Check up

Ben_mybb_import12786 · May 15, 2011

OTL logfile created on: 5/15/2011 6:28:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Beni\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.87 Gb Total Space | 183.12 Gb Free Space | 62.52% Space Free | Partition Type: NTFS
Drive

| 5.22 Gb Total Space | 0.87 Gb Free Space | 16.61% Space Free | Partition Type: NTFS

Computer Name: BENI_PC | User Name: Beni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 18:28:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Beni\Downloads\OTL.exe
PRC - [2011/04/28 08:41:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/18 13:07:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/02 13:05:10 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/07/17 18:39:18 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/07/17 18:38:39 | 000,219,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/03/18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

========== Modules (SafeList) ==========

MOD - [2011/05/15 18:28:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Beni\Downloads\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/28 08:41:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/27 13:03:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/18 13:07:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/10 22:02:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/17 18:39:18 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/07/17 18:38:39 | 000,219,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/03/18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/01/09 14:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Anon Proxy Server\bin\Apache.exe -- (anon_proxy_config)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/02 13:05:10 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/03/02 14:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 1E F8 A4 D7 00 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/05/01 13:04:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/05/01 13:04:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/05 15:30:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/05 15:30:47 | 000,000,000 | ---D | M]

[2010/11/09 11:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beni\AppData\Roaming\mozilla\Extensions
[2010/03/26 18:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beni\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/05 10:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beni\AppData\Roaming\mozilla\Firefox\Profiles\yhq27bo3.default\extensions
[2011/04/02 12:26:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Beni\AppData\Roaming\mozilla\Firefox\Profiles\yhq27bo3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/25 10:27:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Beni\AppData\Roaming\mozilla\Firefox\Profiles\yhq27bo3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/05 15:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/12/10 16:29:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/13 10:16:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/21 12:48:25 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\[email protected]
File not found (No name found) --
[2011/04/14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/05/29 18:57:18 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRun0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (RuneScape Toolbar) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files (x86)\RuneScape\prxtbRun0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Beni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Beni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Beni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Beni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.71
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: anon_proxy_server - hkey= - key= - C:\Program Files (x86)\Anon Proxy Server\htdocs\anon_proxy_server\pserver.exe ()
MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Users\Beni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
MsConfig:64bit - StartUpReg: PinnacleDriverCheck - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BE06E1D5-50B9-6013-8D74-F9BFD2B511D5} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E0E149E1-82D3-4E9F-89C0-13DADEBAAF17} - Internet Explorer
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 17:46:16 | 000,000,000 | ---D | C] -- C:\Users\Beni\Desktop\Portal
[2011/05/01 13:06:23 | 000,000,000 | ---D | C] -- C:\Users\Beni\AppData\Local\DDMSettings
[2011/05/01 13:04:18 | 000,000,000 | ---D | C] -- C:\Users\Beni\AppData\Roaming\DivX
[2011/05/01 13:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/01 13:03:52 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2011/05/01 13:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/05/01 13:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/05/01 13:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/04/29 17:39:54 | 000,000,000 | ---D | C] -- C:\Users\Beni\Documents\gegl-0.0
[2011/04/29 17:36:38 | 000,000,000 | ---D | C] -- C:\Users\Beni\Desktop\fotos
[2011/04/29 10:02:09 | 000,000,000 | ---D | C] -- C:\Users\Beni\AppData\Roaming\gtk-2.0
[2011/04/29 10:02:07 | 000,000,000 | ---D | C] -- C:\Users\Beni\.thumbnails
[2011/04/29 09:54:32 | 000,000,000 | ---D | C] -- C:\Users\Beni\.gimp-2.6
[2011/04/29 09:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/04/29 09:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/04/27 12:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/27 12:43:55 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011/04/27 12:43:54 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011/04/27 12:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/04/27 12:40:35 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011/04/27 12:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/21 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Beni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011/04/21 12:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011/04/21 12:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore
[2011/04/21 12:50:00 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011/04/21 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011/04/21 12:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2011/04/17 11:08:20 | 000,000,000 | ---D | C] -- C:\Users\Beni\AppData\Roaming\DriveHQHOOK
[2011/04/17 11:05:51 | 000,000,000 | ---D | C] -- C:\Users\Beni\Documents\DriveHQ SyncFolder
[2011/04/17 11:05:28 | 000,000,000 | ---D | C] -- C:\Users\Beni\AppData\Roaming\DriveHQ
[2011/04/17 11:04:56 | 000,000,000 | ---D | C] -- C:\Programme\DriveHQ

