Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

External disc folders dispay as shortcuts

This is a discussion on External disc folders dispay as shortcuts within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I think something must be wrong with my external disc folders and folders on my external HDD. They show up


Closed Thread
 
Thread Tools Search this Thread
Old 08-29-2011, 07:01 PM   #1
Registered Member
 
Join Date: Aug 2011
Posts: 2
OS: Win XP Pro 32



I think something must be wrong with my external disc folders and folders on my external HDD. They show up as shortcuts. When I open them a new window is opened and I can access the content. However that seems very strange.

Also, I noticed that the update of my Antivir Software does not work anymore and I cannot access some Antivirus webpages.

I am actually quiet desperate as I have a hell lots of work and I usually work with my external HDD which also seems infected.

Unfortunately, unless mentioned in the sticky I already followed some advices that I found online. Therefore I will provide the code of the software I used for the first scannings. Hope that's ok.



OTL LOG:
Code:
OTL logfile created on: 8/29/2011 1:34:00 PM - Run 4
OTL by OldTimer - Version 3.2.26.6     Folder = E:\Documents and Settings\Claus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 66.43% Memory free
3.71 Gb Paging File | 3.16 Gb Available in Paging File | 85.04% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 1.17 Gb Total Space | 0.53 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.42 Gb Free Space | 34.99% Space Free | Partition Type: NTFS
Drive E: | 68.76 Gb Total Space | 40.07 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
Drive F: | 153.18 Gb Total Space | 147.58 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 0.43 Gb Free Space | 22.90% Space Free | Partition Type: FAT
 
Computer Name: CLAUS-THINK | User Name: Claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/08/29 12:45:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Claus\Desktop\OTL.exe
PRC - [2011/06/29 03:07:57 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 03:15:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/29 01:59:52 | 000,136,360 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/24 01:38:00 | 000,292,200 | ---- | M] (Lenovo.) -- E:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2011/03/24 01:38:00 | 000,053,608 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/03/08 13:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/08 13:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/17 19:24:36 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/01/07 04:57:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010/12/14 15:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/10/29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 14:18:46 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- E:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- E:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/17 17:51:38 | 000,184,320 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/09/17 17:51:06 | 000,176,128 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/09/17 17:46:16 | 000,237,568 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/09/17 17:46:06 | 000,098,304 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/05/03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/18 18:48:34 | 002,412,032 | ---- | M] (Vodafone) -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009/09/18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/09/06 02:29:06 | 000,385,024 | ---- | M] (shbox.de) -- E:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009/07/23 03:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/06/12 19:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/10/30 15:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- E:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2007/09/27 02:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2005/10/28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/08/26 16:29:20 | 000,998,400 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/08/26 16:29:18 | 000,212,992 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/26 16:29:05 | 000,771,584 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
MOD - [2011/08/26 16:29:03 | 000,627,200 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
MOD - [2011/08/26 16:29:00 | 000,679,936 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
MOD - [2011/08/26 16:28:57 | 000,971,264 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/26 16:03:12 | 005,450,752 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/26 16:03:03 | 012,430,848 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/26 16:02:41 | 001,587,200 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/26 16:00:12 | 006,616,576 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
MOD - [2011/08/26 15:59:58 | 000,539,648 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
MOD - [2011/08/26 15:59:57 | 000,224,768 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
MOD - [2011/08/26 15:59:07 | 012,215,808 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
MOD - [2011/08/26 15:58:55 | 003,325,440 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/08/26 15:58:44 | 007,950,848 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/26 15:57:54 | 002,933,248 | ---- | M] () -- E:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/26 15:57:40 | 000,261,632 | ---- | M] () -- E:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/19 03:16:37 | 000,060,928 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
MOD - [2011/06/19 03:10:25 | 011,490,816 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/24 01:38:00 | 000,054,272 | ---- | M] () -- E:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2011/03/24 01:38:00 | 000,041,984 | ---- | M] () -- E:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2011/02/17 19:24:04 | 000,066,856 | ---- | M] () -- E:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/09/22 14:18:56 | 002,860,384 | ---- | M] () -- E:\WINDOWS\system32\btwicons.dll
MOD - [2010/09/22 14:18:56 | 000,075,112 | ---- | M] () -- E:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2010/09/17 18:37:58 | 000,043,520 | ---- | M] () -- E:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
MOD - [2010/09/17 18:37:50 | 000,249,856 | ---- | M] () -- E:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2010/09/17 18:37:28 | 000,077,824 | ---- | M] () -- E:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
MOD - [2010/08/16 00:08:44 | 000,094,208 | ---- | M] () -- E:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/06/24 08:46:42 | 005,279,744 | ---- | M] () -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- E:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/04/14 13:00:00 | 000,355,112 | ---- | M] () -- E:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/14 13:00:00 | 000,014,336 | ---- | M] () -- E:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/12 11:11:54 | 001,163,264 | ---- | M] () -- E:\Program Files\ThinkPad Wireless LAN Adapter Software\acAuth.dll
MOD - [2005/01/07 03:33:30 | 000,116,224 | ---- | M] () -- E:\WINDOWS\system32\redmonnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (WPFFontCache_v0400)
SRV - [2011/06/29 03:07:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 01:59:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/24 01:38:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Running] -- E:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/03/24 01:38:00 | 000,061,440 | ---- | M] () [Auto | Stopped] -- E:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute)
SRV - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- E:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/17 17:46:16 | 000,237,568 | ---- | M] (Lenovo ) [Auto | Running] -- E:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 17:46:06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- E:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/05/03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/06/12 19:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/04/14 13:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\tape.sys -- (Algsvp)
SRV - [2007/09/27 02:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/29 03:07:58 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 03:07:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/24 01:38:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2011/03/24 01:38:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2011/01/13 11:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2011/01/07 04:57:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/12/17 16:51:10 | 000,217,088 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/12/17 16:51:08 | 000,993,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/12/17 16:51:06 | 000,738,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/10/29 09:19:32 | 000,876,392 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\rtl8192se.sys -- (RTL8192se)
DRV - [2010/10/20 02:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/10/15 00:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/09/23 09:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/16 19:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 09:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2010/06/19 23:31:28 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/06/19 21:53:43 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/06/16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010/06/16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/02/27 17:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 13:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 21:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/18 13:06:56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/06/30 18:46:24 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/02/12 23:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/06/08 09:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/02/19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62202
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.nytimes.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.5
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: E:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: e:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: e:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: e:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: E:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: E:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/28 03:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6}: E:\Documents and Settings\Claus\Local Settings\Application Data\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6} [2011/08/28 23:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/08/27 22:51:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/06/28 03:19:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2011/06/28 03:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
 
