Jump to content

What is going on?!


m0rb

Recommended Posts

hi there,

 

problems started around 4-5 days ago, suddenly I got warnings about my 2nd HDD being damaged or containing trouble, I don't know what exactly it said, only that I should have made backups, as was suggested.

 

Now, 2 days ago said HDD was suddenly not available any more.

I can find it using the HDD managing tool provided by Win 7, but it doesn't have a letter/label (C:/X:) any longer and I cannot access it - nevertheless, I can FIND it, with the exact size etc. and even how much space there is remaining.

oh, and said HDD WAS drive "D:\", but now D:\ seems to be my DVD-drive. :/

 

next thing I noticed, Windows tries to tell me that there weren't any anti-virus programmes running (notification in the task bar(?), you know, a symbol of a small white flag + a red sign with a white "X" on it.

only problem is: Avira IS running actually (I believe) and when I open it, it says everything is great. 

a scan in Avira just shows me the same ole game-cracks and warez it shows me every time - and these are things I KNOW are only false positives, because I own and use said false positives for years and they never caused any problems!

i think it's in the nature of a "crack" that makes anti-virus programmes hate their guts. ;) nevertheless, all those false positive files (it's just 2 or 3) are from sources I know and trust...

 

where should I go on. oh, yeah: some programmes do not want to open any longer, or won't be installed freshly/uninstalled, e.g. DAEMONtools Lite wouldn't want me to start it and on the rare occasions it did open, it loaded and loaded and loaded...with no reaction to my requests. thereby it made no difference wether I started the programme as Admin or not.

when I tried to reinstall "Steam" - which had been installed on my former HDD "D:\"; you know, that one HDD of mine that just isn't there any more - at first it took the installation roughly 10 minutes of loading and processing, until it told me it couldn't re-install steam, because STEAM CAUSED A PROBLEM ON THE VERY HDD D:\ THAT HAS BEEN GONE FOR SEVERAL DAYS!

about 2 or 3 hours ago, I tried Malwarebytes and let it run a full scan of all drives possible, even D:\ the lost son HDD, or shall I call it the faux DVD-drive? - it really doesn't matter, but what is interesting was this:

 

PUP.Optional.OpenCandy have been found 2 times, both were named like programmes I use sometimes, but I use "HotSpot Shield" and this file was called "HotSpotShieldToolbarInstallationHelper" - just an example...

the other 2 finds of 4 were: PUP.Optional.Conduit.A - if wanted/needed, I could post the log of said scan with Malwarebytes..

 

I just don't know what to do... I am really hopeless! 

not only did I lose 90% of all my important files/music/videos, I also lost ALL savegames, that haven't been saved in some dubious cloud on steam (99.8% of all).

the worst thing is, though I hate losing those files, among them were ALL pictures taken of my child during his first 18 months of life.

 

 

not only would I love to restore this one HDD that got "lost", the bigger problem is that some programmes "lost" with said HDD WILL NOT let me re-install them. long story short: I cannot re-install Steam, which means I cannot install any of my ~200 games, which easily makes me super angry.... unfortunately I do not have the slightest clue who/I'm angry on ot

 

PLEASE, IF YOU HAVE ANY IDEAS - NO MATTER HOW FAR FETCHED THEY MIGHT OR MIGHT NOT BE, PLEASE; LET ME KNOW THEM; and rest asured, I'd be grateful until I draw my last breath!

seriously, apart from my child, PC-gaming is my second best thing in life: due to my MS I am bound to sit around all day, without the possibility of suddenly being able to dance or run again - hell, I'd even be happy to WALK further than 200m without the help of crutches.

 

so, any ideas? what should I do? do you think I could rescue any of my lost files?

 

PS: I am sorry for my imperfect english, but I'm no native english-speaker! I do hope nonetheless, that you understand at least my general problems...

 

cheers,

 

m0rb

 

 

Link to post
Share on other sites

why won't anybody help me?

 

maybe I should have added: the 2-3 finds of Avira, which I described as "cracks" are just ordinary "no-cd-patches", amde by me brother, so that I can play some o f my game classics without having the CD/DVD in the drive! 

I do not support software piracy - otherwise I wouldn't bitch about my steam-account being unable to re-install. ;)

 

 it possibly didn't come across what I really want: I want my missing HDD back AND I want to find and exterminate every last piece of malware on my PC.

mostly it is my missing HDD, that concerns me: it is where ALL my games and (legal) videos and photos are being stored.

 

as of lately, my PC is doing weird things, too....

right when I start it, it starts to boot, then stops suddenly, just to re-start the boot process. this is happening every time I start my machine.

then there's the missing HDD, that isn't really missing (I'll explain it once again) - Win 7 warned me to make backups because there had been a not sdpecified error in my HDD.

last time I had a similar problem, it resolved itself and the warnings didn't stop until the HDD was DEAD (as in REALLY DEAD), or - which I hoped for) the warnings didn't show up ever again and the HDD worked on for years.

this time, suddenly the drive is gone, but when looking in Win 7 HDD manager (I don't know what it is called in english versions of Win 7, sry, I use a German Win 7) for it, I can still see it, it just isn't labeled any more (HDD was D:\ - now D:\ is claimed to be my DVD-drive)

 

the last problem I have is what made me think of malware/virus/trojan in the first place:

Win7 displkays in my task-bar that there was no anti-virus tool running in the background - but, Avira claims it is running... and when I click on that Windows warning, I am shown the option to start Avira as administrator, when I do that, nothing happens, the warning (symbol in the task-bar) never goes away-

although the Avira symbol (that little umbrella) in that same task-bar is saying Avira were up and running.

and I know it is running and doing it's job (as good as it can, I assume), because when I downloaded "AdwCleaner.exe" after reading about it here on this forum, it beeps the stuff out of my speakers and tries to warn me of said little .exe. ;)

 

so, please, can anybody help me? 

It'd be much obliged! (hell, I might even make a paypal donation!)

Link to post
Share on other sites

  • Root Admin

You need to be patient and follow the directions.   It can sometimes take up to 5 days before someone is available to assist you as there are hundreds of people looking for help not just you and there are only so many qualified helpers.

 

Please read some of the Pinned Topics on the top of the forum  and post back your DDS logs and as soon as someone is available they will assist you.

Link to post
Share on other sites

oh, sorry, I didn't know that you work down stacks... I was getting frustrated, because I saw many posts were made after I opened this thread.

In that case, I'll start reading (to figure what is meant by "DDS log, for example) and do as you advised me to do. ;)

and sorry for being so impatient... I didn't know how you guys here are working - also, it is killing me to not being able to use my HDD and to not being able to install a newly bought one, in fear of infesting it with whatever !%$( has caused my problems in the first place...

 

I'll pick a number and wait in line then.

