View Full Version : again Malware problems :-(
Hi
A month ago I fixed my laptop with your help. http://forums.spybot.info/showthread.php?t=67898 At first things were running quite ok - though a bit slow, especially after rebooting it took more time than before to have my OS ready to use. Now, however I experienced more problems, especially occasional bluescreens and incredibly slow performance (also only occasionally) after booting. After a while it usually gets better and runs quite normal. However I thought this needs fixing...
I hope you can help me!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
Run by Chris Novak at 10:29:33 on 2013-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2438 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609D670F-B735-4da7-AC6D-F3BD358E325E} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\CHRISN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
TCP: NameServer = 158.223.1.2 158.223.1.1
TCP: Interfaces\{632DD7E9-34B8-460E-80C0-5646C13BBD4B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C} : DHCPNameServer = 158.223.1.2 158.223.1.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\5416379724F687D2838354835383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\75C414E4D2030313144364431383640333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\76F6C64637D696478637F547563747 : DHCPNameServer = 158.223.0.122 158.223.0.123
TCP: Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}\84E46424640275C414E4 : DHCPNameServer = 192.168.178.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
x64-Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-14 65336]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-17 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-25 55856]
R1 afw;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2013-3-23 39528]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-5-30 28504]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-22 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-22 377920]
R1 SandBox;SandBox;C:\Windows\System32\drivers\SandBox64.sys [2013-3-23 1097672]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2013-3-23 3501696]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-25 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-14 45248]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-21 168384]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-25 1692480]
R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2013-3-23 424040]
R3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\System32\drivers\CryptOSD.sys [2009-6-25 431488]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-25 172704]
R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-25 5435904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ASWFilt;ASWFilt;C:\Windows\System32\Filt\ASWFilt64.dll [2013-3-23 49168]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-14 178624]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-10-25 35104]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-17 38096]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-21 19456]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-21 57856]
S3 VBEngNT;VBEngNT;C:\Windows\System32\drivers\VBEngNT.sys [2013-3-23 293048]
S3 VBFilt;VBFilt;C:\Windows\System32\Filt\VBFilt64.dll [2013-3-23 42976]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-26 1255736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
.
=============== Created Last 30 ================
.
2013-04-05 14:28:20 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC6527FC-1198-4020-9A2A-CFDED8A396D4}\mpengine.dll
2013-03-23 22:54:11 -------- d-----w- C:\ProgramData\PopCap Games
2013-03-23 22:54:11 -------- d-----w- C:\Program Files (x86)\PopCap Games
2013-03-23 16:25:15 -------- d-----w- C:\Program Files\WinDjView
2013-03-23 09:05:27 293048 ----a-w- C:\Windows\System32\drivers\VBEngNT.sys
2013-03-23 09:05:25 1097672 ----a-w- C:\Windows\System32\drivers\SandBox64.sys
2013-03-23 09:05:17 424040 ----a-w- C:\Windows\System32\drivers\afwcore.sys
2013-03-23 09:04:10 39528 ----a-w- C:\Windows\System32\drivers\afw.sys
2013-03-23 09:03:37 -------- d-----w- C:\Windows\System32\Filt
2013-03-23 09:03:37 -------- d-----w- C:\Users\Chris Novak\AppData\Roaming\Agnitum
2013-03-23 09:03:35 -------- d-----w- C:\Program Files\Agnitum
2013-03-23 09:01:37 -------- d-----w- C:\ProgramData\Agnitum
2013-03-17 18:44:24 -------- d-----w- C:\ProgramData\YTD Video Downloader
2013-03-17 18:44:19 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2013-03-15 17:53:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-14 11:41:54 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-14 11:41:54 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-14 10:05:18 249712 ----a-w- C:\Windows\SysWow64\~.tmp
2013-03-13 16:44:32 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-03-13 16:44:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2013-03-15 08:50:24 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 08:50:24 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-08 23:41:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 23:41:40 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-08 23:41:40 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-07 21:53:36 544688 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-03-07 21:53:36 526256 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-02-17 19:44:20 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 10:30:44,72 ===============
--------------------------
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 10:31:37
-----------------------------
10:31:37.406 OS Version: Windows x64 6.1.7601 Service Pack 1
10:31:37.406 Number of processors: 2 586 0x170A
10:31:37.408 ComputerName: CHRISNOVAK-PC UserName: Chris Novak
10:31:46.585 Initialize success
10:31:46.728 AVAST engine defs: 13040801
10:32:12.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:32:12.571 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 11
10:32:12.622 Disk 0 MBR read successfully
10:32:12.627 Disk 0 MBR scan
10:32:12.633 Disk 0 Windows VISTA default MBR code
10:32:12.638 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:32:12.669 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
10:32:12.685 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30800325
10:32:12.705 Disk 0 scanning C:\Windows\system32\drivers
10:32:23.341 Service scanning
10:32:39.589 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:32:44.891 Modules scanning
10:32:44.905 Disk 0 trace - called modules:
10:32:44.972 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003ca72c0]<<spyi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:32:44.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cdc060]
10:32:44.985 3 CLASSPNP.SYS[fffff880013c143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b23060]
10:32:44.991 \Driver\atapi[0xfffffa8004b08320] -> IRP_MJ_CREATE -> 0xfffffa8003ca72c0
10:32:46.469 AVAST engine scan C:\Windows
10:32:49.504 AVAST engine scan C:\Windows\system32
10:36:39.390 AVAST engine scan C:\Windows\system32\drivers
10:36:53.277 AVAST engine scan C:\Users\Chris Novak
11:35:36.832 AVAST engine scan C:\ProgramData
11:41:14.365 Scan finished successfully
11:44:50.097 Disk 0 MBR has been saved successfully to "C:\Users\Chris Novak\Desktop\MBR.dat"
11:44:50.108 The log file has been saved successfully to "C:\Users\Chris Novak\Desktop\aswMBR.txt"
---------------------
Search results from Spybot - Search & Destroy
08.04.2013 12:34:01
Scan took 00:34:16.
19 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Chris Novak\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BFRC3K9A\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=5D691C72E157C7148B14FF62D63DF717
Properties.filedate=1365258103
Properties.filedatetext=2013-04-06 15:21:43
Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=5936
Properties.md5=EB776A3D407E1A5B3C8E100560B3BDE2
Properties.filedate=1365419637
Properties.filedatetext=2013-04-08 12:13:57
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Office\12.0\Word\File MRU
Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-451487926-4224121053-1037840724-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (5) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (33) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
History: [SBI $49804B54] Browser: History (118) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---
2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-02-21 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2013-03-27 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-03-26 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-03-26 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-03-19 Includes\TrojansC-02.sbi (*)
2013-03-26 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2013-03-01 Includes\TrojansC.sbi (*)
Hi novfan welcome back :)
My name is Robybel.
