Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Sirefef.DN Trojan in operating memory


  • This topic is locked This topic is locked
19 replies to this topic

#1 Jizzy

Jizzy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 04 March 2012 - 05:27 AM

Hi,

Eset is reporting that I've got Win32/Sirefef.DN trojan in Operating memory.
I've tried cleaning it, but it keeps returning.

Here are the logs:



DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Jizzy at 11:11:16 on 2012-03-04
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8169.6542 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\WireHelpSvc.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
mWinlogon: Userinit=userinit.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Google Update] "C:\Users\Jizzy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Reasonable NoClone] 
dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
StartupFolder: C:\Users\Jizzy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Jizzy\Desktop\PartyPoker.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{472F1FA1-610C-4CD5-BD3E-26C81AB06317} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8780524A-B9FC-4521-A4F0-0188AFA0EE7D} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{98EC665D-84BC-4C6F-9DF9-DA2CAAC92C0E} : DhcpNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{000123B4-9B42-4900-B3F7-F4B073EFC214}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{724d43a0-0d85-11d4-9908-00400523e39a}
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE-X64: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Jizzy\Desktop\PartyPoker.lnk
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.gopher - 222.108.198.53
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Jizzy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-5-22 586880]
R2 DevoloNetworkService;devolo Network Service;C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 Intelģ PROSet Monitoring Service;Intelģ PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-31 235624]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-3 2358656]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2011-9-17 168864]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-2-6 161432]
R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-22 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-14 2214504]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "E:\Program Files\PostgreSQL\8.4\data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;C:\Windows\system32\DRIVERS\arusb_lhx.sys --> C:\Windows\system32\DRIVERS\arusb_lhx.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-03 23:39:28	--------	d-----w-	C:\Program Files (x86)\ICQ
2012-03-03 23:14:01	0	--sha-w-	C:\Windows\System32\dds_trash_log.cmd
2012-03-03 23:12:56	--------	d-----we	C:\Windows\system64
2012-03-03 23:11:39	--------	d-----w-	C:\Windows\aod
2012-03-03 22:44:00	--------	d-----w-	C:\Users\Jizzy\AppData\Roaming\postgresql
2012-03-02 20:07:27	--------	d-----r-	C:\Sandbox
2012-03-02 20:05:46	--------	d-----w-	C:\Program Files\Sandboxie
2012-03-02 15:39:02	8643640	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FF343C1-E687-47D0-A061-B4891955F4DF}\mpengine.dll
2012-03-02 06:51:30	150392	----a-w-	C:\junction.exe
2012-03-02 06:33:15	--------	d-----w-	C:\Users\Jizzy\AppData\Roaming\JAM Software
2012-03-02 06:33:12	--------	d-----w-	C:\Program Files (x86)\JAM Software
2012-02-22 21:13:17	--------	d-----w-	C:\Program Files (x86)\ICQ7.7
2012-02-20 20:41:57	--------	d-----w-	C:\Users\Jizzy\AppData\Local\PackageAware
2012-02-20 15:39:32	--------	d-----w-	C:\Users\Jizzy\AppData\Roaming\mIRC
2012-02-20 15:39:32	--------	d-----w-	C:\Program Files (x86)\mIRC
2012-02-15 17:13:35	634880	----a-w-	C:\Windows\System32\msvcrt.dll
2012-02-15 17:13:35	515584	----a-w-	C:\Windows\System32\timedate.cpl
2012-02-15 17:13:35	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-02-15 17:13:35	478720	----a-w-	C:\Windows\SysWow64\timedate.cpl
2012-02-15 17:13:35	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
2012-02-15 17:13:34	690688	----a-w-	C:\Windows\SysWow64\msvcrt.dll
2012-02-15 17:13:34	498688	----a-w-	C:\Windows\System32\drivers\afd.sys
2012-02-15 17:13:34	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-02-13 16:47:46	--------	d-----w-	C:\Program Files (x86)\Painttoll
2012-02-12 20:46:40	--------	d-----w-	C:\ProgramData\Painttoll
2012-02-12 20:45:04	--------	d-----w-	C:\Program Files (x86)\Renamer
2012-02-12 19:37:26	--------	d-----w-	C:\Users\Jizzy\AppData\Roaming\Winzip
2012-02-12 19:37:07	--------	d-----w-	C:\Program Files (x86)\Winzip
2012-02-12 15:53:35	--------	d-----w-	C:\Program Files (x86)\pidgin-otr
2012-02-07 10:49:29	--------	d-----w-	C:\Users\Jizzy\AppData\Local\PokerTracker 4
2012-02-07 10:49:18	--------	d-----w-	C:\Program Files (x86)\PokerTracker 4
2012-02-04 10:59:12	--------	d-----w-	C:\Program Files\CCleaner
2012-02-03 18:51:24	--------	d-----w-	C:\Windows\System32\oodag
2012-02-03 18:50:49	--------	d-----w-	C:\Users\Jizzy\AppData\Local\O&O
2012-02-03 18:50:46	--------	d-----w-	C:\Program Files\OO Software
2012-02-03 16:33:52	--------	d--h--w-	C:\Program Files (x86)\Zero G Registry
2012-02-03 16:33:52	--------	d-----w-	C:\temp
2012-02-03 16:33:40	--------	d--h--w-	C:\Users\Jizzy\InstallAnywhere
2012-02-03 16:21:14	--------	d-----w-	C:\Users\Jizzy\AppData\Local\Equilab
2012-02-03 16:20:57	--------	d-----w-	C:\Program Files (x86)\MSR
2012-02-03 14:33:52	--------	d-----w-	C:\Program Files\VLC
2012-02-03 14:33:40	--------	d--h--w-	C:\Users\Jizzy\Equalizer
2012-02-03 14:21:14	--------	d-----w-	C:\Users\Jizzy\AppData\Local\Equalizer
2012-02-03 14:20:57	--------	d-----w-	C:\Program Files (x86)\mIRC


.
==================== Find3M  ====================
.
2012-02-18 23:41:59	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 04:10:42	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-01-24 12:50:46	168864	----a-w-	C:\Program Files\Common Files\WireHelpSvc.exe
2012-01-24 12:50:38	147472	----a-w-	C:\Windows\System32\drivers\ESLWireACD.sys
2011-12-15 17:29:42	31232	----a-w-	C:\Windows\System32\drivers\tap0901.sys
2011-12-14 07:11:03	2308096	----a-w-	C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30	1390080	----a-w-	C:\Windows\System32\wininet.dll
2011-12-14 07:03:38	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54	1798656	----a-w-	C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 11:11:29,92 ===============


Thanks in advance

Jizzy

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 PM

Posted 05 March 2012 - 02:59 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jizzy

Jizzy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 05 March 2012 - 12:21 PM

Hello Gringo,

Thank you for helping me with my problem.

Heres the frst.txt log:

Scan result of Farbar Recovery Scan Tool Version: 29-02-2012 01
Ran by SYSTEM at 05-03-2012 18:10:42
Running from I:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [3994960 2011-11-17] (O&O Software GmbH)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKU\Jizzy\...\Run: [Google Update] "C:\Users\Jizzy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-22] (Google Inc.)
HKU\Jizzy\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-11-12] (Siber Systems)
HKU\Jizzy\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [2788792 2012-01-03] (Binary Fortress Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ======

2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-22] (ESET)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-11-05] (Intel Corporation)
2 Intelģ PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [133800 2010-08-12] (Intel Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
2 OODefragAgent; "C:\Program Files\OO Software\Defrag\oodag.exe" [3273552 2011-11-17] (O&O Software GmbH)
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [189728 2010-03-10] (Protexis Inc.)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2886528 2012-02-23] (TeamViewer GmbH)
2 WireHelpSvc; C:\Program Files\Common Files\WireHelpSvc.exe [168864 2012-01-24] ()
2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:\Program Files\PostgreSQL\8.4\data" -w [x]