Link to post
Share on other sites

okay, here <re my DDS report and attach.txt:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by m0rb at 0:45:51 on 2013-09-03
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8167.5707 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\DiskeeperLite\DKService.exe
C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - 
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Codecv Class: {34C70A40-3D87-43EF-96BA-F3E148592D24} - 
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Hotspot Shield Toolbar: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [startCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A079DAFF-0FD6-410F-AEF3-63A0E3497931} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files\VLC\npvlc.dll
FF - plugin: C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_8_800_94.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - ExtSQL: 2013-07-11 17:05; {DB981CCA-088E-4731-A4A2-2FE218703C0E}; C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-29 28600]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-8-31 46792]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-24 84024]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-24 108088]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2013-8-26 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2013-8-26 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2013-8-26 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-29 105344]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-8-16 852264]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-8-16 555304]
R2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [2013-7-15 315632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2013-1-10 132096]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-1 283200]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-8-26 26136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-30 412776]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2013-1-10 38016]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184]
S2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe --> C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-13 130976]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-13 20992]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-2 59392]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-12 1255736]
.
=============== Created Last 30 ================
.
2013-09-02 22:22:10 -------- d-----w- C:\Program Files (x86)\DiskeeperLite
2013-09-02 22:20:59 53248 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2013-09-02 22:20:59 126976 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2013-09-02 22:20:58 114688 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2013-09-01 21:50:16 -------- d-----w- C:\Program Files (x86)\VirtualCloneDrive
2013-09-01 16:13:55 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-09-01 16:13:51 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-08-30 23:37:35 46792 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2013-08-30 16:13:51 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61D8F491-36A3-4BE4-96F7-AB572D0E662B}\mpengine.dll
2013-08-29 13:19:46 960960 ----a-w- C:\Windows\PE_File.dll
2013-08-26 17:35:19 1025648 ----a-w- C:\Windows\PE_Rom.dll
2013-08-26 17:24:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-08-26 17:24:52 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-08-26 17:24:52 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-08-26 17:24:52 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-08-26 17:24:51 614532 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-08-26 17:23:42 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2013-08-26 17:23:42 10216 ------w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2013-08-26 17:13:51 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-08-26 17:01:23 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2013-08-26 16:56:09 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2013-08-26 16:55:30 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-08-26 16:53:57 -------- d-----w- C:\ProgramData\ASUS
2013-08-26 16:53:54 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
2013-08-26 16:53:54 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2013-08-26 16:53:54 -------- d-----w- C:\Program Files (x86)\ASUS
2013-08-26 16:53:32 26136 ----a-w- C:\Windows\System32\drivers\ICCWDT.sys
2013-08-26 16:53:32 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2013-08-21 20:57:46 -------- d-----w- C:\Users\m0rb\AppData\Roaming\Wayforward Technologies
2013-08-21 14:01:13 -------- d-----w- C:\Users\m0rb\AppData\Roaming\Arrowhead
2013-08-21 14:01:06 -------- d-----w- C:\Windows\9530AE42DAE146199594B23487285D17.TMP
2013-08-21 10:23:14 -------- d-----w- C:\Users\m0rb\AppData\Roaming\gd.sos.McPixel
2013-08-15 00:32:08 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 14:21:11 -------- d-----w- C:\Users\m0rb\AppData\Local\Risen
2013-08-09 19:48:07 -------- d-----r- C:\Program Files (x86)\Skype
2013-08-04 14:40:51 -------- d-----w- C:\Program Files (x86)\SpeedFan
2013-08-04 09:11:19 -------- d-----w- C:\Users\m0rb\AppData\Local\Harebrained Schemes
2013-08-04 09:11:19 -------- d-----w- C:\Users\m0rb\AppData\Local\EMU
.
==================== Find3M  ====================
.
2013-08-29 09:40:02 81112 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-08-29 09:40:02 105344 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-08-21 13:16:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 13:16:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-13 22:16:45 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-07-13 22:16:45 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-07-13 22:16:45 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-07-13 22:16:45 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-26 17:55:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 17:55:09 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-26 17:55:09 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-16 19:16:59 52736 ----a-w- C:\Windows\ipuninst.exe
2013-06-15 04:35:40 1111552 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH:  0:46:04.25 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise 
Boot Device: \Device\HarddiskVolume1
Install Date: 30/10/2011 15:19:29
System Uptime: 02/09/2013 22:25:30 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8P67
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 8.241 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 368 GiB total, 25.757 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: ASUS Bluetooth
Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7
Manufacturer: Atheros Communications
Name: ASUS Bluetooth
PNP Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7
Service: BTHUSB
.
==== System Restore Points ===================
.
RP398: 01/09/2013 23:50:24 - Gerätetreiber-Paketinstallation: Elaborate Bytes AG Speichercontroller
RP399: 03/09/2013 00:21:48 - Diskeeper Lite wird installiert
.
==== Installed Programs ======================
.
3DMark Vantage
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) - Deutsch
AI Suite II
Aliens vs. Predator
Aliens: Colonial Marines v1.0
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Amnesia: The Dark Descent
Angry Birds Rio
Angry Birds Seasons
Antichamber
AnyDVD
Assassin's Creed ® III
Avadon: The Black Fortress
Avernum: Escape From the Pit
Avira Free Antivirus
Bad Piggies
Batman: Arkham City™
Battlefield 3™
Battlelog Web Plugins
BioShock 2
BioShock Infinite
Blackwell's Asylum
Bluetooth Win7 Suite (64)
Borderlands 2
Botanicula
BRAZEN Prototype
Browser Configuration Utility
Brutal Legend version 1
Bully Scholarship Edition
Call of Duty Black Ops II
Call of Duty: Black Ops
Call of Duty: Black Ops II
Call of Duty: Black Ops II v1.0
Call of Juarez Gunslinger
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.2
CloneDVD2
Codecv
Condemned - Criminal Origins
Core Temp 1.0 RC4
Counter-Strike
Crusader Kings Complete
Cthulhu Saves the World 
DAEMON Tools Lite
Damage Inc
Darwinia
Das Schwarze Auge - Schicksalsklinge
Dead Island
Dead Rising 2: OTR
Dear Esther
DEFCON
Deus Ex: Human Revolution
Die total verrückte Rally by SeriousPat
Dishonored
Diskeeper Lite
DivX-Setup
Don't Starve
Dragon's Lair
Driver San Francisco
Dual-Core Optimizer
DuckTales Remastered
Dungeons and Dragons CoM
ESN Sonar
Europa Universalis III
Evil Dead Regeneration
Exact Audio Copy 1.0beta3
Fallout: New Vegas
Fallout2
Family Guy Back to the Multiverse
Far Cry 2
Far Cry 3
Far Cry 3 Blood Dragon
FEZ
FIFA 13
Flotilla
Free AVI Video Converter version 5.0.24.422
Funky Smugglers
Futuremark SystemInfo
Gabriel Knight 2 - The Beast Within
Geneforge 1
Google Chrome
Grand Theft Auto San Andreas
Grand Theft Auto: Episodes From Liberty City
GTA IV: San Andreas
Hack n Slash Prototype
Half-Life
Half-Life: Blue Shift
Half-Life: Opposing Force
Home
Hotline Miami
Hotspot Shield 3.13
Hotspot Shield Toolbar
ImgBurn
Intel® Management Engine Components
Intel® Watchdog Timer Driver (Intel® WDT)
Jagged Alliance - Back in Action
Java 7 Update 25
Java Auto Updater
Java 6 Update 22
JDownloader 0.9
Just Cause 2
K-Lite Codec Pack 9.8.0 (Full)
L.A. Noire
Leviathan: Warships
Lone Survivor
Malwarebytes Anti-Malware Version 1.75.0.1300
Mark of the Ninja
marvell 91xx driver
Max Payne 3
McAfee Security Scan Plus
McPixel
Metro 2033
Metro Last Light Update 1.0.0.2
Metro Last Light Update 2 (.v1.0.0.2.) 1.00
Metro: Last Light
Metro: Last Light © Deep Silver version 1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Primary Interoperability Assemblies 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Monaco Whats Yours Is Mine
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
MSI Afterburner 2.1.0
Multiwinia
NBA 2K13
Need for Speed: Most Wanted
Nethergate: Resurrection
Nightly 13.0a1 (x64 en-US)
North and South The Game © BitComposer version 1
NVIDIA PhysX
Octodad
OkayFreedom
OpenAL
OpenOffice.org 3.3
Origin
Pidgin
pidgin-otr 4.0.0-1
Populous
Postal III
Pro Evolution Soccer 2013
PunkBuster Services
Rapture3D 2.4.11 Game
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Red Orchestra 2 Heroes of Stalingrad - GOTY
Renesas Electronics USB 3.0 Host Controller Driver
Revenge of the Titans
Risen
RocketDock 1.3.5
Rockstar Games Social Club
Rogue Legacy version 0.0.0.9
Saints Row The Third
Saints Row: The Third
Scribblenauts Unlimited
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shadow Warrior Classic (1997)
Shadowrun Returns
Shank
Sid Meier's Pirates!
Skype™ 6.7
Sleeping Dogs™
Sniper Elite V2
Spacebase DF-9 Prototype
SpeedFan (remove only)
SpyCraft
Stacking
Star Ruler
SteelSeries Engine
Super Street Fighter IV Version v 1.1.0.1
Superbrothers: Sword & Sworcery EP
Syndicate
System Shock 2
TeamSpeak 3 Client
Teleglitch version 6.3
The Darkness II
The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version Plus UPDATE 10 1.00
The Showdown Effect
The Void
The Walking Dead
The Walking Dead © 3 version 1
The Walking Dead Episode 2 - Starved for Help
The Walking Dead GotY
Thomas Was Alone
Tombraider
Transformers Fall of Cybertron
Trials Evolution Gold Edition
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Uplay
Uplink
VC80CRTRedist - 8.0.50727.6195
Virtua Tennis 4
VirtualCloneDrive
VLC media player 2.0.6
Wallace & Gromit Ep 1: Fright of the Bumblebees
War Thunder
Windows Live ID Sign-in Assistant
WinRAR 4.20 (64-Bit)
WRC3 version 1.0
XMedia Recode Version 3.1.1.8
You don't know Jack 4 Version 1.0 by Energizer
Zombie Driver
.
==== End Of File ===========================
 