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!! ;)
========================================
Please read carefully and follow these steps.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Hi! ;-)
no reboot was required
17:09:21.0057 6716 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:09:21.0430 6716 ============================================================
17:09:21.0431 6716 Current date / time: 2013/04/08 17:09:21.0430
17:09:21.0431 6716 SystemInfo:
17:09:21.0431 6716
17:09:21.0431 6716 OS Version: 6.1.7601 ServicePack: 1.0
17:09:21.0431 6716 Product type: Workstation
17:09:21.0431 6716 ComputerName: CHRISNOVAK-PC
17:09:21.0431 6716 UserName: Chris Novak
17:09:21.0431 6716 Windows directory: C:\Windows
17:09:21.0431 6716 System windows directory: C:\Windows
17:09:21.0431 6716 Running under WOW64
17:09:21.0431 6716 Processor architecture: Intel x64
17:09:21.0431 6716 Number of processors: 2
17:09:21.0431 6716 Page size: 0x1000
17:09:21.0432 6716 Boot type: Normal boot
17:09:21.0432 6716 ============================================================
17:09:23.0481 6716 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:23.0653 6716 ============================================================
17:09:23.0653 6716 \Device\Harddisk0\DR0:
17:09:23.0653 6716 MBR partitions:
17:09:23.0653 6716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
17:09:23.0654 6716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
17:09:23.0654 6716 ============================================================
17:09:23.0677 6716 C: <-> \Device\Harddisk0\DR0\Partition2
17:09:23.0678 6716 ============================================================
17:09:23.0678 6716 Initialize success
17:09:23.0678 6716 ============================================================
17:09:45.0562 5936 ============================================================
17:09:45.0562 5936 Scan started
17:09:45.0562 5936 Mode: Manual;
17:09:45.0562 5936 ============================================================
17:09:46.0479 5936 ================ Scan system memory ========================
17:09:46.0479 5936 System memory - ok
17:09:46.0480 5936 ================ Scan services =============================
17:09:46.0654 5936 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:09:46.0660 5936 1394ohci - ok
17:09:46.0725 5936 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:09:46.0732 5936 ACPI - ok
17:09:46.0735 5936 Scan interrupted by user!
17:09:46.0735 5936 ================ Scan global ===============================
17:09:46.0735 5936 Scan interrupted by user!
17:09:46.0735 5936 ================ Scan MBR ==================================
17:09:46.0735 5936 Scan interrupted by user!
17:09:46.0735 5936 ================ Scan VBR ==================================
17:09:46.0735 5936 Scan interrupted by user!
17:09:46.0735 5936 ============================================================
17:09:46.0735 5936 Scan finished
17:09:46.0735 5936 ============================================================
17:09:46.0752 5032 Detected object count: 0
17:09:46.0752 5032 Actual detected object count: 0
17:10:11.0535 5712 ============================================================
17:10:11.0535 5712 Scan started
17:10:11.0535 5712 Mode: Manual;
17:10:11.0535 5712 ============================================================
17:10:11.0979 5712 ================ Scan system memory ========================
17:10:11.0980 5712 System memory - ok
17:10:11.0980 5712 ================ Scan services =============================
17:10:12.0093 5712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:10:12.0096 5712 1394ohci - ok
17:10:12.0110 5712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:10:12.0115 5712 ACPI - ok
17:10:12.0157 5712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:10:12.0160 5712 AcpiPmi - ok
17:10:12.0405 5712 [ FE5DCF9F6F8EA5F1F3ED2C20B1C6023E ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
17:10:12.0493 5712 acssrv - ok
17:10:12.0579 5712 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:10:12.0583 5712 AdobeARMservice - ok
17:10:12.0699 5712 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:10:12.0705 5712 AdobeFlashPlayerUpdateSvc - ok
17:10:12.0766 5712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:10:12.0784 5712 adp94xx - ok
17:10:12.0822 5712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:10:12.0830 5712 adpahci - ok
17:10:12.0846 5712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:10:12.0850 5712 adpu320 - ok
17:10:12.0886 5712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:10:12.0887 5712 AeLookupSvc - ok
17:10:12.0959 5712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:10:12.0981 5712 AFD - ok
17:10:13.0045 5712 [ CBDD7EB1431086A6D56C6F700D98B644 ] afw C:\Windows\system32\DRIVERS\afw.sys
17:10:13.0048 5712 afw - ok
17:10:13.0122 5712 [ C8C34A00C98322B06BED456B13EE4497 ] afwcore C:\Windows\system32\drivers\afwcore.sys
17:10:13.0131 5712 afwcore - ok
17:10:13.0192 5712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:10:13.0195 5712 agp440 - ok
17:10:13.0206 5712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:10:13.0216 5712 ALG - ok
17:10:13.0243 5712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:10:13.0245 5712 aliide - ok
17:10:13.0293 5712 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:10:13.0298 5712 AMD External Events Utility - ok
17:10:13.0321 5712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:10:13.0323 5712 amdide - ok
17:10:13.0382 5712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:10:13.0385 5712 AmdK8 - ok
17:10:13.0410 5712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:10:13.0413 5712 AmdPPM - ok
17:10:13.0469 5712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:10:13.0473 5712 amdsata - ok
17:10:13.0497 5712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:10:13.0503 5712 amdsbs - ok
17:10:13.0525 5712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:10:13.0527 5712 amdxata - ok
17:10:13.0580 5712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:10:13.0583 5712 AppID - ok
17:10:13.0605 5712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:10:13.0608 5712 AppIDSvc - ok
17:10:13.0646 5712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:10:13.0649 5712 Appinfo - ok
17:10:13.0689 5712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:10:13.0692 5712 arc - ok
17:10:13.0710 5712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:10:13.0713 5712 arcsas - ok
17:10:13.0833 5712 [ F9ADE16B57293E3DD55D84879CAD2A20 ] ASWFilt C:\Windows\system32\Filt\ASWFilt64.dll
17:10:13.0855 5712 ASWFilt - ok
17:10:13.0918 5712 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:10:13.0921 5712 aswFsBlk - ok
17:10:13.0986 5712 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
17:10:13.0989 5712 aswKbd - ok
17:10:14.0039 5712 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:10:14.0042 5712 aswMonFlt - ok
17:10:14.0100 5712 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
17:10:14.0103 5712 aswRdr - ok
17:10:14.0162 5712 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:10:14.0165 5712 aswRvrt - ok
17:10:14.0245 5712 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:10:14.0275 5712 aswSnx - ok
17:10:14.0357 5712 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:10:14.0365 5712 aswSP - ok
17:10:14.0406 5712 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:10:14.0410 5712 aswTdi - ok
17:10:14.0468 5712 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:10:14.0473 5712 aswVmm - ok
17:10:14.0526 5712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:10:14.0528 5712 AsyncMac - ok
17:10:14.0570 5712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:10:14.0573 5712 atapi - ok
17:10:14.0624 5712 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:10:14.0628 5712 AtiHdmiService - ok
17:10:14.0987 5712 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:10:15.0120 5712 atikmdag - ok
17:10:15.0193 5712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:10:15.0215 5712 AudioEndpointBuilder - ok
17:10:15.0232 5712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:10:15.0241 5712 AudioSrv - ok
17:10:15.0338 5712 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:10:15.0341 5712 avast! Antivirus - ok
17:10:15.0419 5712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:10:15.0423 5712 AxInstSV - ok
17:10:15.0480 5712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:10:15.0500 5712 b06bdrv - ok
17:10:15.0579 5712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:10:15.0585 5712 b57nd60a - ok
17:10:15.0657 5712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:10:15.0661 5712 BDESVC - ok
17:10:15.0691 5712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:10:15.0694 5712 Beep - ok
17:10:15.0758 5712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:10:15.0781 5712 BFE - ok
17:10:15.0853 5712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:10:15.0888 5712 BITS - ok
17:10:15.0950 5712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:10:15.0953 5712 blbdrive - ok
17:10:15.0992 5712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:10:15.0995 5712 bowser - ok