========================== Drivers (Whitelisted) =============

3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [539136 2008-07-24] (Atheros Communications, Inc.)
1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [122856 2010-12-08] (ASMedia Technology Inc)
3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [369640 2010-12-08] (ASMedia Technology Inc)
1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [87600 2009-10-05] (Citrix Systems, Inc.)
3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [71168 2010-11-21] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c62x64.sys [313520 2010-09-21] (Intel Corporation)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-04-14] (Turtle Entertainment GmbH)
2 ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [147472 2012-01-24] (<Turtle Entertainment>)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [26136 2010-08-17] (Intel Corporation)
0 mv91xx; C:\Windows\System32\DRIVERS\mv91xx.sys [303408 2010-11-22] (Marvell Semiconductor, Inc.)
2 NPF_devolo; C:\Windows\SysWow64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
2 regi; \??\C:\Windows\system32\drivers\regi.sys [15672 2010-11-16] (InterVideo)
3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [88960 2010-11-21] (Microsoft Corporation)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2011-12-15] (The OpenVPN Project)
3 terminpt; C:\Windows\System32\drivers\terminpt.sys [34816 2010-11-21] (Microsoft Corporation)
3 TotRec8; \??\C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [31232 2010-11-21] (Microsoft Corporation)
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation)
1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [x]
1 SASDIFSV; \??\E:\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
1 SASKUTIL; \??\E:\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-04 23:01 - 2012-03-04 23:01 - 0000474 ____A C:\Windows\PFRO.log
2012-03-04 22:42 - 2012-03-04 22:42 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-04 22:42 - 2012-03-04 22:42 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-04 22:42 - 2012-03-04 22:42 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-04 17:59 - 2012-03-04 17:59 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-04 17:59 - 2011-12-10 15:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-04 14:08 - 2012-03-05 18:04 - 0000280 ____A C:\Windows\setupact.log
2012-03-04 14:08 - 2012-03-04 14:08 - 0000000 ____A C:\Windows\setuperr.log
2012-03-04 11:24 - 2012-03-04 11:24 - 0005157 ____A C:\Users\Jizzy\Desktop\Attach.txt
2012-03-04 11:06 - 2012-03-04 11:06 - 0000000 ____A C:\Users\Jizzy\defogger_reenable
2012-03-04 10:34 - 2012-03-04 17:59 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-04 10:34 - 2012-03-04 10:34 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Malwarebytes
2012-03-04 10:34 - 2012-03-04 10:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-04 10:34 - 2012-03-04 10:34 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-04 00:39 - 2012-03-04 00:45 - 0000000 ____D C:\Program Files (x86)\ICQ
2012-03-04 00:12 - 2012-03-04 00:12 - 0000000 ____D C:\Windows\system64
2012-03-04 00:11 - 2012-03-04 00:34 - 0000874 ____A C:\Program Files (x86)\INSTALL.LOG
2012-03-03 23:44 - 2012-03-03 23:44 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\postgresql
2012-03-02 21:07 - 2012-03-04 14:06 - 0000000 ___RD C:\Sandbox
2012-03-02 21:05 - 2012-03-04 14:06 - 0000000 ____D C:\Program Files\Sandboxie
2012-03-02 07:51 - 2010-09-07 15:39 - 0150392 ____A (Sysinternals - www.sysinternals.com) C:\junction.exe
2012-03-02 07:33 - 2012-03-02 07:33 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\JAM Software
2012-03-02 07:33 - 2012-03-02 07:33 - 0000000 ____D C:\Program Files (x86)\JAM Software
2012-02-26 14:01 - 2012-02-26 14:01 - 0000638 ____A C:\Users\Public\Desktop\OpenVPN GUI.lnk
2012-02-22 22:13 - 2012-03-04 00:42 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\ICQ
2012-02-22 22:13 - 2012-02-22 22:13 - 0000000 ____D C:\Program Files (x86)\ICQ7.7
2012-02-22 22:12 - 2012-02-22 22:12 - 16855152 ____A (ICQ) C:\Users\Jizzy\Downloads\install_icq7.exe
2012-02-20 21:41 - 2012-02-20 21:41 - 0000000 ____D C:\Users\Jizzy\AppData\Local\PackageAware
2012-02-20 16:39 - 2012-02-20 16:42 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\mIRC
2012-02-20 16:39 - 2012-02-20 16:40 - 0000000 ____D C:\Program Files (x86)\mIRC
2012-02-16 16:55 - 2012-02-16 16:55 - 0000521 ____A C:\Users\Jizzy\Desktop\Netzwerk.lnk
2012-02-15 18:16 - 2012-02-15 18:16 - 0000885 ____A C:\Users\Jizzy\Desktop\mIRC.lnk
2012-02-15 18:14 - 2011-12-14 08:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 18:14 - 2011-12-14 08:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 18:14 - 2011-12-14 08:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-15 18:14 - 2011-12-14 08:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 18:14 - 2011-12-14 08:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 18:14 - 2011-12-14 08:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-15 18:14 - 2011-12-14 08:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 18:14 - 2011-12-14 08:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 18:14 - 2011-12-14 08:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-15 18:14 - 2011-12-14 07:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 18:14 - 2011-12-14 07:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-15 18:14 - 2011-12-14 07:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 18:14 - 2011-12-14 07:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 18:14 - 2011-12-14 04:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-15 18:14 - 2011-12-14 04:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-15 18:14 - 2011-12-14 04:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-15 18:14 - 2011-12-14 03:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-15 18:14 - 2011-12-14 03:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-15 18:14 - 2011-12-14 03:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-15 18:14 - 2011-12-14 03:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-15 18:14 - 2011-12-14 03:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-15 18:14 - 2011-12-14 03:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-15 18:14 - 2011-12-14 03:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-15 18:14 - 2011-12-14 03:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-15 18:14 - 2011-12-14 03:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-15 18:14 - 2011-12-14 03:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-15 18:13 - 2012-01-14 05:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-15 18:13 - 2012-01-04 11:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-15 18:13 - 2012-01-04 11:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-15 18:13 - 2012-01-04 09:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-15 18:13 - 2012-01-04 09:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-15 18:13 - 2011-12-30 07:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-15 18:13 - 2011-12-30 06:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-15 18:13 - 2011-12-28 04:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-15 18:13 - 2011-12-16 09:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-15 18:13 - 2011-12-16 08:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-13 16:06 - 2012-02-13 16:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{b4b392c2-0d30-11e1-aa8e-00ff01000001}.TxR.blf
2012-02-13 16:06 - 2012-02-13 16:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{acc30856-5584-11e1-b930-00ff01000001}.TxR.blf
2012-02-13 16:06 - 2012-02-13 16:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{acc30854-5584-11e1-b930-00ff01000001}.TxR.blf
2012-02-12 21:46 - 2012-02-12 21:46 - 0000000 ____D C:\Users\All Users\FlashFXP
2012-02-12 21:46 - 2012-02-12 21:46 - 0000000 ____D C:\ProgramData\FlashFXP
2012-02-12 21:45 - 2012-02-12 21:46 - 0000000 ____D C:\Program Files (x86)\FlashFXP 4
2012-02-12 21:45 - 2012-02-12 21:45 - 0001025 ____A C:\Users\Public\Desktop\FlashFXP.lnk
2012-02-12 20:36 - 2012-02-12 20:36 - 3995080 ____A (wftpserver.com ) C:\Users\Jizzy\Downloads\ftprush.exe
2012-02-12 20:34 - 2012-02-12 20:34 - 0000600 ____A C:\Users\Jizzy\AppData\Local\PUTTY.RND
2012-02-12 16:53 - 2012-02-12 16:53 - 0000000 ____D C:\Program Files (x86)\pidgin-otr
2012-02-12 16:52 - 2012-02-12 16:53 - 1327342 ____A C:\Users\Jizzy\Downloads\pidgin-otr-3.2.0-1.exe
2012-02-11 18:04 - 2012-02-11 18:04 - 0000971 ____A C:\Users\Jizzy\Desktop\FirefoxPortable.lnk
2012-02-07 11:49 - 2012-02-07 21:57 - 0000000 ____D C:\Program Files (x86)\PokerTracker 4
2012-02-07 11:49 - 2012-02-07 11:49 - 0005042 ____A C:\Users\All Users\oinwddee.jeg
2012-02-07 11:49 - 2012-02-07 11:49 - 0005042 ____A C:\ProgramData\oinwddee.jeg
2012-02-07 11:49 - 2012-02-07 11:49 - 0001078 ____A C:\Users\UpdatusUser\Desktop\PokerTracker 4.lnk
2012-02-07 11:49 - 2012-02-07 11:49 - 0001078 ____A C:\Users\postgres\Desktop\PokerTracker 4.lnk
2012-02-07 11:49 - 2012-02-07 11:49 - 0001078 ____A C:\Users\Jizzy\Desktop\PokerTracker 4.lnk
2012-02-07 11:49 - 2012-02-07 11:49 - 0000000 ____D C:\Users\Jizzy\AppData\Local\PokerTracker 4
2012-02-05 08:37 - 2012-03-05 18:04 - 0044660 ____A C:\Windows\System32\oodbs.lor
2012-02-04 12:33 - 2012-02-04 12:33 - 0023206 ____A C:\Users\Jizzy\Documents\cc_20120204_123340.reg
2012-02-04 12:06 - 2012-02-04 12:06 - 0053780 ____A C:\Users\Jizzy\Documents\cc_20120204_120641.reg
2012-02-04 11:59 - 2012-02-04 11:59 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-02-04 11:59 - 2012-02-04 11:59 - 0000000 ____D C:\Program Files\CCleaner