 
the most obvious fault in all this I can see is that drive D:\ is supposed to be my 2nd hard disk (the one that isn't readable any more);
my dvd drive has always been F:\;
that virtual drive G:\  just refuses to being shut down;
H:\ is my phone getting juice via USB. 
Link to post
Share on other sites

I really can'*t make anything of this, but THAT I absolutely can't explain:

 

Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
 
I don't know these pages, nor would I ever use their services for multiple reasons...
Link to post
Share on other sites

also, I ran the Anti-Rootkit software of you to make a scan - nothing found - BUT, as of yesterday evening, I get these messages again about my HDD having a failure and urgent need of making backups asap...

 

I really don't know what to do any more.

Got a fresh HDD, off the shelf, but I don't dare putting it in mjy PC - something is definately off and I have_to secure at least the pictures on that broke down HDD. 

 

I know I'm being impatient here, but please, would anybody give me at least a clue of what to do next?

Link to post
Share on other sites

  • Root Admin

As this could be a real hard drive failure message please make sure that you do have ALL of your important data backed up to an external hard drive just in case of failure.

 

Once the backup is complete please run the following.

 

P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

re's my Roguekiller report:

 

RogueKiller V8.6.9 _x64_ [sep  3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
 
mail : tigzyRK<at>gmail<dot>com
 
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : m0rb [Admin Rechte]
Funktion : Scannen -- Datum : 09/04/2013 17:48:35
| ARK || FAK || MBR |
 
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
 
¤¤¤ Registry-Einträge : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
 
¤¤¤ Geplante Tasks : 0 ¤¤¤
 
¤¤¤ Autostart-Einträge : 0 ¤¤¤
 
¤¤¤ Web-Browsern : 0 ¤¤¤
 
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
 
¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
 
¤¤¤ Externe Hives: ¤¤¤
 
¤¤¤ Infektion :  ¤¤¤
 
¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR überprüfen: ¤¤¤
 
+++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] 9c9fcb27ba1c346400d55ffa3b5a0a5c
[bSP] 114f1ae7521be691ccafdd4153318bb3 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] NOT VALID
User = LL1 ... OK!
Error reading LL2 MBR!
 
+++++ PhysicalDrive2: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] ec6da29e54beebd9fa73eb3749fb2819
[bSP] 759a57632ead1c8342147c5b0e63e243 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Abgeschlossen : << RKreport[0]_S_09042013_174835.txt >>
Link to post
Share on other sites

  • Root Admin

Let's try another tool and see what it says.
 
 
Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up.  Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now.  It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

here is my aswMBR log:

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-09-04 20:08:50

-----------------------------

20:08:50.707    OS Version: Windows x64 6.1.7601 Service Pack 1

20:08:50.707    Number of processors: 4 586 0x2A07

20:08:50.708    ComputerName: M0RB-PC  UserName: m0rb

20:08:50.914    Initialize success

20:09:46.254    AVAST engine defs: 13090400

20:10:46.681    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

20:10:46.681    Disk 0 Vendor: ST1000DM003-9YN162 CC4H Size: 953869MB BusType: 11

20:10:46.681    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1

20:10:46.681    Disk 1 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 11

20:10:46.696    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2

20:10:46.696    Disk 2 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 11

20:10:46.868    Disk 2 MBR read successfully

20:10:46.868    Disk 2 MBR scan

20:10:46.884    Disk 2 Windows 7 default MBR code

20:10:46.915    Disk 2 Partition 1 80 (A) 07    HPFS/NTFS NTFS       100000 MB offset 2048

20:10:46.930    Disk 2 Partition 2 00     07    HPFS/NTFS NTFS       376938 MB offset 204802048

20:10:46.946    Disk 2 scanning C:\Windows\system32\drivers

20:10:55.822    Service scanning

20:11:13.060    Modules scanning

20:11:13.060    Disk 2 trace - called modules:

20:11:13.092    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

20:11:13.092    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800774c060]

20:11:13.092    3 CLASSPNP.SYS[fffff880013b443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007514060]

20:11:13.357    AVAST engine scan C:\Windows

20:11:14.698    AVAST engine scan C:\Windows\system32

20:13:25.146    AVAST engine scan C:\Windows\system32\drivers

20:13:34.490    AVAST engine scan C:\Users\m0rb

20:22:25.281    AVAST engine scan C:\ProgramData

20:23:35.606    Scan finished successfully

22:12:01.185    Disk 2 MBR has been saved successfully to "C:\Users\m0rb\Desktop\MBR.dat"

22:12:01.191    The log file has been saved successfully to "C:\Users\m0rb\Desktop\aswMBR.txt"

 

it found nothing, but during the scan, I found that inside my windows user-data folder, there was a folder of a game, I never had installed on this PC - it really drives me crazy!