[2010/06/19 05:16:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Extensions
[2010/06/19 05:16:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/26 16:08:20 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Firefox\Profiles\ax2bi79i.default\extensions
[2011/08/26 16:08:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Firefox\Profiles\ax2bi79i.default\extensions\[email protected]
[2011/08/29 08:17:14 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/08/29 08:17:15 | 000,000,000 | ---D | M] (Click to call with Skype) -- E:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- E:\DOCUMENTS AND SETTINGS\CLAUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AX2BI79I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/28 23:08:01 | 000,000,000 | ---D | M] (XULRunner) -- E:\DOCUMENTS AND SETTINGS\CLAUS\LOCAL SETTINGS\APPLICATION DATA\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6}
[2011/08/27 22:51:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - E:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - E:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - E:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACWLIcon] E:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] E:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IMSS] E:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] E:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] E:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MobileConnect] E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRMGRTR] E:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RotateImage] E:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] E:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TkBellExe] E:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] E:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Eqgcgg] E:\Documents and Settings\Claus\Application Data\Eqgcgg.exe File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = E:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: E:\Documents and Settings\Claus\Start Menu\Programs\Startup\Dropbox.lnk = E:\Documents and Settings\Claus\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - E:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - E:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/19 04:06:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26923b43-4d38-484f-9b9e-de460746276c} - E:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C07CFD67-3425-4854-3339-13A189BA2A37} - NetShow
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/29 12:45:06 | 000,580,096 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Claus\Desktop\OTL.exe
[2011/08/29 09:35:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Claus\Application Data\Malwarebytes
[2011/08/29 09:35:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/29 09:35:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 09:35:33 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/29 09:35:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2011/08/29 09:35:30 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 09:32:34 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- E:\Documents and Settings\Claus\Desktop\mbam-setup1511.exe
[2011/08/29 09:08:19 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Claus\Recent
[2011/08/29 08:17:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/28 23:08:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Claus\Local Settings\Application Data\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6}
[2010/06/19 05:42:56 | 000,004,096 | ---- | C] ( ) -- E:\WINDOWS\System32\IGFXDEVLib.dll
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/29 13:35:09 | 000,436,276 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2011/08/29 13:35:09 | 000,069,006 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2011/08/29 13:30:48 | 000,000,300 | ---- | M] () -- E:\WINDOWS\tasks\PMTask.job
[2011/08/29 13:30:24 | 000,000,278 | ---- | M] () -- E:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-2139871995-1801674531-1003.job
[2011/08/29 13:30:22 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2011/08/29 13:30:18 | 2000,334,848 | -HS- | M] () -- E:\hiberfil.sys
[2011/08/29 12:51:59 | 000,302,592 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\gkd8q4ho.exe
[2011/08/29 12:45:25 | 000,000,020 | ---- | M] () -- E:\Documents and Settings\Claus\defogger_reenable
[2011/08/29 12:45:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Claus\Desktop\OTL.exe
[2011/08/29 12:44:05 | 000,050,477 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\Defogger.exe
[2011/08/29 12:26:33 | 052,687,357 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\vdf_fusebundle.zip
[2011/08/29 09:37:31 | 067,980,144 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\avira_antivir_personal_de.exe
[2011/08/29 09:35:35 | 000,000,787 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 09:35:18 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- E:\Documents and Settings\Claus\Desktop\mbam-setup1511.exe
[2011/08/29 08:16:09 | 000,002,283 | ---- | M] () -- E:\Documents and Settings\Claus\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/08/28 21:12:02 | 000,000,466 | ---- | M] () -- E:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/08/28 20:51:59 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2011/08/27 16:01:32 | 000,147,858 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\Boarding Pass.pdf
[2011/08/26 15:54:07 | 000,000,206 | ---- | M] () -- E:\WINDOWS\System32\MRT.INI
[2011/08/26 05:55:17 | 000,007,674 | ---- | M] () -- E:\Documents and Settings\Claus\Application Data\FA9A.D2E
[2011/08/26 03:47:02 | 000,000,528 | ---- | M] () -- E:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/02 03:18:00 | 000,000,286 | ---- | M] () -- E:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-2139871995-1801674531-1003.job
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/29 12:51:57 | 000,302,592 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\gkd8q4ho.exe
[2011/08/29 12:44:44 | 000,000,020 | ---- | C] () -- E:\Documents and Settings\Claus\defogger_reenable
[2011/08/29 12:44:03 | 000,050,477 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\Defogger.exe
[2011/08/29 11:55:42 | 052,687,357 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\vdf_fusebundle.zip
[2011/08/29 09:35:35 | 000,000,787 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 09:26:59 | 067,980,144 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\avira_antivir_personal_de.exe
[2011/08/27 16:01:32 | 000,147,858 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\Boarding Pass.pdf
[2011/08/26 15:54:06 | 000,000,206 | ---- | C] () -- E:\WINDOWS\System32\MRT.INI
[2011/08/02 08:16:50 | 001,073,640 | ---- | C] () -- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/01 20:16:05 | 000,007,674 | ---- | C] () -- E:\Documents and Settings\Claus\Application Data\FA9A.D2E
