View Full Version : olmarik in operating memory
Windows 7, Spybot TeaTimer unticked, ran ERUNT
ESET gives me an alert with the title text. It is unable to quarantine/delete whatever seems to cause the problem.
I would appreciate help to get a clean system again.
Thanks.
Here is the HJT file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:59, on 30.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
O:\Utilities\ESET NOD32 Antivirus\egui.exe
O:\Utilities\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
O:\Audio\iTunes\iTunesHelper.exe
D:\Utilities\Chameleon Clock\ChamClock.exe
O:\Utilities\Directory Opus\dopusrt.exe
C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
O:\Utilities\Directory Opus\dopus.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q0908221503&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - O:\Utilities\Java 1.6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - I:\Video\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [egui] "O:\Utilities\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "O:\Utilities\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "O:\Audio\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [HomeAlarm] D:\Utilities\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "O:\Utilities\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - Startup: Directory Opus.lnk = O:\Utilities\Directory Opus\dopus.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://O:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - O:\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - O:\Utilities\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - O:\Utilities\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - O:\Utilities\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\system32\SUPDSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - K:\Video\Photodex ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
--
End of file - 8397 bytes
Hi Kraut55
Please post ESET log next :)
I assume this is not what you mean but I could not find any hint where/if ESET stores a longer text file.
http://img251.imageshack.us/img251/2963/eset1.png (http://img251.imageshack.us/i/eset1.png/)
That doesn't unfortunately give any good information.
It might very well be false positive.
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt and Attach.txt will open.
Save both reports to your desktop.
Please copy/paste the contents of the following reports in your next reply:
DDS.txt
Attach.txt
DDS
DDS (Ver_10-03-17.01) - NTFSx86
Run by HGS at 14:59:32,20 on 04.04.2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1252 [GMT 2:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
O:\Utilities\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
O:\Utilities\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
O:\Audio\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O:\Utilities\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Utilities\Chameleon Clock\ChamClock.exe
O:\Utilities\Directory Opus\dopusrt.exe
C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
O:\Utilities\Directory Opus\dopus.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
K:\Video\Photodex ProShowProducer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
O:\Utilities\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
O:\Utilities\Java 1.6\bin\javaw.exe
C:\Windows\system32\taskeng.exe
C:\Users\HGS\Desktop\Malware\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.schnellsucher.com/?t=Q0908221503&s=h
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - o:\utilities\java 1.6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: TerraTec Home Cinema: {ad6e6555-fb2c-47d4-8339-3e2965509877} - i:\video\terrat~1\THCDES~1.DLL
uRun: [HomeAlarm] d:\utilities\chameleon clock\ChamClock.exe
uRun: [Directory Opus Desktop Dblclk] "o:\utilities\directory opus\dopusrt.exe" /dblclk
uRun: [Remote Control Editor] "c:\program files\common files\terratec\remote\TTTvRc.exe"
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
mRun: [egui] "o:\utilities\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "o:\audio\itunes\iTunesHelper.exe"