 

also, the drives that aswMBR found... it bothers me a bit. 

drive G:\ is supposed to be a "BD-Rom-Drive" (same in windows) - I don't even know what a BD drive is supposed to be! If it is a blueray-drive, well, I sure don't own one of those. I just know for sure, atm I have nothing but 3 HDDs in my PC, the dvd-player I unplugged yesterday.

 

should I start worrying about anything else but a malware infection?

I just can't believe that 2 HDDs suddenly, without any reason, start to make problems. today I got like 20 times the same message, that I received the day before my second HDD "broke".

Link to post
Share on other sites

  • Root Admin

Okay thanks.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites

so...

 

Anti Rootkit didn't find anything! should I still post the logs?

 

next, JRT.txt:

 

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Enterprise x64
Ran by m0rb on 08/09/2013 at 23:32:00.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Failed to stop: [service] hshld 
Successfully stopped: [service] hsstrayservice 
Successfully deleted: [service] hsstrayservice 
Successfully stopped: [service] hsswd 
Successfully deleted: [service] hsswd 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2ef17083-57d4-4d64-ae4f-55f32a2c4571}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d793423b-ff18-4a54-b9c9-75b3396baac4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3E94288C-DE96-40BD-AD2D-F3AAE1ED37E7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34C70A40-3D87-43EF-96BA-F3E148592D24}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34C70A40-3D87-43EF-96BA-F3E148592D24}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\m0rb\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\codecv"
Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\m0rb\AppData\Roaming\mozilla\firefox\profiles\7yg9x2uh.default\prefs.js
 
user_pref("extensions.4f97c8882496d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-
Emptied folder: C:\Users\m0rb\AppData\Roaming\mozilla\firefox\profiles\7yg9x2uh.default\minidumps [38 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/09/2013 at 23:35:16.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner log:
 
# AdwCleaner v3.003 - Bericht erstellt am 08/09/2013 um 23:45:25
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzername : m0rb - M0RB-PC
# Gestartet von : C:\Users\m0rb\Desktop\AdwCleaner.exe
# Option : Suchen
 
***** [ Dienste ] *****
 
Dienst Gefunden : BCUService
 
***** [ Dateien / Ordner ] *****
 
Ordner Gefunden : C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
 
***** [ Verknüpfungen ] *****
 
 
***** [ Registrierungsdatenbank ] *****
 
Schlüssel Gefunden : HKCU\Software\DeviceVM
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKCU\Software\DeviceVM
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gefunden : HKLM\Software\DeviceVM
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
 
***** [ Browser ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v12.0 (de)
 
[ Datei : C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\prefs.js ]
 
Zeile gefunden : user_pref("extensions.4f97c8882496d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/14[...]
 
-\\ Google Chrome v
 
[ Datei : C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2435 octets] - [08/09/2013 23:45:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2495 octets] ##########
 
 
- it's all good to go with me..
 
 
ESET log:
 
C:\BIE\bie_7install64.exe a variant of Win32/HackKMS.A application
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCDIO.dll a variant of Win32/Packed.Enigma.AAF trojan
C:\Qoobox\Quarantine\C\ProgramData\Codecv\uninstall.exe.vir Win32/Adware.MultiPlug.A application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
E:\downloads\Programme\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask application
E:\Games - ISOs\Angry Birds Collection\Angry.Birds.Rio.v1.4.2.Cracked.READ.NFO-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U application
E:\Games - ISOs\Angry Birds Collection\Angry.Birds.Seasons.v2.2.0.Cracked.READ.NFO-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U application
E:\Games - ISOs\Retro.City.Rampage.v1.06.multi5.full-THETA\Retro City Rampage.exe Win32/HackTool.Crack.B application
 
well, apart from the very first hit (C:\BIE\bie_7install64.exe a variant of Win32/HackKMS.A application), I don't have any use for it. BUT, there's some "Avira" files listed and I am not sure whether it would be a smart move to delete those. btw - Avira (my anti-virus tool) has been deactivated, yer this scan warned me about finding anti-virus software... so I am not sure if it is right to delete those files... I'll do whatever you tell me is right. ;)
 