========== Files - Modified Within 30 Days ==========

[2011/05/15 18:23:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/05/15 18:19:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 17:41:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/15 17:39:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2268972349-1361780430-1330645407-1001UA.job
[2011/05/15 16:56:36 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 16:56:36 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 16:51:51 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/15 16:51:22 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\Nprnlz.job
[2011/05/15 16:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/15 16:51:10 | 1609,449,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 14:59:35 | 000,002,399 | ---- | M] () -- C:\Users\Beni\Desktop\Google Chrome.lnk
[2011/05/11 17:50:54 | 000,000,046 | ---- | M] () -- C:\Users\Beni\jagex_runescape_preferences.dat
[2011/05/11 17:44:40 | 000,000,129 | ---- | M] () -- C:\Users\Beni\jagex_runescape_preferences2.dat
[2011/05/11 12:42:04 | 000,000,194 | ---- | M] () -- C:\Users\Beni\AppData\Roaming\RSBuddy_xooley.ini
[2011/05/11 12:02:01 | 000,000,006 | ---- | M] () -- C:\Users\Beni\AppData\Roaming\RSBuddy Login.ini
[2011/05/11 04:39:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2268972349-1361780430-1330645407-1001Core.job
[2011/05/05 15:32:52 | 000,002,058 | ---- | M] () -- C:\Users\Beni\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/05 15:30:51 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 15:20:30 | 000,188,772 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/30 09:29:22 | 005,033,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/29 22:49:20 | 000,000,075 | ---- | M] () -- C:\Users\Beni\authcheck_md5.properties
[2011/04/29 18:05:30 | 000,003,951 | ---- | M] () -- C:\Users\Beni\.recently-used.xbel
[2011/04/29 09:54:25 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/04/27 12:44:37 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/26 08:54:32 | 000,093,184 | RHS- | M] () -- C:\Windows\SysWow64\RacRulesr.dll
[2011/04/24 22:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011/04/21 12:06:51 | 000,000,054 | ---- | M] () -- C:\Users\Beni\AppData\Roaming\RSBot_Accounts.ini
[2011/04/16 11:23:48 | 000,000,177 | ---- | M] () -- C:\Users\Beni\Desktop\anything.vbs

========== Files Created - No Company Name ==========

[2011/05/10 19:38:20 | 000,000,006 | ---- | C] () -- C:\Users\Beni\AppData\Roaming\RSBuddy Login.ini
[2011/05/05 15:30:51 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 18:05:30 | 000,003,951 | ---- | C] () -- C:\Users\Beni\.recently-used.xbel
[2011/04/29 09:54:25 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/04/27 12:44:37 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/26 08:54:39 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/26 08:54:36 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/26 08:54:33 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\Nprnlz.job
[2011/04/26 08:54:32 | 000,093,184 | RHS- | C] () -- C:\Windows\SysWow64\RacRulesr.dll
[2011/04/24 08:33:37 | 000,000,075 | ---- | C] () -- C:\Users\Beni\authcheck_md5.properties
[2011/04/16 11:23:48 | 000,000,177 | ---- | C] () -- C:\Users\Beni\Desktop\anything.vbs
[2011/04/09 09:52:11 | 000,000,054 | ---- | C] () -- C:\Users\Beni\AppData\Roaming\RSBot_Accounts.ini
[2011/03/04 10:31:31 | 000,000,194 | ---- | C] () -- C:\Users\Beni\AppData\Roaming\RSBuddy_xooley.ini
[2011/02/11 19:50:07 | 000,188,772 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/09 11:15:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/24 15:23:28 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/17 11:49:20 | 001,497,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/04 20:35:27 | 000,000,017 | ---- | C] () -- C:\Users\Beni\AppData\Local\resmon.resmoncfg
[2010/07/16 17:50:45 | 000,000,132 | ---- | C] () -- C:\Users\Beni\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/11 17:12:17 | 000,219,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/07/11 17:12:05 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/07/11 17:11:52 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/03/26 13:21:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/14 16:35:57 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2003/02/20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/03/17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL
[2002/03/02 04:10:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/04/26 08:54:32 | 000,093,184 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\RacRulesr.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >
[2011/05/15 16:51:22 | 000,000,304 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\Nprnlz.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/26 05:42:15 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/04/11 11:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 11:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 11:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 11:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 11:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 11:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 11:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 11:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 11:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/05/15 16:51:10 | 1609,449,472 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/09/09 11:15:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/30 04:07:08 | 000,004,758 | ---- | M] () -- C:\KTR2011.reg
[2009/09/09 11:15:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/15 16:51:11 | 2145,935,360 | -HS- | M] () -- C:\pagefile.sys
[2010/06/27 19:08:46 | 000,291,972 | RHS- | M] () -- C:\QSOGM
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 11:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 11:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI
[2010/06/27 19:08:47 | 000,000,020 | RHS- | M] () -- C:\win7.ld