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [Malwarebytes' Anti-Malware] "o:\utilities\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hgs\appdata\roaming\micros~1\windows\startm~1\programs\startup\direct~1.lnk - o:\utilities\directory opus\dopus.exe
StartupFolder: c:\users\hgs\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hgs\appdata\roaming\micros~1\windows\startm~1\programs\startup\multires.lnk - c:\program files\multires\MultiRes.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\REGIST~1.LNK -
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scanne~1.lnk - c:\program files\scanwizard 5\ScannerFinder.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - o:\micros~1\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - o:\micros~1\office11\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - o:\utilities\directory opus\dopuslib.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\hgs\appdata\roaming\mozilla\firefox\profiles\0g7tgdic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\users\hgs\appdata\roaming\mozilla\firefox\profiles\0g7tgdic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\hgs\appdata\roaming\mozilla\firefox\profiles\0g7tgdic.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\users\hgs\appdata\roaming\mozilla\firefox\profiles\0g7tgdic.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\hgs\appdata\roaming\mozilla\firefox\profiles\0g7tgdic.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: o:\audio\itunes\mozilla plugins\npitunes.dll
FF - plugin: o:\utilities\java 1.6\bin\new_plugin\npdeploytk.dll
FF - plugin: o:\utilities\java 1.6\bin\new_plugin\npjp2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/12/08 10:54:05];o:\video\cyberlink powerdvd 8\powerdvd8\000.fcl [2009-8-28 87536]
R2 ekrn;ESET Service;o:\utilities\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-3-19 93312]
R2 MBAMService;MBAMService;o:\utilities\malwarebytes' anti-malware\mbamservice.exe [2010-3-31 303952]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-1-15 57344]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-7-28 5120]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-8-24 4497704]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-30 113448]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-3-9 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-16 20824]
R3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;c:\windows\system32\drivers\HS3dSensor1394.sys [2010-3-11 72704]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-3-30 13480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-3-1 322336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-15 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-3-26 27192]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2009-7-28 127656]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2009.sp3c\RpcAgentSrv.exe [2009-7-30 98488]
S3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\drivers\Cinergy_Hybrid-Stick_HID.sys [2010-3-6 23104]
S3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\drivers\UDXTTM6010.sys [2010-3-6 763584]
S3 utblfilt;utblfilt;c:\windows\system32\drivers\UTBLFILT.sys [2010-2-15 12084]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-8-24 16168]
=============== Created Last 30 ================
2010-04-04 09:57:05 1893582 ----a-w- C:\Aufnahme1.bmp
2010-04-03 21:41:03 21 ----a-w- c:\windows\TemplateWizard.INI
2010-04-02 16:03:04 0 d-----w- c:\users\hgs\appdata\roaming\LightZone
2010-04-02 16:02:50 0 d-----w- c:\program files\common files\eSellerate
2010-04-02 16:01:59 0 d-----w- c:\program files\LightZone 3
2010-04-02 07:37:54 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-01 22:50:55 1024 ----a-w- c:\windows\system32\u9pvgay.tgz
2010-04-01 22:50:18 0 d-----w- c:\programdata\VertusTech
2010-04-01 22:50:15 0 d-----w- c:\program files\Vertus Fluid Mask 3
2010-04-01 13:46:56 0 ---ha-w- c:\windows\€AstInfo.dat
2010-04-01 13:43:55 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-04-01 13:41:51 0 d-----w- c:\users\hgs\appdata\roaming\onOne Software
2010-04-01 13:38:30 0 d-----w- c:\programdata\onOne Software