17:10:16.0045 5712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:10:16.0047 5712 BrFiltLo - ok
17:10:16.0063 5712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:10:16.0065 5712 BrFiltUp - ok
17:10:16.0100 5712 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:10:16.0104 5712 BridgeMP - ok
17:10:16.0151 5712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:10:16.0154 5712 Browser - ok
17:10:16.0179 5712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:10:16.0185 5712 Brserid - ok
17:10:16.0204 5712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:10:16.0206 5712 BrSerWdm - ok
17:10:16.0226 5712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:10:16.0228 5712 BrUsbMdm - ok
17:10:16.0243 5712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:10:16.0245 5712 BrUsbSer - ok
17:10:16.0297 5712 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:10:16.0300 5712 BthEnum - ok
17:10:16.0329 5712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:10:16.0332 5712 BTHMODEM - ok
17:10:16.0371 5712 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:10:16.0375 5712 BthPan - ok
17:10:16.0467 5712 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:10:16.0485 5712 BTHPORT - ok
17:10:16.0542 5712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:10:16.0546 5712 bthserv - ok
17:10:16.0571 5712 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:10:16.0573 5712 BTHUSB - ok
17:10:16.0616 5712 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:10:16.0619 5712 btwaudio - ok
17:10:16.0666 5712 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:10:16.0671 5712 btwavdt - ok
17:10:16.0728 5712 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:10:16.0762 5712 btwdins - ok
17:10:16.0788 5712 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:10:16.0791 5712 btwl2cap - ok
17:10:16.0811 5712 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:10:16.0814 5712 btwrchid - ok
17:10:16.0863 5712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:10:16.0866 5712 cdfs - ok
17:10:16.0925 5712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:10:16.0930 5712 cdrom - ok
17:10:16.0979 5712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:10:16.0983 5712 CertPropSvc - ok
17:10:17.0005 5712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:10:17.0008 5712 circlass - ok
17:10:17.0040 5712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:10:17.0049 5712 CLFS - ok
17:10:17.0156 5712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:10:17.0160 5712 clr_optimization_v2.0.50727_32 - ok
17:10:17.0205 5712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:10:17.0209 5712 clr_optimization_v2.0.50727_64 - ok
17:10:17.0451 5712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:10:17.0487 5712 clr_optimization_v4.0.30319_32 - ok
17:10:17.0676 5712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:10:17.0680 5712 clr_optimization_v4.0.30319_64 - ok
17:10:17.0714 5712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:10:17.0716 5712 CmBatt - ok
17:10:17.0752 5712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:10:17.0755 5712 cmdide - ok
17:10:17.0802 5712 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
17:10:17.0812 5712 CNG - ok
17:10:17.0874 5712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:10:17.0877 5712 Compbatt - ok
17:10:17.0921 5712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:10:17.0924 5712 CompositeBus - ok
17:10:17.0945 5712 COMSysApp - ok
17:10:17.0991 5712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:10:17.0993 5712 crcdisk - ok
17:10:18.0064 5712 [ 0D7F96AF026D7C1AFDE2A83980A65018 ] CryptOSD C:\Windows\system32\DRIVERS\CryptOSD.sys
17:10:18.0087 5712 CryptOSD - ok
17:10:18.0132 5712 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:10:18.0138 5712 CryptSvc - ok
17:10:18.0169 5712 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:10:18.0175 5712 CtClsFlt - ok
17:10:18.0229 5712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:10:18.0252 5712 DcomLaunch - ok
17:10:18.0297 5712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:10:18.0303 5712 defragsvc - ok
17:10:18.0360 5712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:10:18.0364 5712 DfsC - ok
17:10:18.0428 5712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:10:18.0436 5712 Dhcp - ok
17:10:18.0464 5712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:10:18.0466 5712 discache - ok
17:10:18.0498 5712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:10:18.0503 5712 Disk - ok
17:10:18.0540 5712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:10:18.0542 5712 Dnscache - ok
17:10:18.0596 5712 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:10:18.0600 5712 DockLoginService - ok
17:10:18.0659 5712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:10:18.0665 5712 dot3svc - ok
17:10:18.0705 5712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:10:18.0711 5712 DPS - ok
17:10:18.0726 5712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:10:18.0729 5712 drmkaud - ok
17:10:18.0799 5712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:10:18.0832 5712 DXGKrnl - ok
17:10:18.0868 5712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:10:18.0872 5712 EapHost - ok
17:10:18.0986 5712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:10:19.0079 5712 ebdrv - ok
17:10:19.0125 5712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:10:19.0128 5712 EFS - ok
17:10:19.0186 5712 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:10:19.0204 5712 ehRecvr - ok
17:10:19.0227 5712 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:10:19.0230 5712 ehSched - ok
17:10:19.0268 5712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:10:19.0284 5712 elxstor - ok
17:10:19.0334 5712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:10:19.0336 5712 ErrDev - ok
17:10:19.0379 5712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:10:19.0388 5712 EventSystem - ok
17:10:19.0418 5712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:10:19.0423 5712 exfat - ok
17:10:19.0445 5712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:10:19.0450 5712 fastfat - ok
17:10:19.0532 5712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:10:19.0554 5712 Fax - ok
17:10:19.0607 5712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:10:19.0610 5712 fdc - ok
17:10:19.0626 5712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:10:19.0629 5712 fdPHost - ok
17:10:19.0640 5712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:10:19.0643 5712 FDResPub - ok
17:10:19.0655 5712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:10:19.0657 5712 FileInfo - ok
17:10:19.0677 5712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:10:19.0679 5712 Filetrace - ok
17:10:19.0696 5712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:10:19.0698 5712 flpydisk - ok
17:10:19.0742 5712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:10:19.0750 5712 FltMgr - ok
17:10:19.0825 5712 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
17:10:19.0872 5712 FontCache - ok
17:10:19.0965 5712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:19.0969 5712 FontCache3.0.0.0 - ok
17:10:19.0988 5712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:10:19.0991 5712 FsDepends - ok
17:10:20.0029 5712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:10:20.0031 5712 Fs_Rec - ok
17:10:20.0078 5712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:10:20.0084 5712 fvevol - ok
17:10:20.0122 5712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:10:20.0125 5712 gagp30kx - ok
17:10:20.0189 5712 [ E80C14B9C6E5B57BB7710B356857A964 ] gfiark C:\Windows\system32\drivers\gfiark.sys
17:10:20.0192 5712 gfiark - ok
17:10:20.0273 5712 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
17:10:20.0276 5712 gfibto - ok
17:10:20.0344 5712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:10:20.0378 5712 gpsvc - ok
17:10:20.0458 5712 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:20.0462 5712 gupdate - ok
17:10:20.0487 5712 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:20.0490 5712 gupdatem - ok
17:10:20.0530 5712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:10:20.0533 5712 hcw85cir - ok
17:10:20.0603 5712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:10:20.0607 5712 HDAudBus - ok
17:10:20.0628 5712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:10:20.0630 5712 HidBatt - ok
17:10:20.0653 5712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:10:20.0655 5712 HidBth - ok
17:10:20.0684 5712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:10:20.0686 5712 HidIr - ok
17:10:20.0729 5712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:10:20.0734 5712 hidserv - ok
17:10:20.0756 5712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:10:20.0758 5712 HidUsb - ok
17:10:20.0805 5712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:10:20.0811 5712 hkmsvc - ok
17:10:20.0864 5712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:10:20.0873 5712 HomeGroupListener - ok
17:10:20.0922 5712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:10:20.0930 5712 HomeGroupProvider - ok