[2011/04/20 01:16:24 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat
[2010/10/05 01:07:12 | 000,000,108 | ---- | C] () -- E:\WINDOWS\BREAK2.INI
[2010/10/03 13:44:02 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2010/09/22 14:18:56 | 002,860,384 | ---- | C] () -- E:\WINDOWS\System32\btwicons.dll
[2010/08/24 13:39:10 | 000,015,873 | ---- | C] () -- E:\WINDOWS\System32\Inetde.dll
[2010/08/03 23:45:37 | 000,000,256 | ---- | C] () -- E:\WINDOWS\System32\pool.bin
[2010/07/05 01:08:48 | 000,030,720 | ---- | C] () -- E:\Documents and Settings\Claus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 03:53:33 | 000,116,224 | ---- | C] () -- E:\WINDOWS\System32\redmonnt.dll
[2010/06/30 03:53:33 | 000,045,056 | ---- | C] () -- E:\WINDOWS\System32\unredmon.exe
[2010/06/28 00:01:59 | 000,000,332 | ---- | C] () -- E:\WINDOWS\System32\CNCMFP23.INI
[2010/06/21 06:00:37 | 000,165,376 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2010/06/20 06:17:15 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2010/06/20 00:40:43 | 001,474,832 | ---- | C] () -- E:\WINDOWS\System32\drivers\sfi.dat
[2010/06/19 08:19:46 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat
[2010/06/19 07:20:07 | 000,004,224 | ---- | C] () -- E:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/06/19 07:13:15 | 000,196,608 | ---- | C] () -- E:\WINDOWS\PWMBTHLP.EXE
[2010/06/19 06:27:11 | 000,000,661 | ---- | C] () -- E:\WINDOWS\System32\VoipUpdate.ini
[2010/06/19 05:42:56 | 000,867,020 | ---- | C] () -- E:\WINDOWS\System32\igkrng575.bin
[2010/06/19 05:42:56 | 000,128,204 | ---- | C] () -- E:\WINDOWS\System32\igcompkrng575.bin
[2010/06/19 05:42:55 | 000,000,151 | ---- | C] () -- E:\WINDOWS\System32\GfxUI.exe.config
[2010/06/19 04:42:34 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
[2010/06/19 04:37:16 | 000,339,968 | ---- | C] () -- E:\WINDOWS\System32\AegisI5Installer.exe
[2010/06/19 04:37:06 | 000,451,072 | ---- | C] () -- E:\WINDOWS\System32\ISSRemoveSP.exe
[2010/06/19 04:09:03 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2010/06/19 04:02:38 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2010/06/18 20:48:23 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2010/06/18 20:46:54 | 000,223,224 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/15 19:17:10 | 000,130,520 | R--- | C] () -- E:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2009/08/04 00:07:42 | 000,403,816 | ---- | C] () -- E:\WINDOWS\System32\OGACheckControl.dll
[2009/08/04 00:07:42 | 000,230,768 | ---- | C] () -- E:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,436,276 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,069,006 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,463 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- E:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010/06/19 20:43:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Conexant
[2010/06/19 21:53:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/19 21:46:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/06/30 03:53:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\FreePDF
[2011/04/26 23:37:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Lenovo
[2011/07/06 03:33:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PCDr
[2010/08/23 14:52:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/12/09 13:29:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ScreenVCR
[2011/01/27 11:43:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Titanium
[2010/06/19 23:31:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010/09/11 16:07:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Vodafone
[2011/06/23 03:25:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\.purple
[2010/07/04 16:04:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Avaya
[2010/08/04 00:06:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Blackberry Desktop
[2010/11/28 21:18:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\BOM
[2010/06/19 23:25:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\DAEMON Tools Lite
[2010/06/19 21:46:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\DAEMON Tools Pro
[2011/08/29 12:49:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Dropbox
[2010/12/09 13:17:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\DVDVideoSoft
[2010/06/19 08:18:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\enchant
[2011/05/03 06:16:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\FileZilla
[2011/08/02 03:25:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\foobar2000
[2011/01/25 00:29:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\gtk-2.0
[2011/04/26 23:49:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Lenovo
[2011/07/06 03:34:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\PCDr
[2011/04/26 23:56:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\PwrMgr
[2010/08/24 08:59:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Research In Motion
[2010/06/19 05:16:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Thunderbird
[2011/01/27 11:43:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Titanium
[2010/12/09 12:48:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Toolbar4
[2010/06/19 23:31:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\TrueCrypt
[2011/07/06 03:28:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Update
[2010/09/11 09:57:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Vodafone
[2010/08/05 19:53:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Windows Search
[2011/08/26 03:47:02 | 000,000,528 | ---- | M] () -- E:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/29 13:30:48 | 000,000,300 | ---- | M] () -- E:\WINDOWS\Tasks\PMTask.job
[2011/08/28 21:12:02 | 000,000,466 | ---- | M] () -- E:\WINDOWS\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/06/28 00:00:25 | 000,000,000 | -H-D | M] -- E:\CanonMF
[2010/08/03 09:37:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings
[2010/06/19 07:17:19 | 000,000,000 | ---D | M] -- E:\DRIVERS
[2011/04/26 23:35:24 | 000,000,000 | ---D | M] -- E:\Icons
[2010/06/19 05:33:08 | 000,000,000 | ---D | M] -- E:\Intel
[2010/08/29 17:57:38 | 000,000,000 | ---D | M] -- E:\logs
[2010/08/04 22:18:49 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2011/08/29 09:35:30 | 000,000,000 | R--D | M] -- E:\Program Files
[2010/06/19 04:31:50 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2010/06/19 04:12:52 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2011/08/29 13:30:42 | 000,000,000 | ---D | M] -- E:\WINDOWS
[2010/06/19 04:27:15 | 000,000,000 | ---D | M] -- E:\WLANRLTK
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\explorer.exe
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008/04/14 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- E:\WINDOWS\regedit.exe
[2008/04/14 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- E:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-26 13:58:32