2010-04-01 13:38:20 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-04-01 13:38:18 0 d-----w- c:\program files\onOne Software
2010-03-31 14:45:34 0 d-----w- c:\programdata\AltrixSoft
2010-03-31 14:44:06 0 d-----w- c:\program files\common files\AltrixSoft
2010-03-31 11:48:21 0 d-----w- c:\users\hgs\appdata\roaming\Mask Pro 4.0
2010-03-30 15:39:46 404943120 ----a-w- c:\windows\MEMORY.DMP
2010-03-30 14:58:01 77312 ----a-w- c:\windows\MBR.exe
2010-03-30 14:57:55 261632 ----a-w- c:\windows\PEV.exe
2010-03-30 14:57:53 161792 ----a-w- c:\windows\SWREG.exe
2010-03-30 14:57:52 98816 ----a-w- c:\windows\sed.exe
2010-03-30 14:55:49 0 d-s---w- C:\ComboFix
2010-03-30 11:30:11 0 d-----w- c:\users\hgs\appdata\roaming\WTouch
2010-03-30 11:30:08 245032 ----a-w- c:\windows\system32\Touch_Tablet.dll
2010-03-30 11:29:55 13480 ----a-w- c:\windows\system32\drivers\WacomVTHid.sys
2010-03-30 11:29:55 0 d-----w- c:\program files\WTouch
2010-03-30 11:29:44 0 d-----w- c:\program files\TabletPlugins
2010-03-30 10:16:21 0 d-----w- c:\program files\Topaz Labs
2010-03-26 12:49:47 508 ----a-w- c:\windows\wininit.ini
2010-03-26 12:07:07 0 d-----w- c:\windows\0E6ED660498C42F79EF4FB0C96DFC01A.TMP
2010-03-26 11:50:35 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-26 11:50:35 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-26 11:29:55 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-03-25 22:26:25 0 d-----w- c:\program files\Photodex Presenter
2010-03-25 22:23:45 0 d-----w- c:\users\hgs\appdata\roaming\Photodex
2010-03-25 22:23:44 0 d-----w- c:\programdata\Photodex
2010-03-23 11:36:28 0 d-----w- c:\users\hgs\appdata\roaming\Uniblue
2010-03-18 10:36:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-17 19:22:18 0 d-----w- c:\programdata\Lavasoft
2010-03-17 16:51:47 0 d-----w- c:\program files\Microsoft Research
2010-03-16 13:14:04 0 d-----w- c:\programdata\SlySoft
2010-03-16 12:17:26 175104 ----a-w- c:\users\hgs\appdata\roaming\SQLite3.dll
2010-03-16 12:17:10 0 d-----w- c:\program files\WinDefender32
2010-03-12 15:17:21 0 d-----w- c:\users\hgs\.activetrader
2010-03-12 15:17:13 0 d-----w- c:\users\hgs\activetrader
2010-03-11 17:52:58 72704 ----a-w- c:\windows\system32\drivers\HS3dSensor1394.sys
2010-03-10 15:04:36 65536 --sha-w- c:\users\hgs\NTUSER.DAT{2b951460-2c56-11df-aaa3-00c126009211}.TM.blf
2010-03-10 15:04:36 524288 --sha-w- c:\users\hgs\NTUSER.DAT{2b951460-2c56-11df-aaa3-00c126009211}.TMContainer00000000000000000002.regtrans-ms
2010-03-10 15:04:36 524288 --sha-w- c:\users\hgs\NTUSER.DAT{2b951460-2c56-11df-aaa3-00c126009211}.TMContainer00000000000000000001.regtrans-ms
2010-03-10 15:02:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-10 15:00:12 39296 ----a-w- c:\windows\system32\drivers\jraid.sys
2010-03-10 15:00:11 6912 ----a-w- c:\windows\system32\drivers\JGOGO.sys
2010-03-09 17:04:37 43520 ----a-w- c:\windows\system32\libusb0.dll
2010-03-09 17:04:37 28672 ----a-w- c:\windows\system32\drivers\libusb0.sys
2010-03-09 17:04:36 0 d-----w- c:\program files\LibUSB-Win32
2010-03-09 10:33:51 0 d-----w- c:\programdata\WinZip
2010-03-08 10:18:50 65536 ----a-w- c:\windows\system32\SSGB3ci.dll
2010-03-08 10:18:50 151552 ----a-w- c:\windows\system32\SSGB3ci.exe
2010-03-08 10:18:41 38400 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2010-03-08 10:18:11 0 d-----w- c:\temp\ML-1510
2010-03-07 22:32:15 69 ----a-w- c:\windows\NeroDigital.ini
2010-03-07 20:15:07 2097152 ----a-w- c:\temp\autorun.bin
2010-03-07 20:15:06 1531392 ----a-w- c:\temp\TSDNWIN.exe
2010-03-07 19:59:03 0 d-----w- c:\users\hgs\appdata\roaming\Ashampoo
2010-03-07 19:58:13 0 d-----w- c:\programdata\ashampoo
2010-03-07 18:24:17 0 d-----w- c:\program files\GetData
2010-03-07 16:50:57 4767 ----a-w- c:\windows\Irremote.ini
2010-03-07 16:40:21 0 d-----w- c:\program files\Nero
2010-03-07 16:39:54 0 d-----w- c:\programdata\Nero
2010-03-07 15:49:25 426 --sha-r- c:\users\hgs\ntuser.pol
2010-03-07 14:29:11 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-06 21:32:50 0 d-----w- c:\programdata\TerraTec
2010-03-06 21:30:24 0 d-----w- c:\users\hgs\appdata\roaming\TerraTec
2010-03-06 21:21:57 763584 ----a-w- c:\windows\system32\drivers\UDXTTM6010.sys