17:10:21.0038 5712 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:10:21.0046 5712 hpqcxs08 - ok
17:10:21.0102 5712 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:10:21.0106 5712 hpqddsvc - ok
17:10:21.0158 5712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:10:21.0162 5712 HpSAMD - ok
17:10:21.0218 5712 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:10:21.0255 5712 HPSLPSVC - ok
17:10:21.0350 5712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:10:21.0373 5712 HTTP - ok
17:10:21.0428 5712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:10:21.0432 5712 hwpolicy - ok
17:10:21.0496 5712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:10:21.0500 5712 i8042prt - ok
17:10:21.0558 5712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:10:21.0567 5712 iaStorV - ok
17:10:21.0651 5712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:21.0685 5712 idsvc - ok
17:10:21.0724 5712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:10:21.0726 5712 iirsp - ok
17:10:21.0816 5712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:10:21.0850 5712 IKEEXT - ok
17:10:21.0913 5712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:10:21.0916 5712 intelide - ok
17:10:21.0943 5712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:10:21.0946 5712 intelppm - ok
17:10:21.0982 5712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:10:21.0986 5712 IPBusEnum - ok
17:10:22.0037 5712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:22.0041 5712 IpFilterDriver - ok
17:10:22.0085 5712 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:10:22.0109 5712 iphlpsvc - ok
17:10:22.0161 5712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:10:22.0164 5712 IPMIDRV - ok
17:10:22.0186 5712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:10:22.0190 5712 IPNAT - ok
17:10:22.0213 5712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:10:22.0215 5712 IRENUM - ok
17:10:22.0249 5712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:10:22.0251 5712 isapnp - ok
17:10:22.0298 5712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:10:22.0305 5712 iScsiPrt - ok
17:10:22.0341 5712 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
17:10:22.0346 5712 k57nd60a - ok
17:10:22.0410 5712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:10:22.0413 5712 kbdclass - ok
17:10:22.0426 5712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:10:22.0429 5712 kbdhid - ok
17:10:22.0449 5712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:10:22.0452 5712 KeyIso - ok
17:10:22.0503 5712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:10:22.0507 5712 KSecDD - ok
17:10:22.0547 5712 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:10:22.0551 5712 KSecPkg - ok
17:10:22.0583 5712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:10:22.0585 5712 ksthunk - ok
17:10:22.0624 5712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:10:22.0644 5712 KtmRm - ok
17:10:22.0710 5712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:10:22.0721 5712 LanmanServer - ok
17:10:22.0774 5712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:10:22.0784 5712 LanmanWorkstation - ok
17:10:22.0825 5712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:10:22.0828 5712 lltdio - ok
17:10:22.0864 5712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:10:22.0874 5712 lltdsvc - ok
17:10:22.0892 5712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:10:22.0897 5712 lmhosts - ok
17:10:22.0931 5712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:10:22.0934 5712 LSI_FC - ok
17:10:22.0968 5712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:10:22.0970 5712 LSI_SAS - ok
17:10:22.0998 5712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:10:23.0002 5712 LSI_SAS2 - ok
17:10:23.0024 5712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:10:23.0028 5712 LSI_SCSI - ok
17:10:23.0065 5712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:10:23.0069 5712 luafv - ok
17:10:23.0106 5712 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:10:23.0113 5712 Mcx2Svc - ok
17:10:23.0130 5712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:10:23.0133 5712 megasas - ok
17:10:23.0160 5712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:10:23.0165 5712 MegaSR - ok
17:10:23.0251 5712 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:10:23.0255 5712 Microsoft Office Groove Audit Service - ok
17:10:23.0309 5712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:10:23.0315 5712 MMCSS - ok
17:10:23.0360 5712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:10:23.0363 5712 Modem - ok
17:10:23.0388 5712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:10:23.0390 5712 monitor - ok
17:10:23.0424 5712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:10:23.0428 5712 mouclass - ok
17:10:23.0462 5712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:10:23.0465 5712 mouhid - ok
17:10:23.0502 5712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:10:23.0505 5712 mountmgr - ok
17:10:23.0554 5712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:10:23.0559 5712 mpio - ok
17:10:23.0590 5712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:10:23.0593 5712 mpsdrv - ok
17:10:23.0655 5712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:10:23.0690 5712 MpsSvc - ok
17:10:23.0731 5712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:10:23.0734 5712 MRxDAV - ok
17:10:23.0780 5712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:23.0785 5712 mrxsmb - ok
17:10:23.0832 5712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:23.0840 5712 mrxsmb10 - ok
17:10:23.0864 5712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:23.0868 5712 mrxsmb20 - ok
17:10:23.0906 5712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:10:23.0909 5712 msahci - ok
17:10:23.0942 5712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:10:23.0946 5712 msdsm - ok
17:10:23.0979 5712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:10:23.0986 5712 MSDTC - ok
17:10:24.0026 5712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:10:24.0028 5712 Msfs - ok
17:10:24.0047 5712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:10:24.0049 5712 mshidkmdf - ok
17:10:24.0090 5712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:10:24.0092 5712 msisadrv - ok
17:10:24.0123 5712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:10:24.0130 5712 MSiSCSI - ok
17:10:24.0139 5712 msiserver - ok
17:10:24.0181 5712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:10:24.0184 5712 MSKSSRV - ok
17:10:24.0216 5712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:24.0219 5712 MSPCLOCK - ok
17:10:24.0245 5712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:10:24.0247 5712 MSPQM - ok
17:10:24.0292 5712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:10:24.0298 5712 MsRPC - ok
17:10:24.0324 5712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:10:24.0326 5712 mssmbios - ok
17:10:24.0349 5712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:10:24.0351 5712 MSTEE - ok
17:10:24.0375 5712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:10:24.0378 5712 MTConfig - ok
17:10:24.0417 5712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:10:24.0420 5712 Mup - ok
17:10:24.0473 5712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:10:24.0493 5712 napagent - ok
17:10:24.0524 5712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:10:24.0530 5712 NativeWifiP - ok
17:10:24.0599 5712 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:10:24.0631 5712 NDIS - ok
17:10:24.0651 5712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:10:24.0653 5712 NdisCap - ok
17:10:24.0681 5712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:24.0684 5712 NdisTapi - ok
17:10:24.0745 5712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:24.0748 5712 Ndisuio - ok
17:10:24.0793 5712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:24.0798 5712 NdisWan - ok
17:10:24.0850 5712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:10:24.0853 5712 NDProxy - ok
17:10:24.0958 5712 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:10:25.0012 5712 Net Driver HPZ12 - ok
17:10:25.0183 5712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:10:25.0228 5712 NetBIOS - ok
17:10:25.0282 5712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:10:25.0289 5712 NetBT - ok
17:10:25.0317 5712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:10:25.0322 5712 Netlogon - ok
17:10:25.0377 5712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:10:25.0385 5712 Netman - ok
17:10:25.0439 5712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:10:25.0462 5712 netprofm - ok
17:10:25.0493 5712 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:10:25.0497 5712 NetTcpPortSharing - ok
17:10:25.0680 5712 [ 705283C02177809CA9FA7CC58A4F1E77 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
17:10:25.0820 5712 NETw5v64 - ok
17:10:25.0869 5712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:10:25.0873 5712 nfrd960 - ok
17:10:25.0931 5712 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:10:25.0941 5712 NlaSvc - ok
17:10:25.0957 5712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:10:25.0959 5712 Npfs - ok