< End of report >



MALEWARBYTES LOGS:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7603

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/29/2011 11:40:28 AM
mbam-log-2011-08-29 (11-40-28).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|M:\|)
Objects scanned: 245235
Time elapsed: 1 hour(s), 1 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
e:\WINDOWS\ashod1.dll (Trojan.Hiloti) -> Delete on reboot.
e:\WINDOWS\owokuqisalut.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wpubomatu (Trojan.Hiloti) -> Value: Wpubomatu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lgetixoretubedi (IPH.Trojan.Hiloti.B) -> Value: Lgetixoretubedi -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\WINDOWS\ashod1.dll (Trojan.Hiloti) -> Delete on reboot.
e:\WINDOWS\owokuqisalut.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot.
e:\documents and settings\Claus\application data\Adobe\plugs\mmc100857281.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP331\A0069146.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP331\A0069147.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP346\A0070660.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP346\A0070661.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP347\A0071001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP347\A0071002.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\documents and settings\Claus\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
e:\documents and settings\Claus\application data\Adobe\plugs\mmc120.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
e:\documents and settings\Claus\application data\Adobe\plugs\mmc33.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7603

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/29/2011 11:56:14 AM
mbam-log-2011-08-29 (11-56-14).txt

Scan type: Quick scan
Objects scanned: 170831
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7603

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/29/2011 4:16:30 PM
mbam-log-2011-08-29 (16-16-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|)
Objects scanned: 245172
Time elapsed: 43 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Any help would be greatly appreciated.