< %PROGRAMFILES%\*. >
[2010/07/11 17:24:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activision
[2010/10/10 22:07:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/05/29 18:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Media Player
[2010/08/03 13:21:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Anon Proxy Server
[2011/02/26 18:16:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/06/04 14:14:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Astrum Online Entertainment
[2011/04/04 16:54:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Auto Typer by MurGee
[2010/03/28 11:26:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AutoHotkey
[2011/01/31 20:57:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2011/04/27 12:40:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/05/12 12:15:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2011/05/01 13:04:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/04/03 11:58:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2011/01/27 18:32:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Digieffects
[2011/05/01 13:04:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2010/04/11 12:39:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DNA
[2010/10/13 12:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2011/02/05 10:20:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EpicBot
[2010/08/19 18:48:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2011/02/27 16:33:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FreeTime
[2010/08/29 10:39:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GamersFirst
[2011/04/29 09:53:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0
[2010/03/26 22:48:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/04/21 12:48:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hotspot Shield
[2011/02/06 22:45:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HxD
[2011/03/26 20:34:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HyCam2
[2010/08/27 15:53:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ICQ6Toolbar
[2010/12/10 16:28:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ICQ7.2
[2011/03/24 13:34:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ImgBurn
[2011/04/21 12:49:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/04/21 12:57:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intelore
[2010/10/15 09:03:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/04/27 12:44:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/03/13 10:16:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/07/24 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lavalys
[2011/01/27 22:04:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LooksBuilder
[2010/12/11 16:02:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Magic Bullet Looks Vegas
[2010/06/04 14:21:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mail.Ru
[2010/08/19 16:01:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/25 21:47:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Messenger Plus! Live
[2010/03/25 21:30:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/01/30 21:49:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/04/28 08:35:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/03/26 22:54:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/03/26 13:17:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/12 13:05:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mIRC
[2011/05/05 15:30:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/01/30 21:47:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2010/10/06 22:05:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/11/18 22:12:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCSoft
[2010/08/19 15:32:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Net Tools
[2010/09/29 19:06:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NewBlue
[2010/06/24 13:09:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2010/07/18 22:38:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PDFCreator
[2010/08/19 15:54:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Photoshop
[2010/10/06 10:11:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pinnacle
[2010/04/05 18:27:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PowerISO
[2011/02/26 18:17:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/01/28 11:43:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Revoca Lernsoftware
[2008/06/26 09:28:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2011/04/11 13:18:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RuneScape
[2010/06/01 17:04:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Security Task Manager
[2010/11/17 17:53:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Silkroad
[2010/05/29 14:21:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/02/21 16:45:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SofTax GR 2010 NP
[2010/12/11 16:20:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2010/06/01 18:04:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/13 15:19:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2011/05/09 20:59:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SwiftKit
[2010/12/13 21:10:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2010/05/31 11:31:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TmNationsForever
[2010/05/31 20:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2009/07/14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/07/18 21:51:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Universal Document Converter
[2010/10/05 16:51:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/10/05 20:00:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2010/03/25 22:34:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/12/10 16:33:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/03/25 21:29:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/12 15:54:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/09/04 15:41:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Components
[2010/10/15 09:03:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2010/09/02 21:17:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media-Komponenten
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/03/25 22:34:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/03/25 22:34:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/07/13 15:47:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinPcap
[2010/07/18 21:45:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WordToPDF
[2010/03/26 14:04:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2011/02/14 17:28:48 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry

< %appdata%\*.* >
[2010/07/16 17:50:45 | 000,000,132 | ---- | M] () -- C:\Users\Beni\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/21 12:06:51 | 000,000,054 | ---- | M] () -- C:\Users\Beni\AppData\Roaming\RSBot_Accounts.ini
[2011/05/11 12:02:01 | 000,000,006 | ---- | M] () -- C:\Users\Beni\AppData\Roaming\RSBuddy Login.ini
[2011/05/11 12:42:04 | 000,000,194 | ---- | M] () -- C:\Users\Beni\AppData\Roaming\RSBuddy_xooley.ini

< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

Chewbaka · May 15, 2011

Put in code tags

Ben_mybb_import12786 · May 15, 2011

Here the second part, for some reason it messes up if I put it any kind of tags..

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/14 02:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/07/14 02:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/14 02:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 5/15/2011 6:28:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Beni\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.87 Gb Total Space | 183.12 Gb Free Space | 62.52% Space Free | Partition Type: NTFS
Drive

| 5.22 Gb Total Space | 0.87 Gb Free Space | 16.61% Space Free | Partition Type: NTFS

Computer Name: BENI_PC | User Name: Beni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Treiber
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C8CDDCF-D09A-11DF-8BB6-0013D3D69929}" = Vegas Pro 10.0
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Anon Proxy Server" = Anon Proxy Server
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EpicBot" = EpicBot
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.60
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"HyperCam 2" = HyperCam 2
"ImgBurn" = ImgBurn
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"mIRC" = mIRC
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NewBlue Art Blends" = NewBlue Art Blends
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects" = NewBlue Art Effects
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Motion Blends" = NewBlue Motion Blends
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"PartyPoker" = PartyPoker
"PowerISO" = PowerISO
"Revoca 5 5.2" = Revoca 5 5.2
"RuneScape Toolbar" = RuneScape Toolbar
"Silkroad" = Silkroad
"SofTax GR 2010 NP" = SofTax GR 2010 NP
"Steam App 410" = Portal: First Slice
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WordToPDF_is1" = WordToPDF 2.4
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NCsoft-Aion" = Aion
"Octoshape Streaming Services" = Octoshape Streaming Services
"SwiftKit" = SwiftKit
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
[/spoiler]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTek Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: RX861AA-UUZ m7737.ch
Logical Drives Mask: 0x000001ec