2010-03-06 21:21:57 23104 ----a-w- c:\windows\system32\drivers\Cinergy_Hybrid-Stick_HID.sys
2010-03-06 21:21:56 0 d-----w- c:\program files\common files\TerraTec
2010-03-06 16:28:03 0 d-----w- c:\users\hgs\appdata\roaming\TeamViewer
2010-03-06 16:25:19 0 d-----w- c:\program files\TeamViewer
2010-03-06 14:37:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32k_01009.Wdf
2010-03-06 14:36:54 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-03-06 14:36:53 30576 ----a-w- c:\windows\system32\drivers\point32k.sys
2010-03-06 10:26:45 0 d-----w- c:\program files\Macromedia
==================== Find3M ====================
2010-03-29 22:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-19 19:30:47 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-16 00:00:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 16:51:23 145268 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 15:49:39 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-23 15:10:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-21 22:26:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-02-21 22:26:00 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-02-21 22:26:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-02-21 22:26:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-02-21 22:26:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-02-15 17:32:55 641468 ----a-w- c:\windows\system32\perfh007.dat
2010-02-15 17:32:55 125856 ----a-w- c:\windows\system32\perfc007.dat
2010-02-15 10:24:00 369952 ----a-w- c:\windows\system32\yk62x86.dll
2010-02-15 10:24:00 322336 ----a-w- c:\windows\system32\drivers\yk62x86.sys
2010-02-04 09:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-21 14:03:57 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-15 13:27:56 57344 ----a-w- c:\windows\system32\nlssrv32.exe
2010-01-12 11:03:34 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-01-12 11:03:34 182888 ----a-w- c:\windows\system32\nvcod189.dll
2010-01-11 21:18:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-09-10 19:33:45 3213824 ----a-w- c:\program files\Common FilesDDBACSetup.msi
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-15 08:48:51 108 --sha-r- c:\windows\neoqaz2.dll
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 15:01:30,25 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume6
Install Date: 23.02.2010 16:57:40
System Uptime: 04.04.2010 10:46:19 (5 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5B-E Plus
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | LGA 775 | 2671/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 127 GiB total, 51,649 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 10,971 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 234 GiB total, 82,374 GiB free.
G: is FIXED (NTFS) - 114 GiB total, 36,74 GiB free.
H: is FIXED (NTFS) - 68 GiB total, 26,263 GiB free.
I: is FIXED (NTFS) - 68 GiB total, 24,42 GiB free.
J: is FIXED (NTFS) - 63 GiB total, 12,184 GiB free.
K: is FIXED (NTFS) - 60 GiB total, 7,058 GiB free.
N: is FIXED (NTFS) - 136 GiB total, 102,184 GiB free.
O: is FIXED (NTFS) - 202 GiB total, 161,976 GiB free.
Z: is FIXED (NTFS) - 1397 GiB total, 1188,782 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
==== System Restore Points ===================
RP71: 22.07.2009 12:55:42 - Windows Update
RP72: 23.07.2009 09:42:58 - Windows Update
RP74: 23.07.2009 13:54:39 - Installed Namo WebEditor 8 Trial
RP75: 23.07.2009 15:21:36 - Installed ACDSee 8
RP76: 24.07.2009 10:32:36 - Windows Update
RP78: 24.07.2009 12:49:53 - Installiert SoundMAX
RP79: 24.07.2009 12:50:26 - Device Driver Package Install: AnalogDevices Sound, video and game controllers
RP80: 25.07.2009 16:45:03 - Installed Mobipocket Creator 4.2
RP81: 28.07.2009 08:58:16 - Windows Update
RP82: 28.07.2009 12:31:27 - Installed SnagIt 8
RP83: 29.07.2009 09:23:41 - Windows Update
RP84: 02.08.2009 09:15:45 - Windows Update
RP103: 31.03.2010 16:11:46 - Installed Skype™ 4.2
RP105: 31.03.2010 20:51:01 - Revo Uninstaller Pro's restore point - The Rosetta Stone
RP106: 01.04.2010 15:37:48 - Installed Plug-in Suite 5
RP107: 02.04.2010 09:39:06 - Windows Update
==== Installed Programs ======================