============ 3 Months Modified Files and Folders =============

2012-03-05 18:10 - 2012-03-05 18:10 - 0000000 ____D C:\FRST
2012-03-05 18:07 - 2011-05-22 07:20 - 1295884 ____A C:\Windows\WindowsUpdate.log
2012-03-05 18:07 - 2010-11-21 07:22 - 0696832 ____A C:\Windows\System32\perfh007.dat
2012-03-05 18:07 - 2010-11-21 07:22 - 0148128 ____A C:\Windows\System32\perfc007.dat
2012-03-05 18:07 - 2009-07-14 06:13 - 1613340 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-05 18:07 - 2009-07-14 05:45 - 0027712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-05 18:07 - 2009-07-14 05:45 - 0027712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-05 18:06 - 2011-05-22 08:39 - 0001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA.job
2012-03-05 18:05 - 2012-01-18 11:04 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\DisplayFusion
2012-03-05 18:05 - 2011-05-22 17:32 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Dropbox
2012-03-05 18:04 - 2012-03-04 14:08 - 0000280 ____A C:\Windows\setupact.log
2012-03-05 18:04 - 2012-02-05 08:37 - 0044660 ____A C:\Windows\System32\oodbs.lor
2012-03-05 18:04 - 2011-05-22 07:36 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-03-05 18:04 - 2011-05-22 07:36 - 0000000 ____D C:\ProgramData\NVIDIA
2012-03-05 18:04 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-05 00:59 - 2011-05-22 08:00 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Mozilla
2012-03-04 23:01 - 2012-03-04 23:01 - 0000474 ____A C:\Windows\PFRO.log
2012-03-04 22:42 - 2012-03-04 22:42 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-04 22:42 - 2012-03-04 22:42 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-04 22:42 - 2012-03-04 22:42 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-04 19:52 - 2011-12-04 20:13 - 0022860 ____A C:\Windows\Q-Dir.ini
2012-03-04 18:35 - 2011-06-01 07:03 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Orbit
2012-03-04 17:59 - 2012-03-04 17:59 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-04 17:59 - 2012-03-04 10:34 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-04 17:56 - 2011-10-16 12:27 - 0000000 ____D C:\users\postgres
2012-03-04 17:16 - 2011-05-22 08:39 - 0001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core.job
2012-03-04 16:55 - 2011-10-22 18:14 - 0000000 ____D C:\Users\Jizzy\AppData\Local\Deployment
2012-03-04 16:44 - 2009-07-14 03:34 - 0593818 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-04 15:53 - 2012-01-09 16:47 - 0000000 ____D C:\Program Files (x86)\PokerEdge
2012-03-04 15:53 - 2011-05-22 15:29 - 0000000 ____D C:\Users\Jizzy\AppData\Local\PokerStars
2012-03-04 15:52 - 2012-02-02 16:25 - 0001023 ____A C:\Users\Jizzy\Desktop\PokerEdge 5.lnk
2012-03-04 15:52 - 2012-01-09 16:47 - 0001023 ____A C:\Users\UpdatusUser\Desktop\PokerEdge 5.lnk
2012-03-04 15:52 - 2012-01-09 16:47 - 0001023 ____A C:\Users\postgres\Desktop\PokerEdge 5.lnk
2012-03-04 15:19 - 2011-05-22 08:00 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-04 14:19 - 2011-05-22 15:47 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-03-04 14:10 - 2011-07-14 06:21 - 0000000 ____D C:\users\UpdatusUser
2012-03-04 14:08 - 2012-03-04 14:08 - 0000000 ____A C:\Windows\setuperr.log
2012-03-04 14:08 - 2011-05-22 07:19 - 0000000 ____D C:\users\Jizzy
2012-03-04 14:08 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-04 14:06 - 2012-03-03 13:00 - 0000000 ____D C:\Users\Jizzy\Downloads\UIN_Pass_Changer
2012-03-04 14:06 - 2012-03-02 21:07 - 0000000 ___RD C:\Sandbox
2012-03-04 14:06 - 2012-03-02 21:05 - 0000000 ____D C:\Program Files\Sandboxie
2012-03-04 14:06 - 2012-02-12 20:37 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\FTPRush
2012-03-04 14:06 - 2011-05-30 15:16 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\PhotoScape
2012-03-04 14:06 - 2011-05-29 08:57 - 0000000 ____D C:\Program Files (x86)\ESET
2012-03-04 14:06 - 2011-05-22 17:57 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Winamp
2012-03-04 14:06 - 2011-05-22 13:53 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\TS3Client
2012-03-04 14:06 - 2011-05-22 07:51 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\vlc
2012-03-04 14:06 - 2010-11-21 07:28 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-03-04 14:06 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\registration
2012-03-04 14:06 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-04 13:53 - 2012-03-04 13:52 - 0170400 ____A C:\TDSSKiller.2.7.18.0_04.03.2012_13.52.02_log.txt
2012-03-04 11:24 - 2012-03-04 11:24 - 0005157 ____A C:\Users\Jizzy\Desktop\Attach.txt
2012-03-04 11:06 - 2012-03-04 11:06 - 0000000 ____A C:\Users\Jizzy\defogger_reenable
2012-03-04 10:34 - 2012-03-04 10:34 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Malwarebytes
2012-03-04 10:34 - 2012-03-04 10:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-04 10:34 - 2012-03-04 10:34 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-04 00:45 - 2012-03-04 00:39 - 0000000 ____D C:\Program Files (x86)\ICQ
2012-03-04 00:42 - 2012-02-22 22:13 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\ICQ
2012-03-04 00:34 - 2012-03-04 00:11 - 0000874 ____A C:\Program Files (x86)\INSTALL.LOG
2012-03-04 00:12 - 2012-03-04 00:12 - 0000000 ____D C:\Windows\system64
2012-03-03 23:44 - 2012-03-03 23:44 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\postgresql
2012-03-02 09:25 - 2012-01-28 09:37 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\.purple
2012-03-02 09:03 - 2011-05-22 20:27 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Apple Computer
2012-03-02 08:32 - 2011-11-08 00:10 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Media Player Classic
2012-03-02 07:33 - 2012-03-02 07:33 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\JAM Software
2012-03-02 07:33 - 2012-03-02 07:33 - 0000000 ____D C:\Program Files (x86)\JAM Software
2012-02-28 23:29 - 2011-10-22 18:13 - 1590298 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-27 18:11 - 2012-01-18 09:21 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Skype
2012-02-26 14:01 - 2012-02-26 14:01 - 0000638 ____A C:\Users\Public\Desktop\OpenVPN GUI.lnk
2012-02-26 09:47 - 2011-05-22 17:32 - 0000993 ____A C:\Users\Jizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-02-25 18:04 - 2011-05-24 12:15 - 0000000 ____D C:\Users\Jizzy\AppData\Local\ESL Wire Game Client
2012-02-22 22:13 - 2012-02-22 22:13 - 0000000 ____D C:\Program Files (x86)\ICQ7.7
2012-02-22 22:13 - 2011-05-22 07:26 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-22 22:12 - 2012-02-22 22:12 - 16855152 ____A (ICQ) C:\Users\Jizzy\Downloads\install_icq7.exe
2012-02-21 22:22 - 2012-01-28 00:37 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\FileZilla
2012-02-20 21:41 - 2012-02-20 21:41 - 0000000 ____D C:\Users\Jizzy\AppData\Local\PackageAware
2012-02-20 16:42 - 2012-02-20 16:39 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\mIRC
2012-02-20 16:40 - 2012-02-20 16:39 - 0000000 ____D C:\Program Files (x86)\mIRC
2012-02-19 15:26 - 2011-05-24 12:33 - 0000000 ____D C:\Users\Jizzy\Documents\ESL Match Media
2012-02-19 15:07 - 2011-06-12 09:06 - 0000779 ____A C:\Users\Public\Desktop\ESL Wire.lnk
2012-02-19 15:07 - 2011-05-24 12:15 - 0000000 ____D C:\Program Files\EslWire
2012-02-19 13:01 - 2012-01-06 19:58 - 0000000 ____D C:\Program Files (x86)\TableScan Turbo
2012-02-19 00:41 - 2011-05-22 08:04 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-16 16:56 - 2011-05-22 08:37 - 0000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2012-02-16 16:55 - 2012-02-16 16:55 - 0000521 ____A C:\Users\Jizzy\Desktop\Netzwerk.lnk
2012-02-16 15:12 - 2011-05-22 07:19 - 0000174 ___SH C:\Users\Jizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 15:12 - 2009-07-14 05:45 - 0344256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 18:17 - 2011-07-06 21:33 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-15 18:17 - 2011-07-06 21:33 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-15 18:16 - 2012-02-15 18:16 - 0000885 ____A C:\Users\Jizzy\Desktop\mIRC.lnk
2012-02-15 18:15 - 2011-04-08 13:32 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-14 16:05 - 2012-02-14 16:05 - 0911983 ____A C:\Users\Jizzy\Downloads\Utility_OpenVPN_Protector.rar
2012-02-13 16:06 - 2012-02-13 16:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{b4b392c2-0d30-11e1-aa8e-00ff01000001}.TxR.blf
2012-02-13 16:06 - 2012-02-13 16:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{acc30856-5584-11e1-b930-00ff01000001}.TxR.blf
2012-02-13 16:06 - 2012-02-13 16:06 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{acc30854-5584-11e1-b930-00ff01000001}.TxR.blf
2012-02-12 21:46 - 2012-02-12 21:46 - 0000000 ____D C:\Users\All Users\FlashFXP
2012-02-12 21:46 - 2012-02-12 21:46 - 0000000 ____D C:\ProgramData\FlashFXP
2012-02-12 20:36 - 2012-02-12 20:36 - 3995080 ____A (wftpserver.com ) C:\Users\Jizzy\Downloads\ftprush.exe
2012-02-12 20:34 - 2012-02-12 20:34 - 0000600 ____A C:\Users\Jizzy\AppData\Local\PUTTY.RND
2012-02-12 16:53 - 2012-02-12 16:53 - 0000000 ____D C:\Program Files (x86)\pidgin-otr
2012-02-12 16:53 - 2012-02-12 16:52 - 1327342 ____A C:\Users\Jizzy\Downloads\pidgin-otr-3.2.0-1.exe
2012-02-11 18:04 - 2012-02-11 18:04 - 0000971 ____A C:\Users\Jizzy\Desktop\FirefoxPortable.lnk
2012-02-07 21:57 - 2012-02-07 11:49 - 0000000 ____D C:\Program Files (x86)\PokerTracker 4
2012-02-07 11:49 - 2012-02-07 11:49 - 0005042 ____A C:\Users\All Users\oinwddee.jeg
2012-02-07 11:49 - 2012-02-07 11:49 - 0005042 ____A C:\ProgramData\oinwddee.jeg
2012-02-07 11:49 - 2012-02-07 11:49 - 0001078 ____A C:\Users\UpdatusUser\Desktop\PokerTracker 4.lnk
2012-02-07 11:49 - 2012-02-07 11:49 - 0001078 ____A C:\Users\postgres\Desktop\PokerTracker 4.lnk
2012-02-07 11:49 - 2012-02-07 11:49 - 0001078 ____A C:\Users\Jizzy\Desktop\PokerTracker 4.lnk
2012-02-07 11:49 - 2012-02-07 11:49 - 0000000 ____D C:\Users\Jizzy\AppData\Local\PokerTracker 4
2012-02-05 09:28 - 2011-06-02 21:15 - 0000000 ____D C:\Users\Jizzy\AppData\Local\ElevatedDiagnostics
2012-02-04 23:21 - 2012-02-03 17:21 - 0000000 ____D C:\Users\Jizzy\AppData\Local\Equilab
2012-02-04 12:33 - 2012-02-04 12:33 - 0023206 ____A C:\Users\Jizzy\Documents\cc_20120204_123340.reg
2012-02-04 12:06 - 2012-02-04 12:06 - 0053780 ____A C:\Users\Jizzy\Documents\cc_20120204_120641.reg
2012-02-04 12:06 - 2011-07-06 21:30 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\DAEMON Tools Lite
2012-02-04 12:05 - 2011-04-08 13:52 - 0000000 ____D C:\Windows\Panther
2012-02-04 11:59 - 2012-02-04 11:59 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-02-04 11:59 - 2012-02-04 11:59 - 0000000 ____D C:\Program Files\CCleaner
2012-02-03 23:04 - 2009-07-14 04:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-02-03 20:07 - 2012-02-03 20:03 - 0000042 ____A C:\Windows\oodjobd.INI
2012-02-03 19:51 - 2012-02-03 19:51 - 0000000 ____D C:\Windows\System32\oodag
2012-02-03 19:50 - 2012-02-03 19:50 - 0002687 ____A C:\Users\Public\Desktop\O&O Defrag.lnk
2012-02-03 19:50 - 2012-02-03 19:50 - 0000000 ____D C:\Users\Jizzy\AppData\Local\O&O
2012-02-03 19:50 - 2012-02-03 19:50 - 0000000 ____D C:\Program Files\OO Software
2012-02-03 19:50 - 2011-11-12 13:56 - 0000000 ____D C:\Users\Jizzy\AppData\Local\Downloaded Installations
2012-02-03 17:35 - 2011-05-22 10:21 - 0000000 ____D C:\Program Files (x86)\Intel
2012-02-03 17:33 - 2012-02-03 17:33 - 0000000 ___HD C:\Users\Jizzy\InstallAnywhere
2012-02-03 17:33 - 2012-02-03 17:33 - 0000000 ___HD C:\Program Files (x86)\Zero G Registry
2012-02-03 17:26 - 2012-02-03 17:26 - 0000017 ____A C:\Users\Jizzy\AppData\Local\resmon.resmoncfg
2012-02-03 17:20 - 2012-02-03 17:20 - 0002259 ____A C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2012-02-03 17:20 - 2012-02-03 17:20 - 0000000 ____D C:\Program Files (x86)\PokerStrategy.com
2012-01-31 23:15 - 2012-01-26 22:19 - 0000000 ____D C:\Users\Jizzy\Downloads\The Mathematics Of Poker
2012-01-31 15:58 - 2012-01-31 15:58 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Mozilla-Cache
2012-01-29 23:35 - 2011-06-12 10:31 - 0000000 ____D C:\Users\Jizzy\AppData\Ember Media Manager
2012-01-29 05:10 - 2010-11-21 04:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-28 09:40 - 2012-01-28 09:40 - 0000000 ____D C:\Program Files\iNFekt
2012-01-28 09:36 - 2012-01-28 09:36 - 0000000 ____D C:\Program Files (x86)\Pidgin
2012-01-28 09:34 - 2011-05-22 08:38 - 0000000 ____D C:\Program Files (x86)\Opera
2012-01-28 00:37 - 2012-01-28 00:37 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-01-26 17:16 - 2012-01-26 17:16 - 0000964 ____A C:\Users\Jizzy\Desktop\join.me.lnk
2012-01-26 17:16 - 2012-01-26 17:16 - 0000000 ____D C:\Users\Jizzy\AppData\Local\join.me
2012-01-26 16:28 - 2011-10-16 12:28 - 0000000 ____D C:\HMArchive
2012-01-24 13:50 - 2011-09-17 05:37 - 0168864 ____A C:\Program Files\Common Files\WireHelpSvc.exe
2012-01-24 13:50 - 2011-05-24 12:15 - 0147472 ____A (<Turtle Entertainment>) C:\Windows\System32\Drivers\ESLWireACD.sys
2012-01-24 09:51 - 2012-01-24 09:51 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-24 09:51 - 2012-01-24 09:51 - 0000000 ____D C:\Program Files\iTunes
2012-01-24 09:51 - 2012-01-24 09:51 - 0000000 ____D C:\Program Files\iPod
2012-01-24 09:51 - 2012-01-24 09:51 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-22 14:12 - 2012-01-22 14:12 - 0174749 ____A C:\Users\Jizzy\Downloads\19969.zip
2012-01-21 16:08 - 2012-01-21 16:07 - 0000000 ____D C:\Program Files (x86)\StackAndTile
2012-01-21 16:07 - 2012-01-21 16:07 - 0001071 ____A C:\Users\Public\Desktop\StackAndTile.lnk
2012-01-20 17:07 - 2012-01-20 17:07 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\PDroidPatcher
2012-01-18 11:38 - 2012-01-18 11:38 - 0002032 ____A C:\Users\Jizzy\Desktop\Media Player Classic - Home Cinema x64.lnk
2012-01-18 11:36 - 2012-01-18 11:36 - 0001477 ____A C:\Users\Jizzy\Desktop\VLC Media Player.lnk
2012-01-18 11:04 - 2012-01-18 11:04 - 0001071 ____A C:\Users\Public\Desktop\DisplayFusion.lnk
2012-01-18 11:04 - 2012-01-18 11:04 - 0000000 ____D C:\Program Files (x86)\DisplayFusion
2012-01-18 11:03 - 2012-01-18 11:03 - 0000000 ____D C:\Users\Jizzy\Documents\DisplayFusion Backups
2012-01-18 09:21 - 2012-01-18 09:21 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-01-18 09:21 - 2012-01-18 09:21 - 0000000 ____D C:\Users\All Users\Skype
2012-01-18 09:21 - 2012-01-18 09:21 - 0000000 ____D C:\ProgramData\Skype
2012-01-14 10:52 - 2012-01-14 10:44 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Mp3tag
2012-01-14 10:44 - 2011-07-22 14:12 - 0000000 ____D C:\Program Files (x86)\Mp3tag
2012-01-14 08:37 - 2009-07-14 06:08 - 0032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-14 05:06 - 2012-02-15 18:13 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-11 22:14 - 2012-01-11 22:14 - 0000000 ____D C:\Poker
2012-01-09 16:51 - 2012-01-09 16:51 - 0000000 ____D C:\Users\Jizzy\AppData\Local\PokerEdge
2012-01-09 16:24 - 2011-05-22 15:29 - 0000000 ____D C:\Program Files (x86)\PokerStars
2012-01-07 20:30 - 2012-01-07 21:31 - 0003161 ____A C:\crisek.hbr
2012-01-04 11:44 - 2012-02-15 18:13 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 11:44 - 2012-02-15 18:13 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 09:59 - 2012-02-15 18:13 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 09:58 - 2012-02-15 18:13 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-03 17:19 - 2012-01-07 21:33 - 0007392 ____A C:\messi.hbr
2012-01-03 11:06 - 2012-01-03 11:06 - 14796374 ____A C:\Scanner.pdf
2011-12-30 07:26 - 2012-02-15 18:13 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-30 06:27 - 2012-02-15 18:13 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-29 22:20 - 2011-05-29 08:57 - 0001140 ____A C:\Users\Public\Desktop\Update ESET's license.lnk
2011-12-29 22:19 - 2011-12-29 22:19 - 5304498 ____A C:\Users\Jizzy\Downloads\bdl39100-lf.rar
2011-12-29 22:13 - 2011-12-29 22:13 - 0143444 ____A C:\Users\Jizzy\Downloads\Sitios_a_excluir-DIC-2010.rar
2011-12-28 04:59 - 2012-02-15 18:13 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-27 23:01 - 2011-12-27 23:01 - 0000000 ____D C:\Users\All Users\RL Vision
2011-12-27 23:01 - 2011-12-27 23:01 - 0000000 ____D C:\ProgramData\RL Vision
2011-12-27 23:01 - 2011-12-27 23:00 - 0000000 ____D C:\Program Files (x86)\Flash Renamer
2011-12-27 20:00 - 2011-12-26 23:21 - 0000000 ____D C:\Program Files (x86)\Duplicate Finder
2011-12-27 17:43 - 2011-12-27 17:42 - 0000000 ____D C:\Users\All Users\FirmTools
2011-12-27 17:43 - 2011-12-27 17:42 - 0000000 ____D C:\ProgramData\FirmTools
2011-12-27 17:41 - 2011-12-27 17:41 - 0001198 ____A C:\Users\Public\Desktop\Duplicate Photo Finder.lnk
2011-12-27 17:41 - 2011-12-27 17:41 - 0000000 ____D C:\Program Files (x86)\FirmTools
2011-12-27 15:12 - 2011-12-26 23:30 - 0000000 ____D C:\Users\Jizzy\Documents\IC3
2011-12-26 23:54 - 2011-12-26 23:54 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Key Metric Software
2011-12-26 23:54 - 2011-12-26 23:54 - 0000000 ____D C:\Users\All Users\Key Metric Software
2011-12-26 23:54 - 2011-12-26 23:54 - 0000000 ____D C:\ProgramData\Key Metric Software
2011-12-26 23:30 - 2011-12-26 23:30 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Obsidium
2011-12-26 23:30 - 2009-07-14 03:34 - 0000551 ____A C:\Windows\win.ini
2011-12-26 23:29 - 2011-12-26 23:29 - 0000941 ____A C:\Users\Jizzy\Desktop\Image Comparer.lnk
2011-12-26 23:29 - 2011-12-26 23:29 - 0000000 ____D C:\Program Files (x86)\ImageComparer
2011-12-26 23:14 - 2011-12-26 23:14 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Ashisoft
2011-12-26 23:14 - 2011-12-26 23:14 - 0000000 ____D C:\Users\Jizzy\AppData\Local\Ashisoft
2011-12-26 23:06 - 2011-12-26 23:06 - 0000000 ____D C:\Program Files (x86)\Awesome Duplicate Photo Finder
2011-12-26 22:57 - 2011-10-15 16:05 - 0000000 ____D C:\2011_10_15
2011-12-26 22:56 - 2011-12-26 22:56 - 0000126 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.64.bc
2011-12-26 22:56 - 2011-12-26 22:56 - 0000126 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2011-12-26 22:56 - 2011-12-26 22:56 - 0000000 ____D C:\Users\Jizzy\AppData\Local\Reasonable_Software_House
2011-12-26 22:55 - 2011-12-26 22:55 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Reasonable Software House Ltd
2011-12-26 22:55 - 2011-12-26 22:55 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Microsoft Corporation
2011-12-26 10:50 - 2011-12-26 10:50 - 0167268 ____A C:\Users\Jizzy\Downloads\HuawaiModemUnlocker.rar
2011-12-23 12:42 - 2011-05-22 13:11 - 0000000 ____D C:\Program Files (x86)\TeamViewer
2011-12-22 21:02 - 2011-05-22 08:46 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\BOM
2011-12-21 17:00 - 2011-06-18 13:05 - 0120000 ___AH C:\Windows\SysWOW64\mlfcache.dat
2011-12-21 08:13 - 2011-12-21 08:13 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\{b112cbee-348a-4623-9609-7ee5f173928e}
2011-12-17 00:03 - 2011-12-17 00:03 - 0000199 ____A C:\Users\Jizzy\Desktop\Counter-Strike Source.url
2011-12-17 00:02 - 2011-12-17 00:02 - 0000538 ____A C:\Users\Public\Desktop\Steam.lnk
2011-12-16 23:59 - 2011-12-16 23:59 - 0000000 ____D C:\Windows\System32\appmgmt
2011-12-16 09:46 - 2012-02-15 18:13 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 08:52 - 2012-02-15 18:13 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 18:29 - 2011-12-15 18:29 - 0031232 ____A (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2011-12-15 17:59 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 19:15 - 2011-12-14 19:15 - 0000444 ____A C:\Users\Jizzy\Desktop\Chessmaster.lnk
2011-12-14 19:15 - 2011-12-14 16:40 - 0000000 ____D C:\Program Files (x86)\Internet Chess Club
2011-12-14 16:40 - 2011-12-14 16:40 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\Internet Chess Club
2011-12-14 16:03 - 2011-12-14 16:03 - 8200926 ____A C:\Users\Jizzy\Downloads\ElCid.zip
2011-12-14 15:19 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2011-12-14 15:19 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\de-DE
2011-12-14 15:18 - 2011-05-22 07:30 - 0086144 ____A C:\Users\Jizzy\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-14 08:43 - 2012-02-15 18:14 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-14 08:16 - 2012-02-15 18:14 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-14 08:11 - 2012-02-15 18:14 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-14 08:04 - 2012-02-15 18:14 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-14 08:04 - 2012-02-15 18:14 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-14 08:03 - 2012-02-15 18:14 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-14 08:03 - 2012-02-15 18:14 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-14 08:01 - 2012-02-15 18:14 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-14 08:00 - 2012-02-15 18:14 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-14 07:59 - 2012-02-15 18:14 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-14 07:57 - 2012-02-15 18:14 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-14 07:57 - 2012-02-15 18:14 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-14 07:53 - 2012-02-15 18:14 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-14 04:30 - 2012-02-15 18:14 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-14 04:10 - 2012-02-15 18:14 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-14 04:04 - 2012-02-15 18:14 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-14 03:57 - 2012-02-15 18:14 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-14 03:57 - 2012-02-15 18:14 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-14 03:56 - 2012-02-15 18:14 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-14 03:55 - 2012-02-15 18:14 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-14 03:54 - 2012-02-15 18:14 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-14 03:53 - 2012-02-15 18:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-14 03:52 - 2012-02-15 18:14 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-14 03:50 - 2012-02-15 18:14 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-14 03:50 - 2012-02-15 18:14 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-14 03:47 - 2012-02-15 18:14 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\Users\All Users\Media Center Programs
2011-12-13 22:11 - 2011-12-13 22:11 - 0000000 ____D C:\ProgramData\Media Center Programs
2011-12-11 23:00 - 2011-09-14 19:37 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\BayWotch4
2011-12-10 15:24 - 2012-03-04 17:59 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 07:22 - 2011-12-07 22:25 - 0000000 ____D C:\Users\Jizzy\AppData\Local\Htc
2011-12-07 22:26 - 2011-12-07 22:26 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-12-07 22:25 - 2011-12-07 22:25 - 0000000 ____D C:\Users\Jizzy\AppData\Roaming\HTC
2011-12-07 22:25 - 2011-12-07 22:24 - 0000000 ____D C:\Program Files (x86)\HTC
2011-12-07 22:24 - 2011-12-07 22:24 - 0000000 ____D C:\Program Files (x86)\Spirent Communications
2011-12-07 22:24 - 2011-12-07 22:24 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8168.89 MB
Available physical RAM: 7318.16 MB
Total Pagefile: 8167.09 MB
Available Pagefile: 7311.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:119.24 GB) (Free:64.37 GB) NTFS
2 Drive e: () (Fixed) (Total:1863.01 GB) (Free:303.76 GB) NTFS
3 Drive f: () (Fixed) (Total:1862.92 GB) (Free:1432.5 GB) NTFS
5 Drive h: (Element) (Fixed) (Total:1863.01 GB) (Free:1235.57 GB) NTFS
6 Drive i: (JIZZY) (Removable) (Total:7.48 GB) (Free:6.55 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