Best regards,
Hanns
armbroke is offline  
Sponsored Links
Advertisement
 
Old 08-30-2011, 08:58 AM   #2
Registered Member
 
Join Date: Aug 2011
Posts: 2
OS: Win XP Pro 32



Hi again,

in addition I created the logs requested in the Sticky.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Claus at 15:07:04 on 2011-08-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1908.1073 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
E:\WINDOWS\system32\ibmpmsvc.exe
E:\WINDOWS\system32\svchost.exe -k DcomLaunch
E:\WINDOWS\system32\svchost.exe -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
E:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
E:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
E:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
E:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
E:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
E:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
E:\Program Files\Lenovo\Zoom\TpScrex.exe
E:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
E:\Program Files\Lenovo\System Update\SUService.exe
E:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
E:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
E:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\TpShocks.exe
E:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\WINDOWS\system32\igfxext.exe
E:\WINDOWS\system32\igfxsrvc.exe
E:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
E:\Program Files\FreePDF_XP\fpassist.exe
E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
E:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
E:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
E:\Program Files\ThinkVantage\AMSG\Amsg.exe
E:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
E:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
E:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
E:\Program Files\Digital Line Detect\DLG.exe
E:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - e:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - e:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - e:\program files\hypercam toolbar\tbcore3.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Eqgcgg] e:\documents and settings\claus\application data\Eqgcgg.exe
mRun: [SmartAudio] e:\program files\conexant\saii\SAIICpl.exe /t
mRun: [TpShocks] TpShocks.exe
mRun: [TVT Scheduler Proxy] e:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IMSS] "e:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [PWRMGRTR] rundll32 e:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [ACWLIcon] e:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [VirtualCloneDrive] "e:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [FreePDF Assistant] e:\program files\freepdf_xp\fpassist.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "e:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [RIMBBLaunchAgent.exe] e:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LenovoAutoScrollUtility] e:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [TPFNF7] e:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [RotateImage] e:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [AMSG] e:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [LPManager] e:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] e:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [IgfxTray] e:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] e:\windows\system32\hkcmd.exe
mRun: [Persistence] e:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
dRunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: e:\docume~1\claus\startm~1\programs\startup\dropbox.lnk - e:\documents and settings\claus\application data\dropbox\bin\Dropbox.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - e:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - e:\program files\digital line detect\DLG.exe
mPolicies-explorer: NoAutorun = 1 (0x1)
IE: add to &BOM - e:\\progra~1\\biet-o~1\\\\AddToBOM.hta
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - e:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - e:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - e:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - e:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: Interfaces\{5DD5614A-1F47-4EF1-81C0-C068E9B0C2C4} : NameServer = 193.189.244.225 193.189.244.206
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - e:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - e:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\claus\application data\mozilla\firefox\profiles\ax2bi79i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: e:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: e:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: e:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: e:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: e:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: e:\program files\microsoft\office live\npOLW.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npyaxmpb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;e:\windows\system32\drivers\DOZEHDD.SYS [2010-6-19 25968]