Kernel Drivers (total 181):
0x02C12000 \SystemRoot\system32\ntoskrnl.exe
0x031EE000 \SystemRoot\system32\hal.dll
0x00B98000 \SystemRoot\system32\kdcom.dll
0x00C59000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C66000 \SystemRoot\system32\PSHED.dll
0x00C7A000 \SystemRoot\system32\CLFS.SYS
0x00CD8000 \SystemRoot\system32\CI.dll
0x00E9F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F43000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F52000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FA9000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FBC000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E86000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E8D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D98000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DB2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DBB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01029000 \SystemRoot\system32\DRIVERS\storport.sys
0x0108B000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x010C9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010D4000 \SystemRoot\system32\drivers\fltmgr.sys
0x01120000 \SystemRoot\system32\drivers\fileinfo.sys
0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01134000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0140B000 \SystemRoot\System32\Drivers\cng.sys
0x0147E000 \SystemRoot\System32\drivers\pcw.sys
0x0148F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01499000 \SystemRoot\system32\drivers\ndis.sys
0x0158B000 \SystemRoot\system32\drivers\NETIO.SYS
0x01200000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01603000 \SystemRoot\System32\drivers\tcpip.sys
0x01192000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015EB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01829000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01875000 \SystemRoot\System32\Drivers\spldr.sys
0x0187D000 \SystemRoot\System32\drivers\rdyboost.sys
0x018B7000 \SystemRoot\System32\Drivers\mup.sys
0x018C9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018D2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0190C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01922000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019BB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019E5000 \SystemRoot\System32\Drivers\Null.SYS
0x019EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x01800000 \SystemRoot\System32\drivers\vga.sys
0x01000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0180E000 \SystemRoot\System32\drivers\watchdog.sys
0x0181E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01400000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013ED000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011DC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00C2B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011ED000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A18000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A5D000 \SystemRoot\system32\drivers\afd.sys
0x03AE7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03AF0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B16000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B25000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B40000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03B54000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03B6E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BBF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BCB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03BD6000 \SystemRoot\System32\drivers\discache.sys
0x03C66000 \SystemRoot\system32\drivers\csc.sys
0x03CE9000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D07000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D18000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03D3A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03D60000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03D77000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03D95000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03DA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03DB3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03DBE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04021000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0405F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04083000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x04892000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0538C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x040D5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0538E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x053D4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053E4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04824000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04830000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0485F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x041C9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04000000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0487A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04885000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02C5B000 \SystemRoot\system32\DRIVERS\ks.sys
0x02C9E000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x02CE2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02CF4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02D4E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0421D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x02D63000 \SystemRoot\system32\drivers\portcls.sys
0x02DA0000 \SystemRoot\system32\drivers\drmk.sys
0x04200000 \SystemRoot\system32\drivers\ksthunk.sys
0x04206000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02DC2000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x02C00000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x02C3E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x02DCC000 \SystemRoot\System32\drivers\Dxapi.sys
0x02DD8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04214000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\ATMFD.DLL
0x00860000 \SystemRoot\System32\cdd.dll
0x03DCF000 \SystemRoot\system32\drivers\luafv.sys
0x01952000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0196F000 \SystemRoot\system32\drivers\WudfPf.sys
0x03BE5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0381A000 \SystemRoot\system32\drivers\HTTP.sys
0x038E2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03900000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03918000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03945000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03993000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x044F5000 \SystemRoot\system32\drivers\peauth.sys
0x0459B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x045A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04471000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04483000 \SystemRoot\System32\DRIVERS\srv2.sys
0x046E0000 \SystemRoot\System32\DRIVERS\srv.sys
0x04776000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77640000 \Windows\System32\ntdll.dll
0x47660000 \Windows\System32\smss.exe
0xFF960000 \Windows\System32\apisetschema.dll
0xFF910000 \Windows\System32\autochk.exe
0xFF8B0000 \Windows\System32\clbcatq.dll
0xFF7E0000 \Windows\System32\usp10.dll
0xFF5D0000 \Windows\System32\ole32.dll
0xFF5B0000 \Windows\System32\sechost.dll
0xFF5A0000 \Windows\System32\lpk.dll
0xFE810000 \Windows\System32\shell32.dll
0xFE7C0000 \Windows\System32\ws2_32.dll
0xFE560000 \Windows\System32\iertutil.dll
0xFE480000 \Windows\System32\advapi32.dll
0xFE400000 \Windows\System32\shlwapi.dll
0xFE2D0000 \Windows\System32\rpcrt4.dll
0x77810000 \Windows\System32\psapi.dll
0xFE2B0000 \Windows\System32\imagehlp.dll
0xFE1D0000 \Windows\System32\oleaut32.dll
0xFDFF0000 \Windows\System32\setupapi.dll
0xFDEE0000 \Windows\System32\msctf.dll
0xFDE40000 \Windows\System32\msvcrt.dll
0x77800000 \Windows\System32\normaliz.dll
0xFDDA0000 \Windows\System32\comdlg32.dll
0xFDD50000 \Windows\System32\Wldap32.dll
0x77540000 \Windows\System32\user32.dll
0xFDCD0000 \Windows\System32\difxapi.dll
0x77420000 \Windows\System32\kernel32.dll
0xFDC60000 \Windows\System32\gdi32.dll
0xFDB30000 \Windows\System32\wininet.dll
0xFDB00000 \Windows\System32\imm32.dll
0xFDAF0000 \Windows\System32\nsi.dll
0xFD970000 \Windows\System32\urlmon.dll
0xFD800000 \Windows\System32\crypt32.dll
0xFD790000 \Windows\System32\KernelBase.dll
0xFD770000 \Windows\System32\devobj.dll
0xFD730000 \Windows\System32\wintrust.dll
0xFD6F0000 \Windows\System32\cfgmgr32.dll
0xFD650000 \Windows\System32\comctl32.dll
0xFD640000 \Windows\System32\msasn1.dll
0x75CB0000 \Windows\SysWOW64\normaliz.dll