DatentrĄger ### Status GrĒŠe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
DatentrĄger 0 Online 1863 GB 0 B
DatentrĄger 1 Online 119 GB 0 B
DatentrĄger 2 Online 1863 GB 0 B
DatentrĄger 3 Online 1863 GB 0 B
DatentrĄger 4 Online 7663 MB 0 B

DatentrĄgerpartitionierung wird beendet...

Partitions of Disk 0:
===============

DatentrĄger 0 ist jetzt der gewĄhlte DatentrĄger.

Partition ### Typ GrĒŠe Offset
------------- ---------------- ------- -------
Partition 1 PrimĄr 100 MB 1024 KB
Partition 2 PrimĄr 1862 GB 101 MB

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Disk: 0
DatentrĄger 0 ist jetzt der gewĄhlte DatentrĄger.

Partition 1 ist jetzt die gewĄhlte Partition.

Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrĒŠe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System-rese NTFS Partition 100 MB Fehlerfre

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Disk: 0
DatentrĄger 0 ist jetzt der gewĄhlte DatentrĄger.

Partition 2 ist jetzt die gewĄhlte Partition.

Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrĒŠe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F NTFS Partition 1862 GB Fehlerfre

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Partitions of Disk 1:
===============

DatentrĄger 1 ist jetzt der gewĄhlte DatentrĄger.

Partition ### Typ GrĒŠe Offset
------------- ---------------- ------- -------
Partition 1 PrimĄr 119 GB 1024 KB

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Disk: 1
DatentrĄger 1 ist jetzt der gewĄhlte DatentrĄger.

Partition 1 ist jetzt die gewĄhlte Partition.

Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrĒŠe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 119 GB Fehlerfre

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Partitions of Disk 2:
===============

DatentrĄger 2 ist jetzt der gewĄhlte DatentrĄger.

Partition ### Typ GrĒŠe Offset
------------- ---------------- ------- -------
Partition 1 PrimĄr 1863 GB 1024 KB

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Disk: 2
DatentrĄger 2 ist jetzt der gewĄhlte DatentrĄger.

Partition 1 ist jetzt die gewĄhlte Partition.

Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrĒŠe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 1863 GB Fehlerfre

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Partitions of Disk 3:
===============

DatentrĄger 3 ist jetzt der gewĄhlte DatentrĄger.

Partition ### Typ GrĒŠe Offset
------------- ---------------- ------- -------
Partition 1 PrimĄr 1863 GB 1024 KB

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Disk: 3
DatentrĄger 3 ist jetzt der gewĄhlte DatentrĄger.

Partition 1 ist jetzt die gewĄhlte Partition.

Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrĒŠe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Element NTFS Partition 1863 GB Fehlerfre

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Partitions of Disk 4:
===============

DatentrĄger 4 ist jetzt der gewĄhlte DatentrĄger.

Partition ### Typ GrĒŠe Offset
------------- ---------------- ------- -------
Partition 1 PrimĄr 7663 MB 31 KB

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

Disk: 4
DatentrĄger 4 ist jetzt der gewĄhlte DatentrĄger.

Partition 1 ist jetzt die gewĄhlte Partition.

Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrĒŠe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I JIZZY NTFS Wechselmed 7663 MB Fehlerfre

DatentrĄgerpartitionierung wird beendet...

======================================================================================================

==========================================================

Last Boot: 2012-03-02 00:34

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 PM

Posted 05 March 2012 - 01:21 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jizzy

Jizzy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 05 March 2012 - 02:24 PM

Hi,


I have a small problem with combofix. after cleaning, it reboots my computer, and after the restart my NOD32 antivirus is automatically activated again. It says "preparing log file" but even after 45 mins. nothing happens....