R0 stmtpm;STM TPM Service;e:\windows\system32\drivers\stm_tpm.sys [2011-4-26 21504]
R0 TPDIGIMN;TPDIGIMN;e:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2011-4-24 11608]
R1 lenovo.smi;Lenovo System Interface Driver;e:\windows\system32\drivers\smiif32.sys [2010-6-19 13680]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;e:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2011-4-24 136360]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2011-4-24 269480]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2011-4-24 66616]
R2 DozeSvc;Lenovo Doze Mode Service;e:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-19 292200]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;e:\program files\lenovo\communications utility\CamMute.exe [2010-6-19 41320]
R2 Lenovo.micmute;Lenovo Microphone Mute;e:\program files\lenovo\hotkey\micmute.exe [2010-6-19 45496]
R2 rimspci;rimspci;e:\windows\system32\drivers\rimspe86.sys [2010-6-19 45056]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;e:\program files\lenovo\hotkey\tphkload.exe [2011-4-26 99328]
R2 TPHKSVC;On Screen Display;e:\program files\lenovo\hotkey\TPHKSVC.exe [2010-6-19 64440]
R2 UNS;Intel(R) Management & Security Application User Notification Service;e:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-6-19 2533400]
R2 VMCService;Vodafone Mobile Connect Service;e:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R3 5U877;USB Video Device;e:\windows\system32\drivers\5U877.sys [2011-4-26 132608]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;e:\windows\system32\drivers\e1k5132.sys [2010-6-19 167592]
R3 Impcd;Impcd;e:\windows\system32\drivers\Impcd.sys [2010-6-19 132480]
R3 IntcDAud;Intel(R) Display Audio;e:\windows\system32\drivers\IntcDAud.sys [2010-6-19 260864]
R3 osppsvc;Office Software Protection Platform;e:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 ZTEusbnet;ZTE USB-NDIS miniport;e:\windows\system32\drivers\ZTEusbnet.sys [2010-9-11 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;e:\windows\system32\drivers\zteusbvoice.sys [2010-9-11 105088]
S2 Power Manager DBC Service;Power Manager DBC Service;e:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-6-19 61440]
S3 Algsvp;Algsvp;e:\windows\system32\drivers\tape.sys [2008-4-14 14976]
S3 massfilter;ZTE Mass Storage Filter Driver;e:\windows\system32\drivers\massfilter.sys [2010-9-11 9728]
S3 RTL8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;e:\windows\system32\drivers\rtl8192se.sys [2010-6-19 876392]
.
=============== Created Last 30 ================
.
2011-08-30 11:19:02 -------- d-----w- e:\documents and settings\claus\application data\SUPERAntiSpyware.com
2011-08-30 11:18:43 -------- d-----w- e:\program files\SUPERAntiSpyware
2011-08-30 11:18:43 -------- d-----w- e:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-30 02:14:54 200976 ----a-w- e:\windows\system32\drivers\tmcomm.sys
2011-08-29 23:59:56 98816 ----a-w- e:\windows\sed.exe
2011-08-29 23:59:56 518144 ----a-w- e:\windows\SWREG.exe
2011-08-29 23:59:56 256000 ----a-w- e:\windows\PEV.exe
2011-08-29 23:59:56 208896 ----a-w- e:\windows\MBR.exe
2011-08-29 20:21:00 306688 ----a-w- e:\windows\IsUninst.exe
2011-08-29 18:36:29 -------- d-----w- e:\program files\ESET
2011-08-29 07:35:39 -------- d-----w- e:\documents and settings\claus\application data\Malwarebytes
2011-08-29 07:35:34 41272 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-08-29 07:35:33 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2011-08-29 07:35:30 22712 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-08-29 07:35:30 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-08-16 05:20:32 4892320 ----a-w- e:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- e:\windows\system32\drivers\ndistapi.sys
2011-06-29 01:07:58 66616 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2011-06-28 01:11:16 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 14:10:36 139656 ----a-w- e:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:33:49 919552 ----a-w- e:\windows\system32\wininet.dll
2011-06-23 18:33:49 43520 ----a-w- e:\windows\system32\licmgr10.dll
2011-06-23 18:33:49 1469440 ----a-w- e:\windows\system32\inetcpl.cpl
2011-06-23 12:19:29 385024 ----a-w- e:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- e:\windows\system32\winsrv.dll
2011-06-02 14:07:35 1867904 ----a-w- e:\windows\system32\win32k.sys
.
============= FINISH: 15:07:53.28 ===============