7-Zip 9.09 beta
AAC Decoder
ACDSee Pro 2
ACDSee Pro 3
ACDSee RAW Image Decoder Plug-In Update 4.1
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.6.1
Adobe Reader 9.3 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Aigo Video to iPhone Converter V2.1.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.21
Auto Gordian Knot 2.55
Autopano Giga
AutoUpdate
Avery Zweckform DesignPro
AviSynth 2.5
AVM FRITZ!fax für FRITZ!Box
BayCalculator - Deinstallation
BenVista PhotoZoom Pro 2.2.6
BenVista PhotoZoom Pro 3.0.2
Better File Rename 5.5
Bonjour
Burn My Files
Canon iP4600 series Printer Driver
Canon iP4600 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
Cinergy Hybrid Stick V1.00.08.06a
CloneDVD2
Compatibility Pack for the 2007 Office system
Connect
CyberLink PowerDVD 8
Designer 2.0
Dfine 2.0
DHTML Editing Component
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Plus Web Player
DivX Version Checker
DolbyFiles
DriverMax 5
Dynamic-Photo HDR 4.65
ERUNT 1.1j
ESET NOD32 Antivirus
Free M4a to MP3 Converter 6.1
Google Earth
Google Gears
Google SketchUp 7
Google Update Helper
GPSoftware Directory Opus
GrabIt 1.7.2 Beta 4 (build 997)
Grabster AV 400
H.264 Decoder
HD View
HijackThis 2.0.2
Host OpenAL (ADI)
HyperSnap 6
ImagXpress
ImTOO iPhone Video Converter
Inkjet Printer/Scanner Extended Survey Program
iPhone-Konfigurationsprogramm
iPhoneBrowser
IsoBuster 2.2
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
kuler
LibUSB-Win32-0.1.12.1
LightZone 3.9
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Mask Pro 4.1
MD9570 Driver
MediaCoder 0.7.2.4536
Menu Templates - Starter Kit
MetaEditor
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 7.0
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
Movavi Video Converter 8
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSVCRT
MultiRes (remove only)
myphotobook 3.65
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
nik Color Efex Pro 2.0 Complete
NVIDIA Display Control Panel
NVIDIA Drivers
O&O UnErase
OFFICE11
OGA Notifier 2.0.0048.0
PDF Settings CS4
Pen Tablet
Photodex Presenter
Photomatix Pro version 3.2.7
Photoshop Camera Raw
Plug-in Suite 5
ProShow Producer
ProShow Workshop - Masking Exposed
ProShow Workshop - Mastering Audio
ProShow Workshop - Working With Layers
PVSonyDll
QuickPar 0.9
QuickTime
RealPlayer
Recover My Files
Remote Control USB Driver
Revo Uninstaller Pro 2.1.5
Rossmann Fotoservice
RW-Everything v1.3
Safari
Samsung ML-1510_700 Series
Samsung Universal Print Driver
ScanWizard 5
Secunia PSI
SiSoftware Sandra Professional Business 2009.SP3c
Skype web features
Skype™ 4.2
SopCast 3.2.4
SoundMAX
SoundTrax
Spybot - Search & Destroy
Suite Shared Configuration CS4
System Requirements Lab
TeamViewer 5
TerraTec Home Cinema
Topaz Adjust 3
Topaz Clean 2
Topaz DeJpeg 3
Topaz Denoise 3
Topaz Detail
Topaz ReMask 2
Topaz Simplify 2
Turbo Lister 2
TVUPlayer 2.4.7.2
UltraISO Premium V9.35
Universal Document Converter (Demo)
VC80CRTRedist - 8.0.50727.4053
Vertus Fluid Mask 3 3.0.10
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Viveza 2
VLC media player 1.0.2
VobSub v2.23 (Remove Only)
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Application Detect
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR
WinZip 14.0
WISE-FTP 6
XBMC
xplorer² professional
XviD MPEG4 Video Codec (remove only)
==== Event Viewer Messages From Past Week ========
30.03.2010 17:39:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a8bfd0, 0x8e313424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033010-36831-01.
30.03.2010 17:18:05, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
30.03.2010 17:06:40, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
30.03.2010 10:01:30, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x92c1919c, 0x8fa91b40, 0x8fa91720). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033010-36239-01.
29.03.2010 10:38:52, Error: Service Control Manager [7023] - The iPod-Dienst service terminated with the following error: %%-2147417831
28.03.2010 19:43:40, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=8) while initializing logging resources for channel Setup.