Thank you

EDIT:

I checked the combofix directory and found a log:


ComboFix 12-03-04.01 - Jizzy 05.03.2012 21:30:02.3.8 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.8169.6561 [GMT 1:00]
ausgeführt von:: C:\Users\Jizzy\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((( Dateien erstellt von 2012-02-05 bis 2012-03-05 ))))))))))))))))))))))))))))))


2012-03-05 20:32:31 . 2012-03-05 20:32:31 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2012-03-05 20:32:31 . 2012-03-05 20:32:31 -------- d-----w- C:\Users\postgres\AppData\Local\temp
2012-03-05 20:32:31 . 2012-03-05 20:32:31 -------- d-----w- C:\Users\Jizzy\AppData\Local\temp
2012-03-05 20:32:31 . 2012-03-05 20:32:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-03-05 17:10:36 . 2012-03-05 17:10:57 -------- d-----w- C:\FRST
2012-03-05 17:06:53 . 2012-02-08 07:13:59 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B318562C-48E6-402C-926C-CC1B347C5152}\mpengine.dll
2012-03-04 21:42:25 . 2012-03-04 21:42:25 -------- d-----w- C:\Users\Jizzy\AppData\Roaming\SUPERAntiSpyware.com
2012-03-04 21:42:25 . 2012-03-04 21:42:25 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-04 19:07:23 . 2012-03-04 19:07:23 -------- d-----w- C:\Program Files\ESET
2012-03-04 16:59:24 . 2011-12-10 14:24:08 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-03-04 09:34:56 . 2012-03-04 09:34:56 -------- d-----w- C:\Users\Jizzy\AppData\Roaming\Malwarebytes
2012-03-04 09:34:46 . 2012-03-04 09:34:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-04 09:34:45 . 2012-03-04 16:59:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-03 23:39:28 . 2012-03-03 23:45:02 -------- d-----w- C:\Program Files (x86)\ICQ
2012-03-03 23:12:56 . 2012-03-03 23:12:56 -------- d-----we C:\Windows\system64
2012-03-03 22:44:00 . 2012-03-03 22:44:10 -------- d-----w- C:\Users\Jizzy\AppData\Roaming\postgresql
2012-03-02 20:07:27 . 2012-03-04 13:06:57 -------- d-----r- C:\Sandbox
2012-03-02 20:05:46 . 2012-03-04 13:06:57 -------- d-----w- C:\Program Files\Sandboxie
2012-03-02 06:51:30 . 2010-09-07 14:39:20 150392 ----a-w- C:\junction.exe
2012-03-02 06:33:15 . 2012-03-02 06:33:15 -------- d-----w- C:\Users\Jizzy\AppData\Roaming\JAM Software
2012-03-02 06:33:12 . 2012-03-02 06:33:12 -------- d-----w- C:\Program Files (x86)\JAM Software
2012-02-22 21:13:21 . 2012-03-03 23:42:37 -------- d-----w- C:\Users\Jizzy\AppData\Roaming\ICQ
2012-02-20 20:41:57 . 2012-02-20 20:41:57 -------- d-----w- C:\Users\Jizzy\AppData\Local\PackageAware
2012-02-20 15:39:32 . 2012-02-20 15:42:44 -------- d-----w- C:\Users\Jizzy\AppData\Roaming\mIRC
2012-02-20 15:39:32 . 2012-02-20 15:40:12 -------- d-----w- C:\Program Files (x86)\mIRC
2012-02-15 17:13:35 . 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\system32\ntshrui.dll
2012-02-15 17:13:35 . 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 17:13:35 . 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\system32\timedate.cpl
2012-02-15 17:13:35 . 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 17:13:35 . 2011-12-16 08:46:06 634880 ----a-w- C:\Windows\system32\msvcrt.dll
2012-02-15 17:13:34 . 2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-02-15 17:13:34 . 2011-12-28 03:59:24 498688 ----a-w- C:\Windows\system32\drivers\afd.sys
2012-02-15 17:13:34 . 2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-12 20:46:40 . 2012-02-12 20:46:40 -------- d-----w- C:\ProgramData\FlashFXP
2012-02-12 20:45:04 . 2012-02-12 20:46:33 -------- d-----w- C:\Program Files (x86)\FlashFXP 4
2012-02-12 19:37:26 . 2012-03-04 13:06:58 -------- d-----w- C:\Users\Jizzy\AppData\Roaming\FTPRush
2012-02-12 19:37:07 . 2012-02-12 19:37:08 -------- d-----w- C:\Program Files (x86)\FTPRush
2012-02-12 15:53:35 . 2012-02-12 15:53:35 -------- d-----w- C:\Program Files (x86)\pidgin-otr
2012-02-07 10:49:29 . 2012-02-07 10:49:51 -------- d-----w- C:\Users\Jizzy\AppData\Local\PokerTracker 4
2012-02-07 10:49:18 . 2012-02-07 20:57:41 -------- d-----w- C:\Program Files (x86)\PokerTracker 4
.


(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-18 23:41:59 . 2011-05-22 07:04:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 04:10:42 . 2010-11-21 03:27:21 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-01-24 12:50:46 . 2011-09-17 04:37:55 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe
2012-01-24 12:50:38 . 2011-05-24 11:15:35 147472 ----a-w- C:\Windows\system32\drivers\ESLWireACD.sys
2011-12-15 17:29:42 . 2011-12-15 17:29:42 31232 ----a-w- C:\Windows\system32\drivers\tap0901.sys


((((((((((((((((((((((((((((( SnapShot@2012-03-05_19.04.34 )))))))))))))))))))))))))))))))))))))))))

+ 2010-11-21 03:09:11 . 2012-03-05 19:20:17 54922 C:\Windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-03-05 19:20:19 63776 C:\Windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 03:09:11 . 2012-03-05 19:20:17 54922 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-03-05 19:20:19 63776 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-22 06:40:41 . 2012-03-05 19:20:19 8882 C:\Windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1796272902-1527921214-4022389393-1000_UserData.bin
+ 2011-05-22 06:40:41 . 2012-03-05 19:20:19 8882 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1796272902-1527921214-4022389393-1000_UserData.bin
+ 2012-03-05 20:33:42 . 2012-03-05 20:33:42 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 19:04:22 . 2012-03-05 19:04:22 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 19:04:22 . 2012-03-05 19:04:22 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-05 20:33:42 . 2012-03-05 20:33:42 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36:59 . 2012-03-05 19:11:19 652150 C:\Windows\system64\perfh009.dat
- 2009-07-14 02:36:59 . 2012-03-05 17:19:50 652150 C:\Windows\system64\perfh009.dat
+ 2010-11-21 06:22:07 . 2012-03-05 19:11:19 696832 C:\Windows\system64\perfh007.dat
- 2010-11-21 06:22:07 . 2012-03-05 17:19:50 696832 C:\Windows\system64\perfh007.dat
- 2009-07-14 02:36:59 . 2012-03-05 17:19:50 121082 C:\Windows\system64\perfc009.dat
+ 2009-07-14 02:36:59 . 2012-03-05 19:11:19 121082 C:\Windows\system64\perfc009.dat
- 2010-11-21 06:22:07 . 2012-03-05 17:19:50 148128 C:\Windows\system64\perfc007.dat
+ 2010-11-21 06:22:07 . 2012-03-05 19:11:19 148128 C:\Windows\system64\perfc007.dat
- 2009-07-14 02:36:59 . 2012-03-05 17:19:50 652150 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2012-03-05 19:11:19 652150 C:\Windows\system32\perfh009.dat
- 2010-11-21 06:22:07 . 2012-03-05 17:19:50 696832 C:\Windows\system32\perfh007.dat
+ 2010-11-21 06:22:07 . 2012-03-05 19:11:19 696832 C:\Windows\system32\perfh007.dat
+ 2009-07-14 02:36:59 . 2012-03-05 19:11:19 121082 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2012-03-05 17:19:50 121082 C:\Windows\system32\perfc009.dat
+ 2010-11-21 06:22:07 . 2012-03-05 19:11:19 148128 C:\Windows\system32\perfc007.dat
- 2010-11-21 06:22:07 . 2012-03-05 17:19:50 148128 C:\Windows\system32\perfc007.dat
+ 2009-07-14 05:01:48 . 2012-03-05 20:32:37 320652 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01:48 . 2012-03-05 19:03:14 320652 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-22 06:38:18 . 2012-03-05 19:03:15 32553984 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1796272902-1527921214-4022389393-1000-12288.dat
+ 2011-05-22 06:38:18 . 2012-03-05 20:32:37 32553984 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1796272902-1527921214-4022389393-1000-12288.dat

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-12 09:23:22 107000]
"DisplayFusion"="C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [2012-01-03 08:56:34 2788792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 21:54:20 283160]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 11:06:06 254696]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 22:25:58 59240]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 16:22:12 421736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Reasonable NoClone"="" [BU]
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-12 09:23:22 107000]

C:\Users\Jizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

R1 ArcSec;ArcSec;C:\Windows\system32\drivers\ArcSec.sys [x]
R1 SASDIFSV;SASDIFSV;E:\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;E:\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 21:54:22 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 04:01:00 2214504]
R3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;C:\Windows\system32\DRIVERS\arusb_lhx.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [x]
R3 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
R3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 09:43:28 51740536]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 19:20:56 174440]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
S0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 09:30:14 918144]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 02:15:14 915584]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 09:52:26 586880]
S2 DevoloNetworkService;devolo Network Service;C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 10:41:36 3304768]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 11:03:30 974944]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ESLWireAC;ESLWireAC;C:\Windows\system32\drivers\ESLWireACD.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\Windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 11:32:14 34048]
S2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 17:20:58 3273552]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 16:13:26 87040]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D E:\Program Files\PostgreSQL\8.4\data -w [x]
S2 regi;regi;C:\Windows\system32\drivers\regi.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-31 06:27:36 235624]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 10:40:40 2886528]
S2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-01-24 12:50:46 168864]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys [x]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;C:\Windows\system32\DRIVERS\dc3d.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys [x]
S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\system32\drivers\TotRec8.sys [x]


Inhalt des "geplante Tasks" Ordners

2012-03-04 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core.job
- C:\Users\Jizzy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 07:39:16 . 2011-05-22 07:39:15]

2012-03-05 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA.job
- C:\Users\Jizzy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 07:39:16 . 2011-05-22 07:39:15]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11:32:36 11545192]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 13:04:36 2399632]
"OODefragTray"="C:\Program Files\OO Software\Defrag\oodtray.exe" [2011-11-17 17:21:12 3994960]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 11:03:04 4035152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

Edited by Jizzy, 05 March 2012 - 03:44 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 PM

Posted 06 March 2012 - 09:01 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jizzy

Jizzy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 06 March 2012 - 09:27 AM

Hi,

I have a problem with aswMBR.exe: during the scan it crashes (when its scanning the windows/assembly folder).

tdsskiller report:

15:21:42.0444 1284 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
15:21:42.0538 1284 ============================================================
15:21:42.0538 1284 Current date / time: 2012/03/06 15:21:42.0538
15:21:42.0538 1284 SystemInfo:
15:21:42.0538 1284
15:21:42.0538 1284 OS Version: 6.1.7601 ServicePack: 1.0
15:21:42.0538 1284 Product type: Workstation
15:21:42.0538 1284 ComputerName: NZXT
15:21:42.0538 1284 UserName: Jizzy
15:21:42.0538 1284 Windows directory: C:\Windows
15:21:42.0538 1284 System windows directory: C:\Windows
15:21:42.0538 1284 Running under WOW64
15:21:42.0538 1284 Processor architecture: Intel x64
15:21:42.0538 1284 Number of processors: 8
15:21:42.0538 1284 Page size: 0x1000
15:21:42.0538 1284 Boot type: Normal boot
15:21:42.0538 1284 ============================================================
15:21:44.0706 1284 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
15:21:44.0706 1284 Drive \Device\Harddisk2\DR2 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
15:21:44.0706 1284 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:21:44.0722 1284 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:21:44.0722 1284 Drive \Device\Harddisk4\DR4 - Size: 0x1DB1C1000 (7.42 Gb), SectorSize: 0x1000, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:21:44.0738 1284 \Device\Harddisk1\DR1:
15:21:44.0738 1284 MBR used
15:21:44.0738 1284 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
15:21:44.0738 1284 \Device\Harddisk2\DR2:
15:21:44.0738 1284 MBR used
15:21:44.0738 1284 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
15:21:44.0738 1284 \Device\Harddisk0\DR0:
15:21:44.0738 1284 MBR used
15:21:44.0738 1284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:21:44.0738 1284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
15:21:44.0738 1284 \Device\Harddisk3\DR3:
15:21:44.0738 1284 MBR used
15:21:44.0738 1284 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
15:21:44.0738 1284 \Device\Harddisk4\DR4:
15:21:44.0738 1284 MBR used
15:21:44.0738 1284 \Device\Harddisk4\DR4\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1DB181
15:21:44.0831 1284 Initialize success
15:21:44.0831 1284 ============================================================
15:21:46.0422 2948 ============================================================
15:21:46.0422 2948 Scan started
15:21:46.0422 2948 Mode: Manual;
15:21:46.0422 2948 ============================================================
15:21:46.0594 2948 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:21:46.0610 2948 1394ohci - ok
15:21:46.0610 2948 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:21:46.0625 2948 ACPI - ok
15:21:46.0625 2948 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:21:46.0625 2948 AcpiPmi - ok
15:21:46.0641 2948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:21:46.0656 2948 adp94xx - ok
15:21:46.0656 2948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:21:46.0672 2948 adpahci - ok
15:21:46.0672 2948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:21:46.0688 2948 adpu320 - ok
15:21:46.0703 2948 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:21:46.0703 2948 AFD - ok
15:21:46.0719 2948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:21:46.0719 2948 agp440 - ok
15:21:46.0734 2948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:21:46.0734 2948 aliide - ok
15:21:46.0734 2948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:21:46.0734 2948 amdide - ok
15:21:46.0750 2948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:21:46.0750 2948 AmdK8 - ok
15:21:46.0750 2948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:21:46.0766 2948 AmdPPM - ok
15:21:46.0766 2948 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:21:46.0766 2948 amdsata - ok
15:21:46.0781 2948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:21:46.0781 2948 amdsbs - ok
15:21:46.0797 2948 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:21:46.0797 2948 amdxata - ok
15:21:46.0797 2948 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:21:46.0797 2948 AppID - ok
15:21:46.0828 2948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:21:46.0828 2948 arc - ok
15:21:46.0828 2948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:21:46.0828 2948 arcsas - ok
15:21:46.0844 2948 ArcSec - ok
15:21:46.0859 2948 arusb_lhx (fec1f5da49c4d693ccd1b922b7f3b22f) C:\Windows\system32\DRIVERS\arusb_lhx.sys
15:21:46.0859 2948 arusb_lhx - ok
15:21:46.0875 2948 AsIO - ok
15:21:46.0875 2948 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
15:21:46.0875 2948 asmthub3 - ok
15:21:46.0890 2948 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
15:21:46.0890 2948 asmtxhci - ok
15:21:46.0906 2948 AsUpIO - ok
15:21:46.0922 2948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:21:46.0922 2948 AsyncMac - ok
15:21:46.0922 2948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:21:46.0922 2948 atapi - ok
15:21:46.0953 2948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:21:46.0953 2948 b06bdrv - ok
15:21:46.0968 2948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:21:46.0968 2948 b57nd60a - ok
15:21:46.0984 2948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:21:46.0984 2948 Beep - ok
15:21:47.0000 2948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:21:47.0000 2948 blbdrive - ok
15:21:47.0015 2948 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:21:47.0015 2948 bowser - ok
15:21:47.0015 2948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:21:47.0015 2948 BrFiltLo - ok
15:21:47.0031 2948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:21:47.0031 2948 BrFiltUp - ok
15:21:47.0031 2948 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:21:47.0031 2948 BridgeMP - ok
15:21:47.0046 2948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:21:47.0046 2948 Brserid - ok
15:21:47.0062 2948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:21:47.0062 2948 BrSerWdm - ok
15:21:47.0062 2948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:21:47.0062 2948 BrUsbMdm - ok
15:21:47.0078 2948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:21:47.0078 2948 BrUsbSer - ok
15:21:47.0078 2948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:21:47.0078 2948 BTHMODEM - ok
15:21:47.0093 2948 catchme - ok
15:21:47.0093 2948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:21:47.0093 2948 cdfs - ok
15:21:47.0109 2948 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:21:47.0109 2948 cdrom - ok
15:21:47.0124 2948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:21:47.0124 2948 circlass - ok
15:21:47.0124 2948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:21:47.0124 2948 CLFS - ok
15:21:47.0140 2948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:21:47.0140 2948 CmBatt - ok
15:21:47.0156 2948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:21:47.0156 2948 cmdide - ok
15:21:47.0156 2948 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:21:47.0171 2948 CNG - ok
15:21:47.0171 2948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:21:47.0171 2948 Compbatt - ok
15:21:47.0187 2948 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:21:47.0187 2948 CompositeBus - ok
15:21:47.0187 2948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:21:47.0187 2948 crcdisk - ok
15:21:47.0202 2948 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:21:47.0202 2948 CSC - ok
15:21:47.0218 2948 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:21:47.0218 2948 ctxusbm - ok
15:21:47.0234 2948 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
15:21:47.0234 2948 dc3d - ok
15:21:47.0234 2948 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:21:47.0234 2948 DfsC - ok
15:21:47.0249 2948 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
15:21:47.0249 2948 dg_ssudbus - ok
15:21:47.0265 2948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:21:47.0265 2948 discache - ok
15:21:47.0265 2948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:21:47.0265 2948 Disk - ok
15:21:47.0280 2948 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:21:47.0280 2948 dmvsc - ok
15:21:47.0280 2948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:21:47.0280 2948 drmkaud - ok
15:21:47.0296 2948 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:21:47.0296 2948 dtsoftbus01 - ok
15:21:47.0312 2948 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:21:47.0312 2948 DXGKrnl - ok
15:21:47.0327 2948 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
15:21:47.0327 2948 e1cexpress - ok
15:21:47.0327 2948 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:21:47.0327 2948 E1G60 - ok
15:21:47.0343 2948 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
15:21:47.0343 2948 eamonm - ok
15:21:47.0374 2948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:21:47.0405 2948 ebdrv - ok
15:21:47.0405 2948 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
15:21:47.0421 2948 ehdrv - ok
15:21:47.0421 2948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:21:47.0436 2948 elxstor - ok
15:21:47.0436 2948 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
15:21:47.0468 2948 epfwwfpr - ok
15:21:47.0483 2948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:21:47.0483 2948 ErrDev - ok
15:21:47.0483 2948 ESLvnic1 (c33acb897af927d1c1bd84f211fae75b) C:\Windows\system32\DRIVERS\ESLvnic.sys
15:21:47.0499 2948 ESLvnic1 - ok
15:21:47.0499 2948 ESLWireAC (abc24f129c616e5dee5ce58683606c84) C:\Windows\system32\drivers\ESLWireACD.sys
15:21:47.0499 2948 ESLWireAC - ok
15:21:47.0514 2948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:21:47.0514 2948 exfat - ok
15:21:47.0530 2948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:21:47.0530 2948 fastfat - ok
15:21:47.0530 2948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:21:47.0530 2948 fdc - ok
15:21:47.0546 2948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:21:47.0546 2948 FileInfo - ok
15:21:47.0561 2948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:21:47.0561 2948 Filetrace - ok
15:21:47.0561 2948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:21:47.0561 2948 flpydisk - ok
15:21:47.0577 2948 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:21:47.0577 2948 FltMgr - ok
15:21:47.0592 2948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:21:47.0592 2948 FsDepends - ok
15:21:47.0592 2948 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:21:47.0592 2948 Fs_Rec - ok
15:21:47.0608 2948 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:21:47.0608 2948 fvevol - ok
15:21:47.0608 2948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:21:47.0608 2948 gagp30kx - ok
15:21:47.0624 2948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:21:47.0624 2948 GEARAspiWDM - ok
15:21:47.0624 2948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:21:47.0624 2948 hcw85cir - ok
15:21:47.0639 2948 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:21:47.0639 2948 HdAudAddService - ok
15:21:47.0655 2948 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:21:47.0655 2948 HDAudBus - ok
15:21:47.0655 2948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:21:47.0655 2948 HidBatt - ok
15:21:47.0670 2948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:21:47.0670 2948 HidBth - ok
15:21:47.0686 2948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:21:47.0686 2948 HidIr - ok
15:21:47.0686 2948 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:21:47.0686 2948 HidUsb - ok
15:21:47.0702 2948 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:21:47.0702 2948 HpSAMD - ok
15:21:47.0717 2948 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:21:47.0717 2948 HTCAND64 - ok
15:21:47.0717 2948 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
15:21:47.0717 2948 htcnprot - ok
15:21:47.0733 2948 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:21:47.0733 2948 HTTP - ok
15:21:47.0748 2948 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:21:47.0748 2948 hwpolicy - ok
15:21:47.0748 2948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:21:47.0748 2948 i8042prt - ok
15:21:47.0764 2948 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
15:21:47.0764 2948 iaStor - ok
15:21:47.0780 2948 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:21:47.0780 2948 iaStorV - ok
15:21:47.0795 2948 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
15:21:47.0795 2948 ICCWDT - ok
15:21:47.0795 2948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:21:47.0795 2948 iirsp - ok
15:21:47.0826 2948 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
15:21:47.0842 2948 IntcAzAudAddService - ok
15:21:47.0842 2948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:21:47.0842 2948 intelide - ok
15:21:47.0858 2948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:21:47.0858 2948 intelppm - ok
15:21:47.0858 2948 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:21:47.0858 2948 IpFilterDriver - ok
15:21:47.0873 2948 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:21:47.0873 2948 IPMIDRV - ok
15:21:47.0873 2948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:21:47.0889 2948 IPNAT - ok
15:21:47.0889 2948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:21:47.0889 2948 IRENUM - ok
15:21:47.0904 2948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:21:47.0904 2948 isapnp - ok
15:21:47.0904 2948 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:21:47.0904 2948 iScsiPrt - ok
15:21:47.0920 2948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:21:47.0920 2948 kbdclass - ok
15:21:47.0920 2948 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:21:47.0936 2948 kbdhid - ok
15:21:47.0936 2948 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:21:47.0936 2948 KSecDD - ok
15:21:47.0951 2948 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:21:47.0951 2948 KSecPkg - ok
15:21:47.0951 2948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:21:47.0951 2948 ksthunk - ok
15:21:47.0967 2948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:21:47.0967 2948 lltdio - ok
15:21:47.0982 2948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:21:47.0982 2948 LSI_FC - ok
15:21:47.0982 2948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:21:47.0998 2948 LSI_SAS - ok
15:21:47.0998 2948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:21:47.0998 2948 LSI_SAS2 - ok
15:21:48.0014 2948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:21:48.0014 2948 LSI_SCSI - ok
15:21:48.0014 2948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:21:48.0014 2948 luafv - ok
15:21:48.0029 2948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:21:48.0029 2948 megasas - ok
15:21:48.0045 2948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:21:48.0045 2948 MegaSR - ok
15:21:48.0045 2948 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:21:48.0045 2948 MEIx64 - ok
15:21:48.0060 2948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:21:48.0060 2948 Modem - ok
15:21:48.0060 2948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:21:48.0060 2948 monitor - ok
15:21:48.0076 2948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:21:48.0076 2948 mouclass - ok
15:21:48.0076 2948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:21:48.0076 2948 mouhid - ok
15:21:48.0092 2948 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:21:48.0092 2948 mountmgr - ok
15:21:48.0107 2948 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:21:48.0107 2948 mpio - ok
15:21:48.0107 2948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:21:48.0107 2948 mpsdrv - ok
15:21:48.0123 2948 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:21:48.0123 2948 MRxDAV - ok
15:21:48.0138 2948 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:21:48.0138 2948 mrxsmb - ok
15:21:48.0138 2948 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:21:48.0138 2948 mrxsmb10 - ok
15:21:48.0154 2948 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:21:48.0154 2948 mrxsmb20 - ok
15:21:48.0154 2948 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:21:48.0154 2948 msahci - ok
15:21:48.0170 2948 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:21:48.0170 2948 msdsm - ok
15:21:48.0185 2948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:21:48.0185 2948 Msfs - ok
15:21:48.0185 2948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:21:48.0185 2948 mshidkmdf - ok