 
last, not least FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by m0rb (administrator) on M0RB-PC on 09-09-2013 00:47:25
Running from C:\Users\m0rb\Downloads
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Executive Software International, Inc.) C:\Program Files (x86)\DiskeeperLite\DKService.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Core Temp\Core Temp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\m0rb\Desktop\AdwCleaner.exe
(Executive Software International, Inc.) C:\Program Files (x86)\DiskeeperLite\DfrgNTFS.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKCU\...\Run: [steelSeries Engine] - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [239104 2013-02-06] (SteelSeries ApS)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {43F32485-5564-4b1e-84B9-21A12B7F3F8A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {43F32485-5564-4b1e-84B9-21A12B7F3F8A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\m0rb\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Codecv - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\4f97c88824966@4f97c88824968.info
FF Extension: Hotspot Shield  - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF Extension: No Name - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afext@anchorfree.com
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Google Update) - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Uplay PC) - D:\- G A M E S -\Uplay\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0
CHR Extension: (OkayFreedom) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd\1.1.0_0
CHR Extension: (Knightmare Tower) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdecmbmceeclagcfaobhlmijgpjighb\1.1_0
CHR Extension: (NYTimes) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0
CHR Extension: (The QR Code Generator) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0
CHR Extension: (AdBlock) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Drakensang Online) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfnnlgcclgoefnbmlkabdnpfndekmeo\1_0
CHR Extension: (Battlestar Galactica Online) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.3_0
CHR Extension: (Lord of Ultima) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0
CHR Extension: (Burrito Bison) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnlnlkkpikjojgijcdbfddkfbledeom\1.0_0
CHR Extension: (Google Mail Checker) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Feed the King) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmgcophkiclkphofoigmmfgdajkokab\1_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Mini Ninjas) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi\1.0.0.19_0
CHR Extension: (Psykopaint) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0
CHR HKLM-x32\...\Chrome\Extension: [akogkenicmciojjhoijaipjdhbjphddd] - C:\ProgramData\Codecv\akogkenicmciojjhoijaipjdhbjphddd.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 Diskeeper; C:\Program Files (x86)\DiskeeperLite\DKService.exe [176128 2002-10-16] (Executive Software International, Inc.)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-25] ()
S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-01] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-01-10] (SteelSeries Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R3 ALSysIO; \??\C:\Users\m0rb\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-09 00:46 - 2013-09-09 00:46 - 01948988 _____ (Farbar) C:\Users\m0rb\Downloads\FRST64.exe
2013-09-09 00:41 - 2013-09-09 00:41 - 00001502 _____ C:\Users\m0rb\Desktop\eset.txt
2013-09-08 23:52 - 2013-09-08 23:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu.exe
2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (2).exe
2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (1).exe
2013-09-08 23:47 - 2013-09-08 23:47 - 00002587 _____ C:\Users\m0rb\Desktop\AdwCleaner[R0].txt
2013-09-08 23:45 - 2013-09-08 23:45 - 00000000 ____D C:\AdwCleaner
2013-09-08 23:43 - 2013-09-08 23:44 - 01037278 _____ C:\Users\m0rb\Desktop\AdwCleaner.exe
2013-09-08 23:35 - 2013-09-08 23:35 - 00005533 _____ C:\Users\m0rb\Desktop\JRT.txt
2013-09-08 23:31 - 2013-09-08 23:31 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 23:30 - 2013-09-08 23:31 - 01029490 _____ (Thisisu) C:\Users\m0rb\Desktop\JRT.exe
2013-09-08 23:06 - 2013-09-08 23:06 - 96566691 _____ C:\Windows\SysWOW64\㌦
2013-09-07 12:05 - 2013-09-05 13:04 - 00028889 _____ C:\Users\m0rb\Desktop\ComboFix.txt
2013-09-06 01:47 - 2013-09-06 01:47 - 00001255 _____ C:\Users\m0rb\Desktop\OUTLAST.lnk
2013-09-05 13:04 - 2013-09-05 13:04 - 00028889 _____ C:\ComboFix.txt
2013-09-05 12:54 - 2013-09-05 13:04 - 00000000 ____D C:\Qoobox
2013-09-05 12:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 12:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 12:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 12:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 12:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 12:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 12:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 12:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 12:28 - 2013-09-05 12:28 - 05120804 ____R (Swearware) C:\Users\m0rb\Desktop\ComboFix.exe
2013-09-04 22:12 - 2013-09-04 22:12 - 00002165 _____ C:\Users\m0rb\Desktop\aswMBR.txt
2013-09-04 22:12 - 2013-09-04 22:12 - 00000512 _____ C:\Users\m0rb\Desktop\MBR.dat
2013-09-04 20:07 - 2013-09-04 20:08 - 04745728 _____ (AVAST Software) C:\Users\m0rb\Desktop\aswmbr.exe
2013-09-04 17:48 - 2013-09-04 17:48 - 00002031 _____ C:\Users\m0rb\Desktop\RKreport[0]_S_09042013_174835.txt
2013-09-04 17:45 - 2013-09-04 17:45 - 03787264 _____ C:\Users\m0rb\Desktop\RogueKillerX64.exe
2013-09-04 17:42 - 2013-09-05 13:03 - 00000000 ____D C:\Windows\ERDNT
2013-09-04 17:42 - 2013-09-04 17:48 - 00000000 ____D C:\Users\m0rb\Desktop\RK_Quarantine
2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\m0rb\Desktop\NTREGOPT.lnk
2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk
2013-09-04 17:40 - 2013-09-04 17:40 - 00000911 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk
2013-09-04 17:40 - 2013-09-04 17:40 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-09-04 17:37 - 2013-09-04 17:47 - 00002034 _____ C:\Users\m0rb\Desktop\Rkill.txt
2013-09-04 17:37 - 2013-09-04 17:37 - 00000000 ____D C:\Users\m0rb\Desktop\rkill
2013-09-04 17:31 - 2013-09-04 17:31 - 00791393 _____ (Lars Hederer                                                ) C:\Users\m0rb\Desktop\erunt-setup.exe
2013-09-04 17:30 - 2013-09-04 17:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\m0rb\Desktop\rkill.exe
2013-09-04 15:25 - 2013-09-04 15:25 - 00001758 _____ C:\Users\m0rb\Desktop\Anweisungen zur Datenträgerwiederherstellung.txt
2013-09-04 12:12 - 2013-09-04 12:12 - 30683519 _____ C:\Users\m0rb\Downloads\Paperspls.rar
2013-09-03 10:55 - 2013-09-08 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-03 10:53 - 2013-09-03 10:54 - 12907592 _____ (Malwarebytes Corp.) C:\Users\m0rb\Downloads\mbar-1.07.0.1005.exe
2013-09-03 01:32 - 2013-09-03 01:32 - 00000000 ___DC C:\Users\m0rb\AppData\Local\MigWiz
2013-09-03 01:08 - 2013-09-04 19:23 - 00000000 ____D C:\Users\m0rb\Desktop\diagnose_malware
2013-09-03 00:22 - 2013-09-04 10:48 - 00000000 ____D C:\Program Files (x86)\DiskeeperLite
2013-09-03 00:22 - 2013-09-03 00:22 - 00000780 _____ C:\Users\Public\Desktop\Diskeeper Lite.lnk
2013-09-01 23:50 - 2013-09-01 23:50 - 00001076 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-09-01 23:50 - 2013-09-01 23:50 - 00000000 ____D C:\Program Files (x86)\VirtualCloneDrive
2013-09-01 23:49 - 2013-09-01 23:49 - 01588760 _____ C:\Users\m0rb\Downloads\SetupVirtualCloneDrive5460.exe
2013-09-01 20:23 - 2013-09-01 20:23 - 00001086 _____ C:\Users\m0rb\Desktop\prison architect - Verknüpfung.lnk