17:10:25.0998 5712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:10:26.0004 5712 nsi - ok
17:10:26.0023 5712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:10:26.0026 5712 nsiproxy - ok
17:10:26.0123 5712 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:10:26.0181 5712 Ntfs - ok
17:10:26.0213 5712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:10:26.0215 5712 Null - ok
17:10:26.0243 5712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:10:26.0247 5712 nvraid - ok
17:10:26.0300 5712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:10:26.0306 5712 nvstor - ok
17:10:26.0329 5712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:10:26.0333 5712 nv_agp - ok
17:10:26.0423 5712 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:10:26.0431 5712 odserv - ok
17:10:26.0471 5712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:10:26.0474 5712 ohci1394 - ok
17:10:26.0533 5712 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:10:26.0538 5712 ose - ok
17:10:26.0589 5712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:10:26.0610 5712 p2pimsvc - ok
17:10:26.0645 5712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:10:26.0665 5712 p2psvc - ok
17:10:26.0706 5712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:10:26.0710 5712 Parport - ok
17:10:26.0758 5712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:10:26.0762 5712 partmgr - ok
17:10:26.0786 5712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:10:26.0796 5712 PcaSvc - ok
17:10:26.0848 5712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:10:26.0852 5712 pci - ok
17:10:26.0880 5712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:10:26.0881 5712 pciide - ok
17:10:26.0904 5712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:10:26.0908 5712 pcmcia - ok
17:10:26.0927 5712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:10:26.0930 5712 pcw - ok
17:10:26.0955 5712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:10:26.0973 5712 PEAUTH - ok
17:10:27.0068 5712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:10:27.0074 5712 PerfHost - ok
17:10:27.0166 5712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:10:27.0208 5712 pla - ok
17:10:27.0283 5712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:10:27.0305 5712 PlugPlay - ok
17:10:27.0401 5712 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:10:27.0407 5712 Pml Driver HPZ12 - ok
17:10:27.0449 5712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:10:27.0456 5712 PNRPAutoReg - ok
17:10:27.0490 5712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:10:27.0499 5712 PNRPsvc - ok
17:10:27.0563 5712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:10:27.0584 5712 PolicyAgent - ok
17:10:27.0646 5712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:10:27.0669 5712 Power - ok
17:10:27.0720 5712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:10:27.0724 5712 PptpMiniport - ok
17:10:27.0793 5712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:10:27.0797 5712 Processor - ok
17:10:27.0874 5712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:10:27.0883 5712 ProfSvc - ok
17:10:27.0908 5712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:10:27.0913 5712 ProtectedStorage - ok
17:10:27.0970 5712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:10:27.0975 5712 Psched - ok
17:10:28.0025 5712 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
17:10:28.0028 5712 PSI - ok
17:10:28.0084 5712 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:10:28.0088 5712 PxHlpa64 - ok
17:10:28.0151 5712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:10:28.0197 5712 ql2300 - ok
17:10:28.0242 5712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:10:28.0247 5712 ql40xx - ok
17:10:28.0288 5712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:10:28.0296 5712 QWAVE - ok
17:10:28.0319 5712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:10:28.0321 5712 QWAVEdrv - ok
17:10:28.0339 5712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:10:28.0341 5712 RasAcd - ok
17:10:28.0382 5712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:10:28.0385 5712 RasAgileVpn - ok
17:10:28.0411 5712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:10:28.0419 5712 RasAuto - ok
17:10:28.0477 5712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:10:28.0481 5712 Rasl2tp - ok
17:10:28.0536 5712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:10:28.0559 5712 RasMan - ok
17:10:28.0586 5712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:10:28.0590 5712 RasPppoe - ok
17:10:28.0618 5712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:10:28.0621 5712 RasSstp - ok
17:10:28.0669 5712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:10:28.0677 5712 rdbss - ok
17:10:28.0698 5712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:10:28.0700 5712 rdpbus - ok
17:10:28.0722 5712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:10:28.0724 5712 RDPCDD - ok
17:10:28.0742 5712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:10:28.0744 5712 RDPENCDD - ok
17:10:28.0765 5712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:10:28.0767 5712 RDPREFMP - ok
17:10:28.0844 5712 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:10:28.0847 5712 RdpVideoMiniport - ok
17:10:28.0891 5712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:10:28.0896 5712 RDPWD - ok
17:10:28.0958 5712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:10:28.0963 5712 rdyboost - ok
17:10:28.0998 5712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:10:29.0002 5712 RemoteAccess - ok
17:10:29.0033 5712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:10:29.0039 5712 RemoteRegistry - ok
17:10:29.0074 5712 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:10:29.0079 5712 RFCOMM - ok
17:10:29.0117 5712 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
17:10:29.0119 5712 rimmptsk - ok
17:10:29.0139 5712 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
17:10:29.0141 5712 rimsptsk - ok
17:10:29.0173 5712 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
17:10:29.0175 5712 rismxdp - ok
17:10:29.0189 5712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:10:29.0194 5712 RpcEptMapper - ok
17:10:29.0215 5712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:10:29.0219 5712 RpcLocator - ok
17:10:29.0267 5712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:10:29.0274 5712 RpcSs - ok
17:10:29.0332 5712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:10:29.0336 5712 rspndr - ok
17:10:29.0386 5712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:10:29.0392 5712 SamSs - ok
17:10:29.0508 5712 [ 1C20BC6D990A163C88DB015CB5317D7E ] SandBox C:\Windows\system32\drivers\SandBox64.sys
17:10:29.0550 5712 SandBox - ok
17:10:29.0599 5712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:10:29.0602 5712 sbp2port - ok
17:10:29.0629 5712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:10:29.0636 5712 SCardSvr - ok
17:10:29.0677 5712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:10:29.0681 5712 scfilter - ok
17:10:29.0759 5712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:10:29.0793 5712 Schedule - ok
17:10:29.0842 5712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:10:29.0845 5712 SCPolicySvc - ok
17:10:29.0908 5712 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:10:29.0913 5712 sdbus - ok
17:10:29.0966 5712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:10:29.0974 5712 SDRSVC - ok
17:10:30.0088 5712 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:10:30.0124 5712 SDScannerService - ok
17:10:30.0218 5712 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:10:30.0265 5712 SDUpdateService - ok
17:10:30.0402 5712 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:10:30.0406 5712 SDWSCService - ok
17:10:30.0432 5712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:10:30.0434 5712 secdrv - ok
17:10:30.0456 5712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:10:30.0463 5712 seclogon - ok
17:10:30.0601 5712 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:10:30.0626 5712 Secunia PSI Agent - ok
17:10:30.0760 5712 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
17:10:30.0772 5712 Secunia Update Agent - ok
17:10:30.0809 5712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:10:30.0814 5712 SENS - ok
17:10:30.0830 5712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:10:30.0838 5712 SensrSvc - ok
17:10:30.0865 5712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:10:30.0867 5712 Serenum - ok
17:10:30.0891 5712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:10:30.0893 5712 Serial - ok
17:10:30.0952 5712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:10:30.0955 5712 sermouse - ok
17:10:31.0019 5712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:10:31.0025 5712 SessionEnv - ok
17:10:31.0071 5712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:10:31.0074 5712 sffdisk - ok
17:10:31.0095 5712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:10:31.0097 5712 sffp_mmc - ok
17:10:31.0120 5712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:10:31.0123 5712 sffp_sd - ok
17:10:31.0145 5712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:10:31.0147 5712 sfloppy - ok
17:10:31.0263 5712 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:10:31.0309 5712 SftService - ok
17:10:31.0371 5712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:10:31.0391 5712 SharedAccess - ok
17:10:31.0460 5712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:10:31.0482 5712 ShellHWDetection - ok
17:10:31.0537 5712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:10:31.0540 5712 SiSRaid2 - ok
17:10:31.0615 5712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:10:31.0618 5712 SiSRaid4 - ok
17:10:31.0748 5712 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:10:31.0752 5712 SkypeUpdate - ok
17:10:31.0788 5712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:10:31.0792 5712 Smb - ok
17:10:31.0837 5712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:10:31.0842 5712 SNMPTRAP - ok
17:10:31.0865 5712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:10:31.0867 5712 spldr - ok
17:10:31.0920 5712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:10:31.0953 5712 Spooler - ok
17:10:32.0085 5712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:10:32.0190 5712 sppsvc - ok
17:10:32.0215 5712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:10:32.0221 5712 sppuinotify - ok
17:10:32.0256 5712 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
17:10:32.0258 5712 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
17:10:32.0261 5712 sptd ( LockedFile.Multi.Generic ) - warning
17:10:32.0261 5712 sptd - detected LockedFile.Multi.Generic (1)
17:10:32.0314 5712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:10:32.0323 5712 srv - ok
17:10:32.0354 5712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:10:32.0361 5712 srv2 - ok
17:10:32.0375 5712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:10:32.0379 5712 srvnet - ok
17:10:32.0407 5712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:10:32.0414 5712 SSDPSRV - ok
17:10:32.0435 5712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:10:32.0440 5712 SstpSvc - ok
17:10:32.0548 5712 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
17:10:32.0554 5712 STacSV - ok
17:10:32.0595 5712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:10:32.0599 5712 stexstor - ok
17:10:32.0649 5712 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:10:32.0672 5712 STHDA - ok
17:10:32.0720 5712 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:10:32.0744 5712 StillCam - ok
17:10:32.0837 5712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc
C:\Windows\System32\wiaservc.dll
17:10:32.0860 5712 stisvc - ok
17:10:32.0896 5712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:10:32.0898 5712 swenum - ok
17:10:32.0949 5712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:10:32.0973 5712 swprv - ok
17:10:33.0018 5712 [ 1657B7442D5CE30533F5C4317716B468 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:10:33.0023 5712 SynTP - ok
17:10:33.0108 5712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:10:33.0166 5712 SysMain - ok
17:10:33.0214 5712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:10:33.0222 5712 TabletInputService - ok
17:10:33.0267 5712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:10:33.0275 5712 TapiSrv - ok
17:10:33.0314 5712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:10:33.0320 5712 TBS - ok
17:10:33.0402 5712 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:10:33.0462 5712 Tcpip - ok
17:10:33.0538 5712 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:10:33.0552 5712 TCPIP6 - ok
17:10:33.0593 5712 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:10:33.0595 5712 tcpipreg - ok
17:10:33.0639 5712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:10:33.0685 5712 TDPIPE - ok
17:10:33.0743 5712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:10:33.0746 5712 TDTCP - ok
17:10:33.0796 5712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:10:33.0801 5712 tdx - ok
17:10:33.0849 5712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:10:33.0852 5712 TermDD - ok
17:10:33.0913 5712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:10:33.0947 5712 TermService - ok
17:10:33.0990 5712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:10:33.0999 5712 Themes - ok
17:10:34.0038 5712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:10:34.0044 5712 THREADORDER - ok
17:10:34.0069 5712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:10:34.0075 5712 TrkWks - ok
17:10:34.0135 5712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:10:34.0140 5712 TrustedInstaller - ok
17:10:34.0188 5712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:10:34.0191 5712 tssecsrv - ok
17:10:34.0255 5712 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:10:34.0259 5712 TsUsbFlt - ok
17:10:34.0330 5712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:10:34.0334 5712 tunnel - ok
17:10:34.0377 5712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:10:34.0383 5712 uagp35 - ok
17:10:34.0442 5712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:10:34.0450 5712 udfs - ok
17:10:34.0500 5712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:10:34.0506 5712 UI0Detect - ok
17:10:34.0526 5712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:10:34.0530 5712 uliagpkx - ok
17:10:34.0591 5712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:10:34.0594 5712 umbus - ok
17:10:34.0624 5712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:10:34.0626 5712 UmPass - ok
17:10:34.0668 5712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:10:34.0678 5712 upnphost - ok
17:10:34.0752 5712 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:10:34.0756 5712 usbaudio - ok
17:10:34.0796 5712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:10:34.0801 5712 usbccgp - ok
17:10:34.0860 5712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:10:34.0864 5712 usbcir - ok
17:10:34.0898 5712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:10:34.0902 5712 usbehci - ok
17:10:34.0952 5712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:10:34.0959 5712 usbhub - ok
17:10:34.0982 5712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:10:34.0985 5712 usbohci - ok
17:10:35.0013 5712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:10:35.0015 5712 usbprint - ok
17:10:35.0047 5712 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:10:35.0051 5712 usbscan - ok
17:10:35.0105 5712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:10:35.0109 5712 USBSTOR - ok
17:10:35.0149 5712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:10:35.0152 5712 usbuhci - ok
17:10:35.0220 5712 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:10:35.0226 5712 usbvideo - ok
17:10:35.0288 5712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:10:35.0297 5712 UxSms - ok
17:10:35.0335 5712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:10:35.0338 5712 VaultSvc - ok
17:10:35.0437 5712 [ FDDF916A3E1E98C5E1DBEE380F7FDE52 ] VBEngNT C:\Windows\system32\drivers\VBEngNT.sys
17:10:35.0444 5712 VBEngNT - ok
17:10:35.0578 5712 [ AF6370F45BA18DBA70461DBE8731A24E ] VBFilt C:\Windows\system32\Filt\VBFilt64.dll
17:10:35.0582 5712 VBFilt - ok
17:10:35.0630 5712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:10:35.0634 5712 vdrvroot - ok
17:10:35.0694 5712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:10:35.0717 5712 vds - ok
17:10:35.0772 5712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:10:35.0776 5712 vga - ok
17:10:35.0794 5712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:10:35.0798 5712 VgaSave - ok
17:10:35.0851 5712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:10:35.0858 5712 vhdmp - ok
17:10:35.0888 5712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:10:35.0891 5712 viaide - ok
17:10:35.0918 5712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:10:35.0921 5712 volmgr - ok
17:10:35.0969 5712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:10:35.0976 5712 volmgrx - ok
17:10:36.0000 5712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:10:36.0007 5712 volsnap - ok
17:10:36.0036 5712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:10:36.0040 5712 vsmraid - ok
17:10:36.0130 5712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:10:36.0187 5712 VSS - ok
17:10:36.0232 5712 vvdsvc - ok
17:10:36.0260 5712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:10:36.0264 5712 vwifibus - ok
17:10:36.0315 5712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:10:36.0338 5712 W32Time - ok
17:10:36.0389 5712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:10:36.0392 5712 WacomPen - ok
17:10:36.0459 5712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:10:36.0463 5712 WANARP - ok
17:10:36.0484 5712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:10:36.0488 5712 Wanarpv6 - ok
17:10:36.0564 5712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:10:36.0600 5712 WatAdminSvc - ok
17:10:36.0682 5712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:10:36.0784 5712 wbengine - ok
17:10:36.0825 5712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:10:36.0847 5712 WbioSrvc - ok
17:10:36.0905 5712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:10:36.0928 5712 wcncsvc - ok
17:10:36.0948 5712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:10:36.0957 5712 WcsPlugInService - ok
17:10:36.0987 5712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:10:36.0989 5712 Wd - ok
17:10:37.0064 5712 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:10:37.0085 5712 Wdf01000 - ok
17:10:37.0121 5712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:10:37.0126 5712 WdiServiceHost - ok
17:10:37.0135 5712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:10:37.0141 5712 WdiSystemHost - ok
17:10:37.0188 5712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:10:37.0209 5712 WebClient - ok
17:10:37.0236 5712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:10:37.0259 5712 Wecsvc - ok
17:10:37.0304 5712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:10:37.0313 5712 wercplsupport - ok
17:10:37.0365 5712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:10:37.0374 5712 WerSvc - ok
17:10:37.0469 5712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:10:37.0472 5712 WfpLwf - ok
17:10:37.0505 5712 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:10:37.0510 5712 WimFltr - ok
17:10:37.0546 5712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:10:37.0549 5712 WIMMount - ok
17:10:37.0584 5712 WinDefend - ok
17:10:37.0615 5712 WinHttpAutoProxySvc - ok
17:10:37.0751 5712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:10:37.0757 5712 Winmgmt - ok
17:10:37.0851 5712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:10:37.0920 5712 WinRM - ok
17:10:38.0014 5712 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:10:38.0017 5712 WinUsb - ok
17:10:38.0083 5712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:10:38.0118 5712 Wlansvc - ok
17:10:38.0167 5712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:10:38.0169 5712 WmiAcpi - ok
17:10:38.0206 5712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:10:38.0211 5712 wmiApSrv - ok
17:10:38.0251 5712 WMPNetworkSvc - ok
17:10:38.0272 5712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:10:38.0281 5712 WPCSvc - ok
17:10:38.0335 5712 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:10:38.0343 5712 WPDBusEnum - ok
17:10:38.0374 5712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:10:38.0377 5712 ws2ifsl - ok
17:10:38.0404 5712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:10:38.0410 5712 wscsvc - ok
17:10:38.0450 5712 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:10:38.0453 5712 WSDPrintDevice - ok
17:10:38.0465 5712 WSearch - ok
17:10:38.0588 5712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:10:38.0658 5712 wuauserv - ok
17:10:38.0733 5712 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:10:38.0737 5712 WudfPf - ok
17:10:38.0780 5712 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:10:38.0786 5712 WUDFRd - ok
17:10:38.0839 5712 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:10:38.0849 5712 wudfsvc - ok
17:10:38.0891 5712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:10:38.0914 5712 WwanSvc - ok
17:10:38.0962 5712 ================ Scan global ===============================
17:10:38.0983 5712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:10:39.0029 5712 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:10:39.0060 5712 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:10:39.0108 5712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:10:39.0146 5712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:10:39.0168 5712 [Global] - ok
17:10:39.0169 5712 ================ Scan MBR ==================================
17:10:39.0186 5712 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:10:39.0425 5712 \Device\Harddisk0\DR0 - ok
17:10:39.0426 5712 ================ Scan VBR ==================================
17:10:39.0432 5712 [ 97BFFEA9E60EE6D0689B8AEF9C382220 ] \Device\Harddisk0\DR0\Partition1
17:10:39.0434 5712 \Device\Harddisk0\DR0\Partition1 - ok
17:10:39.0464 5712 [ 5EB031E8C5A90978D5EAA811F25417CF ] \Device\Harddisk0\DR0\Partition2
17:10:39.0466 5712 \Device\Harddisk0\DR0\Partition2 - ok
17:10:39.0466 5712 ============================================================
17:10:39.0466 5712 Scan finished
17:10:39.0466 5712 ============================================================
17:10:39.0484 6696 Detected object count: 1
17:10:39.0484 6696 Actual detected object count: 1
17:10:46.0193 6696 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:10:46.0193 6696 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
hey, I haven't heard from you in a while, everything all right?
Hi novfan ;)
Sorry for delay
Ok, go ahead ;)
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next
AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
On your next reply please post :
checkup.txt
AdwCleaner[S1].txt
All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
ok, so here is checkup
adwcleaner[S1]
RKreport[1]_S_04132013_02d1107
RKreport[2]_D_04132013_02d1109
RKreport[3]_SC_04132013_02d1118
Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Outpost Security Suite
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (3.0.0.6001)
Java(TM) 6 Update 43
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Thunderbird (17.0.5)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
-------------
# AdwCleaner v2.200 - Datei am 13/04/2013 um 10:53:33 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Chris Novak - CHRISNOVAK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chris Novak\Desktop\adwcleaner (1).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\Chris Novak\AppData\Roaming\Mozilla\Firefox\Profiles\lvhxxpoq.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1510 octets] - [13/04/2013 10:53:33]
########## EOF - C:\AdwCleaner[S1].txt - [1570 octets] ##########
-----------------
RogueKiller V8.5.4 _x64_ [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Chris Novak [Admin Rechte]
Funktion : Scannen -- Datum : 04/13/2013 11:07:36
| ARK || FAK || MBR |
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Registry-Einträge : 13 ¤¤¤
[TASK][SUSP PATH] {FA13FDC4-1877-4A9A-86D7-54D814D3008E} : C:\Users\Chris Novak\Desktop\aswMBR.exe [-] -> GEFUNDEN
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> GEFUNDEN
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> GEFUNDEN
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
[HJ] HKLM\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> GEFUNDEN
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
ÿþ1
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 ATA Device +++++
--- User ---
[MBR] 08da7e3885739458f57c34833937d51c
[BSP] 14bcac042826537c3a61a020c44f412c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Abgeschlossen : << RKreport[1]_S_04132013_02d1107.txt >>
RKreport[1]_S_04132013_02d1107.txt
-------------
RogueKiller V8.5.4 _x64_ [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Chris Novak [Admin Rechte]
Funktion : Entfernen -- Datum : 04/13/2013 11:09:45
| ARK || FAK || MBR |
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Registry-Einträge : 11 ¤¤¤
[TASK][SUSP PATH] {FA13FDC4-1877-4A9A-86D7-54D814D3008E} : C:\Users\Chris Novak\Desktop\aswMBR.exe [-] -> GELÖSCHT
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F} : NameServer (131.130.1.11 131.130.1.12) -> NICHT ENTFERNT, DNS REPARIEREN BENUTZEN
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ERSETZT (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> ERSETZT (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ERSETZT (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
ÿþ1
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 ATA Device +++++
--- User ---
[MBR] 08da7e3885739458f57c34833937d51c
[BSP] 14bcac042826537c3a61a020c44f412c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Abgeschlossen : << RKreport[2]_D_04132013_02d1109.txt >>
RKreport[1]_S_04132013_02d1107.txt ; RKreport[2]_D_04132013_02d1109.txt
-------------------
RogueKiller V8.5.4 _x64_ [Mar 18 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
mail : tigzyRK<at>gmail<dot>com
Kommentare : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Chris Novak [Admin Rechte]
Funktion : Reparierte Verknüpfungen -- Datum : 04/13/2013 11:18:06
| ARK || FAK || MBR |
¤¤¤ Böswillige Prozesse : 0 ¤¤¤
¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤
¤¤¤ Dateiattribute wiederhergestellt: ¤¤¤
Desktop: Success 1 / Fail 0
Schnellstart: Success 1 / Fail 0
Programme: Success 11 / Fail 0
Startmenü: Success 1 / Fail 0
Benutzer-Ordner: Success 187 / Fail 0
Eigene Dateien: Success 8 / Fail 8
Meine Favoriten: Success 0 / Fail 0
Meine Bilder: Success 4 / Fail 0
Meine Musik: Success 38 / Fail 0
Meine Videos: Success 2 / Fail 0
Lokale Laufwerke: Success 89 / Fail 0
Sicherungskopie: [NOT FOUND]
Laufwerke:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Abgeschlossen : << RKreport[3]_SC_04132013_02d1118.txt >>
RKreport[1]_S_04132013_02d1107.txt ; RKreport[2]_D_04132013_02d1109.txt ; RKreport[3]_SC_04132013_02d1118.txt
I received a message that I should reboot my laptop to reactivate the user-account control; I guess I will do that anyway in a few hours or should I rather do it right away?