15:21:48.0201 2948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:21:48.0201 2948 msisadrv - ok
15:21:48.0201 2948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:21:48.0201 2948 MSKSSRV - ok
15:21:48.0216 2948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:21:48.0216 2948 MSPCLOCK - ok
15:21:48.0216 2948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:21:48.0216 2948 MSPQM - ok
15:21:48.0232 2948 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:21:48.0232 2948 MsRPC - ok
15:21:48.0248 2948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:21:48.0248 2948 mssmbios - ok
15:21:48.0248 2948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:21:48.0248 2948 MSTEE - ok
15:21:48.0263 2948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:21:48.0263 2948 MTConfig - ok
15:21:48.0263 2948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:21:48.0263 2948 Mup - ok
15:21:48.0279 2948 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
15:21:48.0279 2948 mv91xx - ok
15:21:48.0294 2948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:21:48.0294 2948 NativeWifiP - ok
15:21:48.0310 2948 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:21:48.0310 2948 NDIS - ok
15:21:48.0326 2948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:21:48.0326 2948 NdisCap - ok
15:21:48.0326 2948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:21:48.0326 2948 NdisTapi - ok
15:21:48.0341 2948 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:21:48.0341 2948 Ndisuio - ok
15:21:48.0357 2948 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:21:48.0357 2948 NdisWan - ok
15:21:48.0357 2948 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:21:48.0357 2948 NDProxy - ok
15:21:48.0372 2948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:21:48.0372 2948 NetBIOS - ok
15:21:48.0372 2948 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:21:48.0388 2948 NetBT - ok
15:21:48.0388 2948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:21:48.0404 2948 nfrd960 - ok
15:21:48.0404 2948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:21:48.0404 2948 Npfs - ok
15:21:48.0419 2948 NPF_devolo (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
15:21:48.0419 2948 NPF_devolo - ok
15:21:48.0419 2948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:21:48.0419 2948 nsiproxy - ok
15:21:48.0435 2948 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:21:48.0450 2948 Ntfs - ok
15:21:48.0466 2948 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:21:48.0466 2948 NuidFltr - ok
15:21:48.0466 2948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:21:48.0466 2948 Null - ok
15:21:48.0482 2948 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
15:21:48.0482 2948 NVHDA - ok
15:21:48.0622 2948 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:21:48.0669 2948 nvlddmkm - ok
15:21:48.0669 2948 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:21:48.0669 2948 nvraid - ok
15:21:48.0684 2948 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:21:48.0684 2948 nvstor - ok
15:21:48.0700 2948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:21:48.0700 2948 nv_agp - ok
15:21:48.0700 2948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:21:48.0700 2948 ohci1394 - ok
15:21:48.0716 2948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:21:48.0716 2948 Parport - ok
15:21:48.0731 2948 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:21:48.0731 2948 partmgr - ok
15:21:48.0731 2948 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:21:48.0747 2948 pci - ok
15:21:48.0747 2948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:21:48.0747 2948 pciide - ok
15:21:48.0762 2948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:21:48.0762 2948 pcmcia - ok
15:21:48.0762 2948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:21:48.0762 2948 pcw - ok
15:21:48.0778 2948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:21:48.0778 2948 PEAUTH - ok
15:21:48.0794 2948 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
15:21:48.0794 2948 Point64 - ok
15:21:48.0809 2948 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:21:48.0809 2948 PptpMiniport - ok
15:21:48.0825 2948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:21:48.0825 2948 Processor - ok
15:21:48.0840 2948 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:21:48.0840 2948 Psched - ok
15:21:48.0856 2948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:21:48.0872 2948 ql2300 - ok
15:21:48.0872 2948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:21:48.0872 2948 ql40xx - ok
15:21:48.0887 2948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:21:48.0887 2948 QWAVEdrv - ok
15:21:48.0887 2948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:21:48.0887 2948 RasAcd - ok
15:21:48.0903 2948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:21:48.0903 2948 RasAgileVpn - ok
15:21:48.0903 2948 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:21:48.0903 2948 Rasl2tp - ok
15:21:48.0918 2948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:21:48.0918 2948 RasPppoe - ok
15:21:48.0934 2948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:21:48.0934 2948 RasSstp - ok
15:21:48.0934 2948 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:21:48.0950 2948 rdbss - ok
15:21:48.0950 2948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:21:48.0950 2948 rdpbus - ok
15:21:48.0965 2948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:21:48.0965 2948 RDPCDD - ok
15:21:48.0981 2948 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:21:48.0981 2948 RDPDR - ok
15:21:48.0981 2948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:21:48.0981 2948 RDPENCDD - ok
15:21:48.0996 2948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:21:48.0996 2948 RDPREFMP - ok
15:21:49.0012 2948 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:21:49.0012 2948 RdpVideoMiniport - ok
15:21:49.0028 2948 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:21:49.0028 2948 RDPWD - ok
15:21:49.0043 2948 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:21:49.0043 2948 rdyboost - ok
15:21:49.0043 2948 regi (84c83c7577407c4ff6ab1379ee944610) C:\Windows\system32\drivers\regi.sys
15:21:49.0074 2948 regi - ok
15:21:49.0074 2948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:21:49.0074 2948 rspndr - ok
15:21:49.0090 2948 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:21:49.0090 2948 s3cap - ok
15:21:49.0137 2948 SASDIFSV - ok
15:21:49.0168 2948 SASKUTIL - ok
15:21:49.0184 2948 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:21:49.0184 2948 sbp2port - ok
15:21:49.0199 2948 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:21:49.0199 2948 scfilter - ok
15:21:49.0199 2948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:21:49.0199 2948 secdrv - ok
15:21:49.0215 2948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:21:49.0215 2948 Serenum - ok
15:21:49.0215 2948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:21:49.0230 2948 Serial - ok
15:21:49.0230 2948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:21:49.0230 2948 sermouse - ok
15:21:49.0246 2948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:21:49.0246 2948 sffdisk - ok
15:21:49.0246 2948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:21:49.0246 2948 sffp_mmc - ok
15:21:49.0262 2948 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:21:49.0262 2948 sffp_sd - ok
15:21:49.0262 2948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:21:49.0262 2948 sfloppy - ok
15:21:49.0277 2948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:21:49.0277 2948 SiSRaid2 - ok
15:21:49.0293 2948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:21:49.0293 2948 SiSRaid4 - ok
15:21:49.0293 2948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:21:49.0293 2948 Smb - ok
15:21:49.0308 2948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:21:49.0308 2948 spldr - ok
15:21:49.0324 2948 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:21:49.0324 2948 srv - ok
15:21:49.0340 2948 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:21:49.0340 2948 srv2 - ok
15:21:49.0355 2948 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:21:49.0355 2948 srvnet - ok
15:21:49.0355 2948 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:21:49.0355 2948 ssudmdm - ok
15:21:49.0371 2948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:21:49.0371 2948 stexstor - ok
15:21:49.0386 2948 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:21:49.0386 2948 storflt - ok
15:21:49.0386 2948 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:21:49.0386 2948 storvsc - ok
15:21:49.0402 2948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:21:49.0402 2948 swenum - ok
15:21:49.0402 2948 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
15:21:49.0418 2948 Synth3dVsc - ok
15:21:49.0418 2948 tap0901 (f9be29d5e097f03f81d3cd12b794cb66) C:\Windows\system32\DRIVERS\tap0901.sys
15:21:49.0433 2948 tap0901 - ok
15:21:49.0464 2948 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:21:49.0464 2948 Tcpip - ok
15:21:49.0496 2948 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:21:49.0496 2948 TCPIP6 - ok
15:21:49.0511 2948 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:21:49.0511 2948 tcpipreg - ok
15:21:49.0527 2948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:21:49.0527 2948 TDPIPE - ok
15:21:49.0527 2948 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:21:49.0527 2948 TDTCP - ok
15:21:49.0542 2948 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:21:49.0542 2948 tdx - ok
15:21:49.0558 2948 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:21:49.0558 2948 TermDD - ok
15:21:49.0558 2948 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
15:21:49.0558 2948 terminpt - ok
15:21:49.0574 2948 TotRec8 (d565e692b747f9d8424f93cd82ab1bda) C:\Windows\system32\drivers\TotRec8.sys
15:21:49.0574 2948 TotRec8 - ok
15:21:49.0589 2948 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:21:49.0589 2948 tssecsrv - ok
15:21:49.0589 2948 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:21:49.0589 2948 TsUsbFlt - ok
15:21:49.0605 2948 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:21:49.0605 2948 TsUsbGD - ok
15:21:49.0605 2948 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
15:21:49.0605 2948 tsusbhub - ok
15:21:49.0620 2948 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:21:49.0620 2948 tunnel - ok
15:21:49.0636 2948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:21:49.0636 2948 uagp35 - ok
15:21:49.0636 2948 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:21:49.0636 2948 udfs - ok
15:21:49.0652 2948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:21:49.0652 2948 uliagpkx - ok
15:21:49.0667 2948 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:21:49.0667 2948 umbus - ok
15:21:49.0667 2948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:21:49.0667 2948 UmPass - ok
15:21:49.0683 2948 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:21:49.0683 2948 USBAAPL64 - ok
15:21:49.0698 2948 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:21:49.0698 2948 usbccgp - ok
15:21:49.0698 2948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:21:49.0698 2948 usbcir - ok
15:21:49.0714 2948 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:21:49.0714 2948 usbehci - ok
15:21:49.0714 2948 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:21:49.0730 2948 usbhub - ok
15:21:49.0730 2948 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:21:49.0730 2948 usbohci - ok
15:21:49.0745 2948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:21:49.0745 2948 usbprint - ok
15:21:49.0745 2948 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:21:49.0745 2948 usbscan - ok
15:21:49.0761 2948 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:21:49.0761 2948 USBSTOR - ok
15:21:49.0761 2948 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:21:49.0761 2948 usbuhci - ok
15:21:49.0776 2948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:21:49.0776 2948 vdrvroot - ok
15:21:49.0792 2948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:21:49.0792 2948 vga - ok
15:21:49.0792 2948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:21:49.0823 2948 VgaSave - ok
15:21:49.0823 2948 VGPU - ok
15:21:49.0839 2948 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:21:49.0839 2948 vhdmp - ok
15:21:49.0839 2948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:21:49.0854 2948 viaide - ok
15:21:49.0854 2948 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:21:49.0854 2948 vmbus - ok
15:21:49.0870 2948 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:21:49.0870 2948 VMBusHID - ok
15:21:49.0870 2948 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:21:49.0870 2948 volmgr - ok
15:21:49.0886 2948 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:21:49.0886 2948 volmgrx - ok
15:21:49.0901 2948 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:21:49.0901 2948 volsnap - ok
15:21:49.0917 2948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:21:49.0917 2948 vsmraid - ok
15:21:49.0917 2948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:21:49.0917 2948 vwifibus - ok
15:21:49.0932 2948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:21:49.0932 2948 WacomPen - ok
15:21:49.0932 2948 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:49.0932 2948 WANARP - ok
15:21:49.0948 2948 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:21:49.0948 2948 Wanarpv6 - ok
15:21:49.0948 2948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:21:49.0948 2948 Wd - ok
15:21:49.0964 2948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:21:49.0979 2948 Wdf01000 - ok
15:21:49.0979 2948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:21:49.0979 2948 WfpLwf - ok
15:21:49.0995 2948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:21:49.0995 2948 WIMMount - ok
15:21:50.0010 2948 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:21:50.0010 2948 WinUsb - ok
15:21:50.0026 2948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:21:50.0026 2948 WmiAcpi - ok
15:21:50.0026 2948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:21:50.0042 2948 ws2ifsl - ok
15:21:50.0042 2948 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:21:50.0042 2948 WudfPf - ok
15:21:50.0057 2948 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:21:50.0057 2948 WUDFRd - ok
15:21:50.0073 2948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:21:50.0073 2948 \Device\Harddisk1\DR1 - ok
15:21:50.0073 2948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
15:21:50.0073 2948 \Device\Harddisk2\DR2 - ok
15:21:50.0073 2948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:21:50.0104 2948 \Device\Harddisk0\DR0 - ok
15:21:50.0104 2948 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
15:21:50.0104 2948 \Device\Harddisk3\DR3 - ok
15:21:50.0120 2948 MBR (0x1B8) (c707513d2b988da6c4a7aa108d8bb055) \Device\Harddisk4\DR4
15:21:58.0824 2948 \Device\Harddisk4\DR4 - ok
15:21:58.0824 2948 Boot (0x1200) (cb100811a953c0ad951b1617426ce563) \Device\Harddisk1\DR1\Partition0
15:21:58.0840 2948 \Device\Harddisk1\DR1\Partition0 - ok
15:21:58.0840 2948 Boot (0x1200) (4459fecccb3f3bd3b8d3e554896840f0) \Device\Harddisk2\DR2\Partition0
15:21:58.0840 2948 \Device\Harddisk2\DR2\Partition0 - ok
15:21:58.0840 2948 Boot (0x1200) (ae467b0d8a66b08ea60a2572dce24443) \Device\Harddisk0\DR0\Partition0
15:21:58.0840 2948 \Device\Harddisk0\DR0\Partition0 - ok
15:21:58.0840 2948 Boot (0x1200) (7364a935b804dd3907749b0de645eece) \Device\Harddisk0\DR0\Partition1
15:21:58.0840 2948 \Device\Harddisk0\DR0\Partition1 - ok
15:21:58.0856 2948 Boot (0x1200) (8ba3ee59718b561adaa39b64e329aad6) \Device\Harddisk3\DR3\Partition0
15:21:58.0856 2948 \Device\Harddisk3\DR3\Partition0 - ok
15:21:58.0856 2948 Boot (0x1200) (da329739144d2e49a9c758351eddc025) \Device\Harddisk4\DR4\Partition0
15:21:58.0856 2948 \Device\Harddisk4\DR4\Partition0 - ok
15:21:58.0856 2948 ============================================================
15:21:58.0856 2948 Scan finished
15:21:58.0856 2948 ============================================================
15:21:58.0871 5860 Detected object count: 0
15:21:58.0871 5860 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 PM