28.03.2010 10:50:29, Error: NetBT [4321] - The name "HGS-PC :0" could not be registered on the interface with IP address 192.168.178.57. The computer with the IP address 192.168.178.60 did not allow the name to be claimed by this computer.
28.03.2010 10:49:52, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9E0606BD-2231-49C4-8500-C21549CF1453} because another computer on the network has the same name. The server could not start.
28.03.2010 10:49:52, Error: NetBT [4321] - The name "HGS-PC :20" could not be registered on the interface with IP address 192.168.178.57. The computer with the IP address 192.168.178.60 did not allow the name to be claimed by this computer.
04.04.2010 12:08:46, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Windows 7.
04.04.2010 10:47:38, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 0 The details view of this entry contains further information.
04.04.2010 10:47:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
04.04.2010 10:47:06, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
04.04.2010 10:46:20, Error: sptd [4] - Driver detected an internal error in its data structures for .
03.04.2010 11:25:40, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
02.04.2010 20:41:40, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
02.04.2010 18:44:42, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
02.04.2010 13:08:31, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
02.04.2010 01:04:05, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: The interface is unknown.
02.04.2010 01:04:05, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: The interface is unknown.
02.04.2010 01:04:05, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: The interface is unknown.
02.04.2010 01:04:05, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
02.04.2010 01:04:05, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
02.04.2010 01:04:05, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
==== End Of File ===========================
I first have to warn you that due to operating system you have, not all used tools are compatible and that might cause some restrictions.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
http://img688.imageshack.us/img688/5918/kaspersky.png (http://img688.imageshack.us/i/kaspersky.png/)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:57, on 06.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\Explorer.EXE
O:\Utilities\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
O:\Audio\iTunes\iTunesHelper.exe
O:\Utilities\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Utilities\Chameleon Clock\ChamClock.exe
O:\Utilities\Directory Opus\dopusrt.exe
C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
O:\Utilities\Directory Opus\dopus.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schnellsucher.com/?t=Q0908221503&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - O:\Utilities\Java 1.6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - I:\Video\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [egui] "O:\Utilities\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "O:\Audio\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "O:\Utilities\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [HomeAlarm] D:\Utilities\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "O:\Utilities\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - Startup: Directory Opus.lnk = O:\Utilities\Directory Opus\dopus.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://O:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - O:\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - https://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - O:\Utilities\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - O:\Utilities\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - O:\Utilities\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\system32\SUPDSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe
O23 - Service: ScsiAccess - Unknown owner - K:\Video\Photodex ProShowProducer\ScsiAccess.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
--
End of file - 8540 bytes
OK nothing there.
Let's run another scanner.
Download to the desktop: Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe)
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
I have tried for 2 days/nights to get a result with Dr.Web but to no avail:
The fast scan got stuck on atapi.sys. The found index climbed up to more than 3500 until I forced a termination I tried it a second time, same thing, this time I stopped at around 200 (see screenprint: 198).
http://img32.imageshack.us/img32/7862/cureit.jpg (http://img32.imageshack.us/i/cureit.jpg/)
When I ran the custom scan it was busy for at least 6 hours on drive C: before I went to bed. Next morning there was a message asking if a threat should be cured. After the confirmation the same thing happened with the atapi.sys. Just to make sure I let it run longer this time but stopped the scan after 13132 "threats" were found.
http://img411.imageshack.us/img411/2458/drweb.jpg (http://img411.imageshack.us/i/drweb.jpg/)
13132 is a huge amount. Which infections most of them were?
I do not think that the numbers are correct. I assume that CureIt gets hung on atapi.sys (as I do not see any progress, no other files show up as being checked) and just counts the same infection over and over again. That's why I forced an end to the scan
I see.
Do you have operating system media handy?
Good.
First please do a search for atapi.sys and post back any hits here.
I gave up and reinstalled Windows. Sorry, but the message abou olmarik got on my nerves.
Thank you very much that you put so much effort into helping me.
Regards,
Kraut55
Sorry to hear that.
Please then post back a fresh HijackThis log and I will give you some tips for the future.