Processes (total 67):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
476 csrss.exe
528 C:\Windows\System32\wininit.exe
552 csrss.exe
584 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\nvvsvc.exe
900 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\nvvsvc.exe
1316 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\spoolsv.exe
1472 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1484 C:\Windows\System32\taskeng.exe
1504 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\rundll32.exe
1596 C:\Windows\SysWOW64\rundll32.exe
1756 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1784 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1816 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1860 C:\Windows\System32\svchost.exe
1868 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1884 C:\Windows\System32\conhost.exe
1948 C:\Windows\SysWOW64\PnkBstrA.exe
1984 C:\Windows\SysWOW64\PnkBstrB.exe
2016 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1616 C:\Windows\System32\svchost.exe
1840 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
1528 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2656 WUDFHost.exe
2808 C:\Windows\System32\svchost.exe
3020 C:\Windows\System32\taskhost.exe
2552 C:\Windows\System32\dwm.exe
2904 C:\Windows\explorer.exe
2428 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
1224 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3076 C:\Program Files\Windows Sidebar\sidebar.exe
3220 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3336 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3344 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3376 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3608 C:\Windows\System32\SearchIndexer.exe
3772 C:\Program Files\iPod\bin\iPodService.exe
2976 C:\Program Files\Windows Media Player\wmpnetwk.exe
1492 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
2744 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1880 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2764 C:\Windows\System32\audiodg.exe
3136 C:\Program Files (x86)\iTunes\iTunes.exe
3580 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
3152 C:\Windows\System32\conhost.exe
3276 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
2524 C:\Windows\System32\conhost.exe
988 C:\Windows\System32\SearchProtocolHost.exe
1128 C:\Windows\System32\SearchFilterHost.exe
1104 C:\Users\Beni\Downloads\OTL.exe
3168 C:\Users\Beni\Downloads\MBRCheck.exe
1260 C:\Windows\System32\conhost.exe
3132 C:\Windows\System32\svchost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\

--> \\.\PhysicalDrive0 at offset 0x00000049`37ceb000 (NTFS)

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.CH

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

I'm pretty sure I used to have an RAT on my computer but I believe that one is away, and theres some wierd shit going on, when I google something then click on the link some ad opens and I have to click the link like 10x before I get to the correct site.

Thanks!

Automatic · May 15, 2011

Wow, two whole fucking posts worth of 1000s of lines

Tha Sneak · May 15, 2011

Hi,

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Ben_mybb_import12786 · May 16, 2011

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4449

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.05.2011 11:15:37
mbam-log-2011-05-16 (11-15-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147109
Laufzeit: 8 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Beni\AppData\Local\Temp\SkypeSetup.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

It's german, but it removed 2 files.

Tha Sneak · May 17, 2011

Hi,

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Ben_mybb_import12786 · May 21, 2011

It says AntiVirus desktop is still open, although I closed my Avira, it says some desktop is open which I tried to close trough task manager, which didn't work.

Tha Sneak · May 21, 2011

Hi,

Disable Avira instead of closing it.

Ben_mybb_import12786 · May 21, 2011

I did disable Avira, the umbrella is closed, but it still says Antiviris Desktop is active.

Ben_mybb_import12786 · May 21, 2011

wale said:
Have you tried resetting your computer? Normally it takes a shutdown and restart before anything it has is completely closed.

Carbon said:
Are you all deaf? Stop posting in this thread unless you are A. On the team or B. OP

Stop farming points for the contest on this thread.

And besides that if I restart my computer, Avira will enabled automatically again.

Tha Sneak · May 22, 2011

Try running it in Safe Mode please.

Check up

Ben_mybb_import12786

Onyx user!

Chewbaka

Well-Known Member

Ben_mybb_import12786

Onyx user!

Automatic

User is banned.

Tha Sneak

Member

Ben_mybb_import12786

Onyx user!

Tha Sneak

Member

Ben_mybb_import12786

Onyx user!

Tha Sneak

Member

Ben_mybb_import12786

Onyx user!

Ben_mybb_import12786

Onyx user!

Tha Sneak

Member

Featured

Share this page