Posted 06 March 2012 - 10:02 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jizzy

Jizzy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 06 March 2012 - 10:46 AM

Hi,

Even in safe mode, the same problem... "preparing log file" nothing happens...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 PM

Posted 08 March 2012 - 02:49 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jizzy

Jizzy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 09 March 2012 - 01:33 AM

hi,

heres the otl.txt:

OTL logfile created on: 09.03.2012 07:22:06 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Jizzy\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,24% Memory free
15,95 Gb Paging File | 13,82 Gb Available in Paging File | 86,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 63,91 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 293,33 Gb Free Space | 15,74% Space Free | Partition Type: NTFS
Drive E: | 1862,92 Gb Total Space | 1432,55 Gb Free Space | 76,90% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1264,74 Gb Free Space | 67,89% Space Free | Partition Type: NTFS

Computer Name: NZXT | User Name: Jizzy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jizzy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DisplayFusion\AppHookx86.exe (Binary Fortress Software)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (Intelģ PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WireHelpSvc) -- C:\Programme\Common Files\WireHelpSvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (TotRec8) -- C:\Windows\SysNative\drivers\TotRec8.sys (High Criteria inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (ICCWDT) Intel® Watchdog Timer Driver (Intel® WDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (arusb_lhx) -- C:\Windows\SysNative\drivers\arusb_lhx.sys (Atheros Communications, Inc.)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\sysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 30 17 E3 4B 18 CC 01 [binary data]
IE - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>



========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.4.5
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.20
FF - prefs.js..extensions.enabledItems: {77492C4A-115B-4b8c-8A2B-44CC3C1A7DF2}:0.6.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.131046
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: notebook@google.com:1.0.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.12
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {bb8d77b0-a845-4249-a205-ef7395587b69}:1.7
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..network.proxy.gopher: "222.108.198.53"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jizzy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jizzy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012.03.04 20:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011.11.12 10:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.31 15:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.14 08:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.01 08:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.01 08:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.01 08:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.01 08:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.01 08:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.01 08:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.01 08:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.03.04 20:07:23 | 000,000,000 | ---D | M]

[2011.05.22 16:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Extensions
[2011.05.22 16:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.29 16:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions
[2011.05.22 17:59:44 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2011.05.22 17:59:45 | 000,000,000 | ---D | M] ("De-ImageShack") -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{77492C4A-115B-4b8c-8A2B-44CC3C1A7DF2}
[2011.05.22 17:59:45 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.05.22 17:59:46 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011.12.24 10:05:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.22 17:59:46 | 000,000,000 | ---D | M] (PwdHash) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{bb8d77b0-a845-4249-a205-ef7395587b69}
[2011.05.22 17:59:47 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2011.12.03 08:45:40 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2011.12.21 07:26:09 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2012.02.17 21:00:49 | 000,000,000 | ---D | M] (Quick Note) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack
[2011.05.22 17:59:44 | 000,000,000 | ---D | M] (Google Notebook) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\notebook@google.com
[2012.01.28 19:01:03 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jizzy\AppData\Roaming\mozilla\Firefox\Profiles\50auy3y1.default\extensions\support@lastpass.com
[2012.03.02 13:26:48 | 000,001,128 | ---- | M] () -- C:\Users\Jizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\geizhalsat-deutschland.xml
[2009.01.24 11:25:36 | 000,001,504 | ---- | M] () -- C:\Users\Jizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\imdb.xml
[2009.11.22 12:12:28 | 000,001,840 | ---- | M] () -- C:\Users\Jizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\sceneforce.xml
[2012.01.31 15:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\{DE1C70DE-0466-4913-90E9-562E2EFD555D}.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\BARLESQUE@DMITRIY.KHUDOROZHKOV.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\CTRL-TAB@DESIGN-NOIR.DE.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\JIZZY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50AUY3Y1.DEFAULT\EXTENSIONS\SNAPLINKS@SNAPLINKS.MOZDEV.ORG.XPI
[2012.01.31 15:25:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.03.10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.03.10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.03.10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.03.10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011.11.09 15:55:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.09 15:55:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.09 15:55:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.09 15:55:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.09 15:55:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.09 15:55:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jizzy\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jizzy\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jizzy\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.3_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jizzy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.14_0\
CHR - Extension: Session Manager = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: YouTube = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Proxy Switchy! = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: ZOHO NoteBook = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkmmdgdkpapcekiookglhdhdkhbpdfp\1.3_0\
CHR - Extension: Google-Suche = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Session Buddy = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\2.1.3_0\
CHR - Extension: Link2Clip = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmieebpnfbcjdackmfajcbbknaikebla\1.1_0\
CHR - Extension: LastPass = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.3_0\
CHR - Extension: Default = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: FV Extender = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhofaoljolgjddfleinbbmjgbdhkgop\3.0.17_0\
CHR - Extension: Smooth Gestures = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
CHR - Extension: Smooth Gestures = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.13_0\
CHR - Extension: AutoPager Chrome = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\
CHR - Extension: Google Mail = C:\Users\Jizzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.03.06 16:33:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Reasonable NoClone] File not found
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [Reasonable NoClone] File not found
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jizzy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: VerknŁpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : VerknŁpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AusfŁllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfŁllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Jizzy\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Jizzy\Desktop\PartyPoker.lnk File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{472F1FA1-610C-4CD5-BD3E-26C81AB06317}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8780524A-B9FC-4521-A4F0-0188AFA0EE7D}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98EC665D-84BC-4C6F-9DF9-DA2CAAC92C0E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.20 22:10:53 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.09 07:21:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jizzy\Desktop\OTL.exe
[2012.03.06 16:33:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.03.06 16:32:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.06 16:32:03 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Local\temp
[2012.03.06 16:29:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.03.06 15:21:39 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Jizzy\Desktop\aswMBR.exe
[2012.03.06 15:14:25 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jizzy\Desktop\tdsskiller.exe
[2012.03.05 19:59:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.05 19:59:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.05 19:59:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.05 19:59:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.05 19:59:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.05 19:58:53 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Jizzy\Desktop\ComboFix.exe
[2012.03.05 18:10:36 | 000,000,000 | ---D | C] -- C:\FRST
[2012.03.04 17:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.04 17:59:24 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.04 10:34:56 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Roaming\Malwarebytes
[2012.03.04 10:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.04 10:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.04 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ
[2012.03.04 00:12:56 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012.03.03 23:44:00 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Roaming\postgresql
[2012.03.02 21:07:27 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.03.02 21:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.03.02 07:51:30 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
[2012.03.02 07:33:15 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Roaming\JAM Software
[2012.03.02 07:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2012.03.02 07:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2012.02.22 22:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012.02.22 22:13:21 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Roaming\ICQ
[2012.02.22 22:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[2012.02.20 21:41:57 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Local\PackageAware
[2012.02.20 16:39:32 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Roaming\mIRC
[2012.02.20 16:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2012.02.15 18:14:52 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.15 18:14:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 18:14:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 18:14:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 18:14:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 18:14:51 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 18:14:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.15 18:14:51 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.15 18:14:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.15 18:14:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 18:14:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 18:13:35 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.15 18:13:35 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 18:13:35 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 18:13:35 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.12 21:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[2012.02.12 21:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashFXP 4
[2012.02.12 16:53:35 | 000,000,000 | ---D | C] -- C:\Users\Jizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2012.02.12 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2012.02.12 16:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr

========== Files - Modified Within 30 Days ==========

[2012.03.09 07:25:24 | 000,027,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 07:25:24 | 000,027,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.09 07:24:37 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.09 07:24:37 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.09 07:24:37 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.09 07:24:37 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.09 07:24:37 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.09 07:21:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzy\Desktop\OTL.exe
[2012.03.09 07:18:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.09 07:18:05 | 000,058,696 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.03.07 22:54:37 | 000,022,787 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2012.03.07 22:06:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA.job
[2012.03.07 17:06:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core.job
[2012.03.06 16:33:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.06 15:14:45 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Jizzy\Desktop\aswMBR.exe
[2012.03.06 15:14:13 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jizzy\Desktop\tdsskiller.exe
[2012.03.04 22:35:48 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Jizzy\Desktop\ComboFix.exe
[2012.03.04 17:59:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.04 11:06:48 | 000,000,000 | ---- | M] () -- C:\Users\Jizzy\defogger_reenable
[2012.02.28 23:29:43 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.26 09:47:44 | 000,000,993 | ---- | M] () -- C:\Users\Jizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.19 15:07:34 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.02.19 00:41:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.16 16:55:41 | 000,000,521 | ---- | M] () -- C:\Users\Jizzy\Desktop\Netzwerk.lnk
[2012.02.16 15:12:40 | 000,344,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 18:16:31 | 000,000,885 | ---- | M] () -- C:\Users\Jizzy\Desktop\mIRC.lnk
[2012.02.12 21:45:18 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2012.02.12 20:34:19 | 000,000,600 | ---- | M] () -- C:\Users\Jizzy\AppData\Local\PUTTY.RND
[2012.02.11 18:04:23 | 000,000,971 | ---- | M] () -- C:\Users\Jizzy\Desktop\FirefoxPortable.lnk

========== Files Created - No Company Name ==========

[2012.03.05 19:59:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.05 19:59:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.05 19:59:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.05 19:59:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.05 19:59:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.04 17:59:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.04 11:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Jizzy\defogger_reenable
[2012.02.16 16:55:41 | 000,000,521 | ---- | C] () -- C:\Users\Jizzy\Desktop\Netzwerk.lnk
[2012.02.15 18:16:31 | 000,000,885 | ---- | C] () -- C:\Users\Jizzy\Desktop\mIRC.lnk
[2012.02.12 21:45:18 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP.lnk
[2012.02.12 21:45:18 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2012.02.12 20:34:13 | 000,000,600 | ---- | C] () -- C:\Users\Jizzy\AppData\Local\PUTTY.RND
[2012.02.11 18:04:23 | 000,000,971 | ---- | C] () -- C:\Users\Jizzy\Desktop\FirefoxPortable.lnk
[2012.02.07 11:49:28 | 000,005,042 | ---- | C] () -- C:\ProgramData\oinwddee.jeg
[2012.02.03 20:03:42 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2012.02.03 17:26:30 | 000,000,017 | ---- | C] () -- C:\Users\Jizzy\AppData\Local\resmon.resmoncfg
[2011.12.26 22:56:08 | 000,000,126 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011.12.04 20:13:58 | 000,022,787 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011.12.04 10:39:05 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.12 13:46:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.10.22 18:13:21 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.16 12:34:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.09.17 05:37:55 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.09.08 21:04:43 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011.07.25 16:11:27 | 000,000,808 | ---- | C] () -- C:\Windows\wiso.ini
[2011.06.18 13:05:34 | 000,120,000 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.01 19:52:31 | 000,003,584 | ---- | C] () -- C:\Users\Jizzy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.24 06:59:00 | 001,032,112 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2011.05.22 10:59:49 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011.05.22 10:55:31 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.05.22 10:55:28 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.05.22 08:45:45 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.05.22 08:00:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.22 07:22:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.22 07:22:00 | 000,027,693 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.08.16 09:09:59 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2010.08.03 06:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

< End of report >

#12 Jizzy

Jizzy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 11 March 2012 - 03:31 AM

BUMP

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 PM

Posted 11 March 2012 - 08:50 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKU\.DEFAULT..\Run: [Reasonable NoClone] File not found
    O4 - HKU\S-1-5-18..\Run: [Reasonable NoClone] File not found
    O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-1796272902-1527921214-4022389393-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Jizzy\Desktop\PartyPoker.lnk File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Jizzy\Desktop\PartyPoker.lnk File not found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Jizzy

Jizzy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 11 March 2012 - 09:39 AM

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Reasonable NoClone deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Reasonable NoClone not found.
Registry value HKEY_USERS\S-1-5-21-1796272902-1527921214-4022389393-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1796272902-1527921214-4022389393-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-AuflĒsungscache konnte nicht geleert werden: Beim AusfĀhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Jizzy\Desktop\cmd.bat deleted successfully.
C:\Users\Jizzy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jizzy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1140518 bytes
->Java cache emptied: 12022976 bytes
->FireFox cache emptied: 132595389 bytes
->Google Chrome cache emptied: 19670512 bytes
->Opera cache emptied: 4705030 bytes
->Flash cache emptied: 58546 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2084990 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68033 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 165,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jizzy
->Java cache emptied: 0 bytes

User: postgres

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jizzy
->Flash cache emptied: 0 bytes

User: postgres
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.36.2 log created on 03112012_152936

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Computer is doing fine... nothing unusual!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:13 PM

Posted 11 March 2012 - 11:42 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users