2013-09-01 20:22 - 2013-08-26 16:32 - 00002168 _____ C:\Users\m0rb\Desktop\sir_alpha_v0.3.4518 - Verknüpfung.lnk
2013-09-01 19:49 - 2013-09-01 19:49 - 08531968 _____ C:\Users\m0rb\Downloads\SteamInstall_German.msi
2013-09-01 18:16 - 2013-09-01 18:16 - 00001956 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-01 18:13 - 2013-09-01 18:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-01 18:13 - 2013-09-01 18:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-01 16:20 - 2013-09-01 16:20 - 00003202 _____ C:\Windows\System32\Tasks\{2076B10B-0E9B-4690-BD51-DD15D71E5A7F}
2013-09-01 01:29 - 2013-09-01 01:29 - 00001710 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
2013-09-01 01:29 - 2013-09-01 01:29 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2013-08-31 01:37 - 2013-08-13 01:07 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-08-29 15:19 - 2013-08-29 15:26 - 00960960 _____ C:\Windows\PE_File.dll
2013-08-29 14:50 - 2013-08-29 15:08 - 00000000 _____ C:\Windows\Path.idx
2013-08-29 14:22 - 2013-08-29 14:22 - 00330853 _____ C:\Users\m0rb\Downloads\RealTemp_370.zip
2013-08-29 14:04 - 2013-08-29 14:05 - 99540854 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 1.rar
2013-08-29 14:04 - 2013-08-29 14:05 - 85079171 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 2.rar
2013-08-29 14:04 - 2013-08-29 14:05 - 67268727 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 3.rar
2013-08-29 14:04 - 2013-08-29 14:05 - 106883696 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 4.rar
2013-08-27 12:26 - 2013-08-27 12:26 - 01252424 _____ C:\Users\m0rb\Downloads\DesuraInstaller.exe
2013-08-26 19:35 - 2013-08-29 15:28 - 01025648 _____ C:\Windows\PE_Rom.dll
2013-08-26 19:24 - 2013-08-26 19:25 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-08-26 19:23 - 2008-01-04 13:34 - 00011832 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2013-08-26 19:23 - 2008-01-04 13:34 - 00010216 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2013-08-26 19:13 - 2013-08-26 19:13 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2013-08-26 18:58 - 2013-08-26 18:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2013-08-26 18:56 - 2010-08-03 13:21 - 00014464 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys
2013-08-26 18:55 - 2008-12-02 20:05 - 00184320 _____ (ASUSTeK) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll
2013-08-26 18:54 - 2013-08-26 19:26 - 00000090 _____ C:\setup.log
2013-08-26 18:53 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-08-26 18:53 - 2013-08-26 18:53 - 00000000 ____D C:\ProgramData\ASUS
2013-08-26 18:53 - 2010-08-24 15:16 - 00013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2013-08-26 18:53 - 2010-08-18 01:28 - 00026136 _____ (Intel Corporation) C:\Windows\system32\Drivers\ICCWDT.sys
2013-08-26 18:53 - 2010-06-29 15:41 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2013-08-26 18:53 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
2013-08-26 18:51 - 2013-08-26 18:52 - 292246834 _____ C:\Users\m0rb\Downloads\AISuite_II_P8P.zip
2013-08-26 17:09 - 2013-08-26 17:10 - 122582464 _____ C:\Users\m0rb\Downloads\DSpdL_v1.0.2.123456_GERMAN-BiTE.rar
2013-08-26 15:54 - 2013-08-26 15:56 - 495923496 _____ C:\Users\m0rb\Downloads\Gone.Home-WaLMaRT.rar
2013-08-25 19:53 - 2013-09-08 23:05 - 00005782 _____ C:\Windows\setupact.log
2013-08-25 19:53 - 2013-08-25 19:53 - 00000000 _____ C:\Windows\setuperr.log
2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part04.rar
2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part02.rar
2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part01.rar
2013-08-25 17:50 - 2013-08-25 17:54 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part03.rar
2013-08-24 01:58 - 2013-08-24 01:58 - 00000000 _____ C:\Users\m0rb\Desktop\DOWNLOADS !!!.txt
2013-08-21 22:57 - 2013-08-21 22:57 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Wayforward Technologies
2013-08-21 18:35 - 2013-08-21 18:35 - 53767044 _____ C:\Users\m0rb\Downloads\battlefield3_ost_mp3_1376097014.zip
2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Windows\9530AE42DAE146199594B23487285D17.TMP
2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Arrowhead
2013-08-21 12:23 - 2013-08-21 12:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\gd.sos.McPixel
2013-08-17 22:12 - 2013-08-17 22:12 - 72314526 _____ C:\Users\m0rb\Downloads\Hwpo-(DatPiff.com).zip
2013-08-15 02:35 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 02:35 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 02:35 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 02:35 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 02:35 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 02:35 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 02:35 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 02:35 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 02:35 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 02:35 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 02:35 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 02:35 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 02:35 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 02:35 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 02:32 - 2013-08-15 02:33 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:21 - 2013-08-14 16:21 - 00000000 ____D C:\Users\m0rb\AppData\Local\Risen
2013-08-14 07:57 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 07:57 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 07:57 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:57 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 07:57 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:57 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:57 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 07:57 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:57 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:57 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:57 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:57 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:57 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 07:57 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 07:57 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 07:57 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 07:57 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 07:57 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 07:57 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 07:57 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 07:57 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 07:57 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 07:57 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 07:57 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 07:57 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 07:57 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:57 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 07:57 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 07:57 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-08-14 07:57 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-08-14 07:57 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-14 07:57 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-08-14 07:57 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-08-14 07:57 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-08-14 07:57 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 07:57 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-08-13 09:40 - 2013-08-13 09:40 - 17857246 _____ C:\Users\m0rb\Downloads\20130807.zip
2013-08-13 09:40 - 2013-08-13 09:40 - 02958696 _____ C:\Users\m0rb\Downloads\dpjuly13.zip
 