And the attach.txt as well as the ARK.txt (from GMER) attached.

Thank you so much
Hanns
Attached Files
File Type: zip Attach.zip (17.6 KB, 28 views)
armbroke is offline  
Old 08-31-2011, 08:25 PM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello Hans and welcome,

You also ran ComboFix and that log would be the most important for me to see. You'll find it at C:\ComboFix.txt. Please post the contents of that log.

Also, please do not wrap the log in code tags. It makes it difficult to review the log. Thanks.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
all my main folders turned into shortcuts on external hd
i`ve had 2 external hard drives infected with something called kasevx.exe and another autorun virus. my laptop and pc have caught the virus with vipre and norton but now my hard drives only have shortcut folders with 0 bytes and there was over 1.5 gigs on each hd. so now i cant open my folders on...
wiserca2011 Virus/Trojan/Spyware Help 3 06-08-2011 11:44 PM
[SOLVED] All folders turned into shortcuts!!
Hi I think I had a virus on my XP PC because I put my Sandisk USB 4GB Flash Drive into it and it put loads of viruses into it and made all of my folders into shortcuts, which I cannot access!! I am now using it on a windows 7 laptop, and I did a malware scan and got rid of all the viruses, but I...
vamos124 Removable Media Drives 4 05-29-2011 08:26 AM
[SOLVED] Installed Win 7 - Case become loud
Hi all. I know that im profoundly deaf but im really not happy with my PC as i installed Win 7 and the noise started to raise since extracting windows installion and thought it will be gone as when Win7 loads but since win7 start. the case begin to get loud and loud. I can feel the heavy...
CrazyComputerMan Windows 7 , Windows Vista Support 9 02-24-2011 01:52 PM
Burning error in audio blank using Nero 6
I have a burning error in audio blank using Nero 6. Below is my log, What is the problem ? Windows XP 5.1 IA32 WinAspi: - ahead WinASPI: File 'C:\Program Files\Ahead\Nero\Wnaspi32.dll': Ver=2.0.1.74, size=164112 bytes, created 10/26/2004 5:35:34 PM
zhong Windows XP Support 12 01-13-2011 11:22 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:17 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts