IFSL - ok
16:48:23.0609 2652 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:48:23.0625 2652 WSTCODEC - ok
16:48:23.0734 2652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:48:23.0765 2652 WudfPf - ok
16:48:23.0796 2652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:48:23.0828 2652 WudfRd - ok
16:48:23.0937 2652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:48:24.0171 2652 \Device\Harddisk0\DR0 - ok
16:48:24.0171 2652 Boot (0x1200) (412e605d63c78dbd70ccbb277e9ec288) \Device\Harddisk0\DR0\Partition0
16:48:24.0187 2652 \Device\Harddisk0\DR0\Partition0 - ok
16:48:24.0218 2652 Boot (0x1200) (57eed6c3a17f27569b640362533df957) \Device\Harddisk0\DR0\Partition1
16:48:24.0218 2652 \Device\Harddisk0\DR0\Partition1 - ok
16:48:24.0218 2652 ============================================================
16:48:24.0218 2652 Scan finished
16:48:24.0218 2652 ============================================================
16:48:24.0250 3188 Detected object count: 0
16:48:24.0250 3188 Actual detected object count: 0

#15 stinchen

stinchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 12 December 2011 - 05:13 PM

I also want to report that google image search is working correctly again and the page preview/cache is back to the right of the search results :D I am also not being redirected, for now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users