==================== One Month Modified Files and Folders =======
 
2013-09-09 00:46 - 2013-09-09 00:46 - 01948988 _____ (Farbar) C:\Users\m0rb\Downloads\FRST64.exe
2013-09-09 00:41 - 2013-09-09 00:41 - 00001502 _____ C:\Users\m0rb\Desktop\eset.txt
2013-09-09 00:16 - 2012-03-30 10:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 23:52 - 2013-09-08 23:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu.exe
2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (2).exe
2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (1).exe
2013-09-08 23:47 - 2013-09-08 23:47 - 00002587 _____ C:\Users\m0rb\Desktop\AdwCleaner[R0].txt
2013-09-08 23:45 - 2013-09-08 23:45 - 00000000 ____D C:\AdwCleaner
2013-09-08 23:44 - 2013-09-08 23:43 - 01037278 _____ C:\Users\m0rb\Desktop\AdwCleaner.exe
2013-09-08 23:35 - 2013-09-08 23:35 - 00005533 _____ C:\Users\m0rb\Desktop\JRT.txt
2013-09-08 23:31 - 2013-09-08 23:31 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 23:31 - 2013-09-08 23:30 - 01029490 _____ (Thisisu) C:\Users\m0rb\Desktop\JRT.exe
2013-09-08 23:28 - 2013-09-03 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-08 23:20 - 2009-07-14 06:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 23:20 - 2009-07-14 06:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 23:06 - 2013-09-08 23:06 - 96566691 _____ C:\Windows\SysWOW64\㌦
2013-09-08 23:06 - 2011-10-30 16:47 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-09-08 23:05 - 2013-08-25 19:53 - 00005782 _____ C:\Windows\setupact.log
2013-09-08 23:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 16:02 - 2011-10-30 16:11 - 01318902 _____ C:\Windows\WindowsUpdate.log
2013-09-06 23:37 - 2013-08-09 21:48 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Skype
2013-09-06 15:06 - 2013-08-04 16:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-06 01:47 - 2013-09-06 01:47 - 00001255 _____ C:\Users\m0rb\Desktop\OUTLAST.lnk
2013-09-06 01:47 - 2011-10-31 09:44 - 00000000 ____D C:\Users\m0rb\AppData\Local\CrashDumps
2013-09-06 01:35 - 2011-11-02 16:34 - 00000000 ____D C:\Users\m0rb\Documents\My Games
2013-09-06 00:32 - 2012-01-13 17:54 - 00000000 ____D C:\Program Files (x86)\Futuremark
2013-09-06 00:32 - 2011-10-30 16:39 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-09-05 15:34 - 2011-10-31 07:38 - 00100204 _____ C:\Windows\PFRO.log
2013-09-05 13:04 - 2013-09-07 12:05 - 00028889 _____ C:\Users\m0rb\Desktop\ComboFix.txt
2013-09-05 13:04 - 2013-09-05 13:04 - 00028889 _____ C:\ComboFix.txt
2013-09-05 13:04 - 2013-09-05 12:54 - 00000000 ____D C:\Qoobox
2013-09-05 13:03 - 2013-09-04 17:42 - 00000000 ____D C:\Windows\ERDNT
2013-09-05 13:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-05 12:28 - 2013-09-05 12:28 - 05120804 ____R (Swearware) C:\Users\m0rb\Desktop\ComboFix.exe
2013-09-04 22:12 - 2013-09-04 22:12 - 00002165 _____ C:\Users\m0rb\Desktop\aswMBR.txt
2013-09-04 22:12 - 2013-09-04 22:12 - 00000512 _____ C:\Users\m0rb\Desktop\MBR.dat
2013-09-04 20:08 - 2013-09-04 20:07 - 04745728 _____ (AVAST Software) C:\Users\m0rb\Desktop\aswmbr.exe
2013-09-04 19:23 - 2013-09-03 01:08 - 00000000 ____D C:\Users\m0rb\Desktop\diagnose_malware
2013-09-04 17:48 - 2013-09-04 17:48 - 00002031 _____ C:\Users\m0rb\Desktop\RKreport[0]_S_09042013_174835.txt
2013-09-04 17:48 - 2013-09-04 17:42 - 00000000 ____D C:\Users\m0rb\Desktop\RK_Quarantine
2013-09-04 17:47 - 2013-09-04 17:37 - 00002034 _____ C:\Users\m0rb\Desktop\Rkill.txt
2013-09-04 17:45 - 2013-09-04 17:45 - 03787264 _____ C:\Users\m0rb\Desktop\RogueKillerX64.exe
2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\m0rb\Desktop\NTREGOPT.lnk
2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk
2013-09-04 17:40 - 2013-09-04 17:40 - 00000911 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk
2013-09-04 17:40 - 2013-09-04 17:40 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-09-04 17:37 - 2013-09-04 17:37 - 00000000 ____D C:\Users\m0rb\Desktop\rkill
2013-09-04 17:31 - 2013-09-04 17:31 - 00791393 _____ (Lars Hederer                                                ) C:\Users\m0rb\Desktop\erunt-setup.exe
2013-09-04 17:30 - 2013-09-04 17:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\m0rb\Desktop\rkill.exe
2013-09-04 15:25 - 2013-09-04 15:25 - 00001758 _____ C:\Users\m0rb\Desktop\Anweisungen zur Datenträgerwiederherstellung.txt
2013-09-04 15:11 - 2013-03-29 15:22 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 12:12 - 2013-09-04 12:12 - 30683519 _____ C:\Users\m0rb\Downloads\Paperspls.rar
2013-09-04 10:48 - 2013-09-03 00:22 - 00000000 ____D C:\Program Files (x86)\DiskeeperLite
2013-09-04 02:57 - 2009-07-14 12:49 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-04 02:57 - 2009-07-14 12:49 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-04 02:57 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 10:54 - 2013-09-03 10:53 - 12907592 _____ (Malwarebytes Corp.) C:\Users\m0rb\Downloads\mbar-1.07.0.1005.exe
2013-09-03 01:32 - 2013-09-03 01:32 - 00000000 ___DC C:\Users\m0rb\AppData\Local\MigWiz
2013-09-03 00:30 - 2013-07-12 13:06 - 00000000 ____D C:\Users\m0rb\Desktop\Files
2013-09-03 00:22 - 2013-09-03 00:22 - 00000780 _____ C:\Users\Public\Desktop\Diskeeper Lite.lnk
2013-09-03 00:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-01 23:50 - 2013-09-01 23:50 - 00001076 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2013-09-01 23:50 - 2013-09-01 23:50 - 00000000 ____D C:\Program Files (x86)\VirtualCloneDrive
2013-09-01 23:49 - 2013-09-01 23:49 - 01588760 _____ C:\Users\m0rb\Downloads\SetupVirtualCloneDrive5460.exe
2013-09-01 20:23 - 2013-09-01 20:23 - 00001086 _____ C:\Users\m0rb\Desktop\prison architect - Verknüpfung.lnk
2013-09-01 20:20 - 2011-10-30 16:19 - 00000000 ____D C:\Users\m0rb
2013-09-01 19:49 - 2013-09-01 19:49 - 08531968 _____ C:\Users\m0rb\Downloads\SteamInstall_German.msi
2013-09-01 18:27 - 2011-11-02 14:24 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-09-01 18:16 - 2013-09-01 18:16 - 00001956 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-09-01 18:13 - 2013-09-01 18:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-09-01 18:13 - 2013-09-01 18:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-09-01 16:20 - 2013-09-01 16:20 - 00003202 _____ C:\Windows\System32\Tasks\{2076B10B-0E9B-4690-BD51-DD15D71E5A7F}
2013-09-01 15:23 - 2013-05-08 14:14 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-01 01:29 - 2013-09-01 01:29 - 00001710 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
2013-09-01 01:29 - 2013-09-01 01:29 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2013-08-31 02:07 - 2013-08-01 09:56 - 00000000 ____D C:\dosgames
2013-08-30 09:58 - 2011-10-30 22:39 - 01123039 _____ C:\Windows\DirectX.log
2013-08-29 15:28 - 2013-08-26 19:35 - 01025648 _____ C:\Windows\PE_Rom.dll
2013-08-29 15:26 - 2013-08-29 15:19 - 00960960 _____ C:\Windows\PE_File.dll
2013-08-29 15:08 - 2013-08-29 14:50 - 00000000 _____ C:\Windows\Path.idx
2013-08-29 14:22 - 2013-08-29 14:22 - 00330853 _____ C:\Users\m0rb\Downloads\RealTemp_370.zip
2013-08-29 14:05 - 2013-08-29 14:04 - 99540854 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 1.rar
2013-08-29 14:05 - 2013-08-29 14:04 - 85079171 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 2.rar
2013-08-29 14:05 - 2013-08-29 14:04 - 67268727 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 3.rar
2013-08-29 14:05 - 2013-08-29 14:04 - 106883696 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 4.rar
2013-08-29 11:40 - 2013-05-07 14:40 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-29 11:40 - 2013-03-29 15:22 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-27 12:26 - 2013-08-27 12:26 - 01252424 _____ C:\Users\m0rb\Downloads\DesuraInstaller.exe
2013-08-27 09:05 - 2011-10-30 16:45 - 00000000 ____D C:\Users\m0rb\Documents\Bluetooth Folder
2013-08-26 19:26 - 2013-08-26 18:54 - 00000090 _____ C:\setup.log
2013-08-26 19:25 - 2013-08-26 19:24 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-08-26 19:24 - 2013-08-26 18:53 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-08-26 19:13 - 2013-08-26 19:13 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2013-08-26 19:00 - 2011-10-30 17:09 - 00105528 _____ C:\Users\m0rb\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-26 18:58 - 2013-08-26 18:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2013-08-26 18:58 - 2011-10-30 16:39 - 00000000 ____D C:\Program Files (x86)\Intel
2013-08-26 18:53 - 2013-08-26 18:53 - 00000000 ____D C:\ProgramData\ASUS
2013-08-26 18:52 - 2013-08-26 18:51 - 292246834 _____ C:\Users\m0rb\Downloads\AISuite_II_P8P.zip
2013-08-26 17:10 - 2013-08-26 17:09 - 122582464 _____ C:\Users\m0rb\Downloads\DSpdL_v1.0.2.123456_GERMAN-BiTE.rar
2013-08-26 16:32 - 2013-09-01 20:22 - 00002168 _____ C:\Users\m0rb\Desktop\sir_alpha_v0.3.4518 - Verknüpfung.lnk
2013-08-26 15:56 - 2013-08-26 15:54 - 495923496 _____ C:\Users\m0rb\Downloads\Gone.Home-WaLMaRT.rar
2013-08-25 19:53 - 2013-08-25 19:53 - 00000000 _____ C:\Windows\setuperr.log
2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part04.rar
2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part02.rar
2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part01.rar
2013-08-25 17:54 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part03.rar
2013-08-24 01:58 - 2013-08-24 01:58 - 00000000 _____ C:\Users\m0rb\Desktop\DOWNLOADS !!!.txt
2013-08-23 16:42 - 2013-04-27 18:25 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\vlc
2013-08-21 22:57 - 2013-08-21 22:57 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Wayforward Technologies
2013-08-21 18:35 - 2013-08-21 18:35 - 53767044 _____ C:\Users\m0rb\Downloads\battlefield3_ost_mp3_1376097014.zip
2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Windows\9530AE42DAE146199594B23487285D17.TMP
2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Arrowhead
2013-08-21 15:16 - 2012-03-30 10:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 15:16 - 2012-03-30 10:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 15:16 - 2011-10-30 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 12:23 - 2013-08-21 12:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\gd.sos.McPixel
2013-08-20 10:46 - 2012-03-13 04:27 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\dvdcss
2013-08-20 10:10 - 2012-02-18 08:24 - 00000125 ____S C:\ProgramData\.zreglib
2013-08-17 22:12 - 2013-08-17 22:12 - 72314526 _____ C:\Users\m0rb\Downloads\Hwpo-(DatPiff.com).zip
2013-08-17 11:22 - 2012-01-03 12:36 - 00000000 ____D C:\Users\m0rb\AppData\Local\Adobe
2013-08-15 18:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 16:02 - 2012-04-28 22:27 - 00000000 ____D C:\ProgramData\Origin
2013-08-15 16:02 - 2012-04-28 22:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Origin
2013-08-15 15:45 - 2012-04-28 22:27 - 00000000 ____D C:\Users\m0rb\AppData\Local\Origin
2013-08-15 02:33 - 2013-08-15 02:32 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 02:32 - 2011-01-02 14:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 16:21 - 2013-08-14 16:21 - 00000000 ____D C:\Users\m0rb\AppData\Local\Risen
2013-08-13 09:40 - 2013-08-13 09:40 - 17857246 _____ C:\Users\m0rb\Downloads\20130807.zip
2013-08-13 09:40 - 2013-08-13 09:40 - 02958696 _____ C:\Users\m0rb\Downloads\dpjuly13.zip
2013-08-13 01:07 - 2013-08-31 01:37 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-08-10 05:01 - 2013-01-13 17:50 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\.purple
 
Files to move or delete:
====================
C:\Users\m0rb\AppData\Local\Temp\Quarantine.exe
C:\Users\m0rb\AppData\Local\Temp\sfamcc00001.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-01 22:45
 
==================== End Of Log ============================
 
Addition.txt is, as was requested, attached to the following message.
 
 
 
 
Link to post
Share on other sites

damned! I just used that last tool I scanned with and "cleaned"... unfortunately, now my Google Chrome settings cannot be saved any more and I have to download my favorite plug-ins every startup.

 

any suggestions how to fix this? damn, I'm such an idiot for deleting anything on my own... I'd appologize, but since I am the victim of my own stupidity... stuff!

Link to post
Share on other sites

  • Root Admin

Please stop using abusive language on the forum, thanks.
 
Please uninstall ALL versions of Java for now.
If you have the Ask Toolbar installed please uninstall it.
 
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

 

Then let's try resetting all of the browsers on your system if you have them.  If you don't have one of them just ignore that one.

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Restore Firefox Default Settings Without Uninstalling It

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera

 

Link to post
Share on other sites

hello again...

 

AdwCleaner does not find any problems any more... should I still post a log?

 and btw, it was AdwCleaner I've had used to "clean" the found problems, which left me with a crippled "Chrome".

concerning said browser, I followed your instructions and anything chrome told me to do, to restore my browser - unfortunately, it did not work and my chrome still is crippled.

 

well, I guess I could uninstall it completely and try to re-install. I just fear for all my links. I can't find any "export" option and I fear I wouldn't remember all the passwords for all the forums I ever registered.

seems like manually downloading 2 apps from chrome app-store and logging in to my browser are the lesser evil atm...

Link to post
Share on other sites

hey - I have a new, severe problem: trying to "unzip" an archive, I've been told that the location where temporary files were to be copied to, couldn't be accessed...  although the profile I use on this PC is the only admin, the only user-profile, really, I was told that my profile wouldn't have the necessary rights to write to this drive.

of course I checked whether there'd suddenly be any other profiles besides mine - there weren't. and of course I checked whether my profile did have all necessary rights to access, write or read hard-drives etc. - of course I have and only I!

as I wrote, there are no guest profiles on this PC and no other users besides myself. 

 

when I later tried to install a software (steam) onto my new HDD, I got an error message claiming something along the lines of: "error copying installation-data to the harddrive, make sure there's enough space on the HDD you're running this installer off.

unfortunately, this message occurs no matter which hard-drive I use. that new drive I mentioned is literally "virginal" - absolutely untouched.

 

this is wearing me off!

seriously, I've been thinking of "format C:\"-ing everything and starting with a clean slate...

my fears are only that it wouldn't be as clean as I thought it would and then there's loss of so much data.

Link to post
Share on other sites

  • Root Admin

Relying on a cookie to know your password is not very secure or wise.  Forums and Websites normally have an automated method to recover or reset your password so that should not be an issue.   I would highly recommend using this program to store links and passwords for you sites.  It can even generate passwords for you if you like.

KeePass Password Safe


I would only recommend backing up bookmarks
How to Backup and Restore Entire Google Chrome Setting

Starting with a new, clean, fresh installation of Chrome would be a good thing due to all the junk that's was on the system.
There are other browsers as well such as Firefox or Opera - I'm not a big fan of Chrome as it is the Cadillac of tracking and marketing for Google but to each their own.

Aside from the issues with Chrome how is the computer running otherwise?

 

 

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SpyCraft     
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 12.0 Firefox out of Date!  
 Google Chrome 29.0.1547.57  
 Google Chrome 29.0.1547.62  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System  Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
^
why is it listing "SpyCraft" as 'Anti-malware/Other Utilities'? I am pretty sure this is a game I had installed prior to my hard-drive going MIA.

 

 

How is the computer running?

 

basically, it runs smooth... 

that is, of course, besides denying me access to parts of my hard-disc(s) and not letting me install some new programmes or games, not even to my fresh-off-the-shelf HDD.

oh, I just tried opening a photo sent to me some weeks ago. it opened normally last week - now it told me "You cannot open this picture, because you are not authorized to access files stored in this location" - of course, I could cut out the file, shift it to another location and still not open it. but I could open it using "MS Paint"! yaay!

sorry, it's just that this doesn't make any sense to me, I have no idea why this is happening and it all seems so surreal to me. 

 

concerning browsers:

I used firefox for almost a decade (if that is even possible? let's stick with "a pretty long time" and I always liked it a lot, especially compared to Internet Explorer. then again, I'm pretty sure EVERY other browser runs better than IE - and safer. and faster. and more comfortably.

I never wanted to use chrome, particularly because it is known to be google's "spy". but, I really loved the "feel" of it and it seems to me it's much faster and more comfortable than firefox.

I can't really picture myself going back to the fox.

 

finally, IF I decided to re-install Windows, I'd HAVE TO abolish as many of my personal files as possible, right? 

I mean, just in case my current problems ARE caused by malware, I wouldn't want to carry anything over from one installation to the next.

Link to post
Share on other sites

oh, I just realized something, after reading this last protocol and don't know whzat to make off it:

when I tried updating "Adobe Reader" 2 minutes ago, I started the programme, selected "update" and received a message "there is no newer version available, Adobe Reader X is up-to-date".

BUT - and excuse me if this is nothing special, but it is something I always thought of as a sign of malware infestation - when I typed download "Adobe Reader" into my search-engine, it took me 2.4 seconds to realize that there IS a newer version available in deed!

 

does this mean something? (or does it only mean I shouldn't "think" any longer at all, for it is obviously a weak-spot of me)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.