Hi novfan
You can reactivate your UAC now
Next
Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
====================================================
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
ComboFix 13-04-12.02 - Chris Novak 13.04.2013 18:43:28.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2768 [GMT 1:00]
ausgeführt von:: c:\users\Chris Novak\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}
FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-13 bis 2013-04-13 ))))))))))))))))))))))))))))))
.
.
2013-04-13 18:00 . 2013-04-13 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-13 18:00 . 2013-04-13 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 08:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A374A80D-D6C8-4888-A3E6-67ACADE9A4AD}\mpengine.dll
2013-04-10 08:23 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 08:23 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 08:21 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 08:20 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 08:20 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 08:20 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 08:20 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 08:20 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 08:20 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-05 10:06 . 2013-04-05 10:06 -------- d-----w- c:\program files (x86)\ERUNT
2013-04-04 11:30 . 2013-04-04 16:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-03-23 22:54 . 2013-03-23 22:55 -------- d-----w- c:\programdata\PopCap Games
2013-03-23 22:54 . 2013-03-23 22:54 -------- d-----w- c:\program files (x86)\PopCap Games
2013-03-23 16:25 . 2013-03-23 16:25 -------- d-----w- c:\program files\WinDjView
2013-03-23 09:05 . 2011-02-02 17:04 293048 ----a-w- c:\windows\system32\drivers\VBEngNT.sys
2013-03-23 09:05 . 2011-03-21 16:29 1097672 ----a-w- c:\windows\system32\drivers\SandBox64.sys
2013-03-23 09:05 . 2010-09-27 15:38 424040 ----a-w- c:\windows\system32\drivers\afwcore.sys
2013-03-23 09:04 . 2010-04-20 16:02 39528 ----a-w- c:\windows\system32\drivers\afw.sys
2013-03-23 09:03 . 2013-04-13 09:42 -------- d-----w- c:\windows\system32\Filt
2013-03-23 09:03 . 2013-03-23 09:03 -------- d-----w- c:\users\Chris Novak\AppData\Roaming\Agnitum
2013-03-23 09:03 . 2013-03-23 09:03 -------- d-----w- c:\program files\Agnitum
2013-03-23 09:01 . 2013-03-23 09:01 -------- d-----w- c:\programdata\Agnitum
2013-03-17 18:44 . 2013-03-19 09:36 -------- d-----w- c:\programdata\YTD Video Downloader
2013-03-17 18:44 . 2013-03-17 18:44 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-03-15 17:53 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 09:04 . 2013-02-19 11:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 09:04 . 2013-02-19 11:04 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 17:07 . 2009-10-31 03:22 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-14 10:07 . 2013-03-14 10:05 249712 ----a-w- c:\windows\SysWow64\~.tmp
2013-03-12 00:10 . 2009-11-30 12:17 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-08 23:41 . 2013-03-08 23:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 23:41 . 2012-06-16 20:46 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-08 23:41 . 2011-05-08 00:43 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-07 21:53 . 2013-03-07 21:53 193968 ----a-w- c:\windows\system32\javaws.exe
2013-03-07 21:53 . 2013-03-07 21:53 172976 ----a-w- c:\windows\system32\javaw.exe
2013-03-07 21:53 . 2013-03-07 21:53 172976 ----a-w- c:\windows\system32\java.exe
2013-03-07 21:53 . 2013-02-22 10:33 544688 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-07 21:53 . 2013-02-22 10:33 526256 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2013-03-14 11:41 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-14 11:41 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-02-22 09:12 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-02-22 09:12 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-02-22 09:12 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-02-22 09:12 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-02-22 09:12 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-02-22 09:12 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-02-22 09:11 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-05-08 15:44 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-17 19:44 . 2013-02-17 19:44 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-12 05:45 . 2013-03-13 10:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 10:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 10:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 10:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 10:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 16:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 16:58 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 16:58 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 16:58 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 16:58 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:35 . 2013-02-27 16:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 16:58 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 16:58 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 16:58 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 16:58 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 16:58 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 16:58 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 16:58 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 16:58 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 16:58 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 16:58 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 16:58 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 16:58 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 16:58 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 16:58 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 16:58 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 16:58 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 16:58 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 16:58 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 16:58 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 16:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 16:58 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 16:58 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 16:58 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 16:58 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 16:58 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 16:58 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 16:58 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 16:58 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 16:58 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 16:58 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 16:58 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 16:58 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 16:58 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 16:58 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 16:58 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 16:58 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 16:58 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
.
c:\users\Chris Novak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt64.dll [2011-03-21 49168]
R3 aswVmm;aswVmm; [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-02-02 293048]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt64.dll [2011-03-21 42976]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-26 1255736]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S0 aswRvrt;aswRvrt; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-17 14456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-15 834544]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-04-20 39528]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox64.sys [2011-03-21 1097672]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2011-04-04 3501696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-09-27 424040]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-06-25 431488]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 14:08 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 09:04]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-11 09:19]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-11 09:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Chris Novak\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-03-30 19:02 601528 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 4510072]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-30 808064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 193.61.19.200 193.61.22.171 193.61.22.227
TCP: Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F}: NameServer = 131.130.1.11 131.130.1.12
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-13 19:12:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-13 18:12
.
Vor Suchlauf: 18 Verzeichnis(se), 57.329.078.272 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 58.153.009.152 Bytes frei
.
- - End Of File - - 80D54AB5E17F6299544BEAD67FB7D501
Hi novfan
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://whatthetech.com/ldtate/Images/MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=============================== Next =======================================
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://www.eset.com/online-scanner-popup/)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please let me know how your machine is running and if there are any outstanding issues
On your next reply please post :
MBAM log
Eset report
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
no threats were found by eset
mbam log (sorry that it's in german):
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.04.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Chris Novak :: CHRISNOVAK-PC [Administrator]
14.04.2013 09:22:25
mbam-log-2013-04-14 (09-22-25).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221195
Laufzeit: 7 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Hi novfan
Scan with OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
hi, here is otl.txt
OTL logfile created on: 14.04.2013 18:33:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris Novak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,51% Memory free
7,93 Gb Paging File | 6,31 Gb Available in Paging File | 79,52% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 54,22 Gb Free Space | 24,85% Space Free | Partition Type: NTFS
Computer Name: CHRISNOVAK-PC | User Name: Chris Novak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Chris Novak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (acssrv) -- C:\Programme\Agnitum\Outpost Security Suite Free\acs.exe (Agnitum Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SandBox) -- C:\Windows\SysNative\drivers\SandBox64.sys (Agnitum Ltd.)
DRV:64bit: - (VBFilt) -- C:\Windows\SysNative\Filt\VBFilt64.dll (Agnitum Ltd.)
DRV:64bit: - (ASWFilt) -- C:\Windows\SysNative\Filt\ASWFilt64.dll (Agnitum Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VBEngNT) -- C:\Windows\SysNative\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (afwcore) -- C:\Windows\SysNative\drivers\afwcore.sys (Agnitum Ltd.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (afw) -- C:\Windows\SysNative\drivers\afw.sys (Agnitum Ltd.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CryptOSD) -- C:\Windows\SysNative\drivers\CryptOSD.sys (Phoenix Technologies)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
IE - HKCU\..\SearchScopes,DefaultScope = {793C1E1A-528F-4323-8EF2-00F4CAC48E8A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{793C1E1A-528F-4323-8EF2-00F4CAC48E8A}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_43: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.10 13:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.14 12:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 12:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.04 12:30:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.10 13:34:08 | 000,000,000 | ---D | M]
[2009.12.27 23:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Extensions
[2009.12.27 23:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.17 20:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions
[2013.02.17 20:51:59 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.02.17 20:52:02 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.02.23 21:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.13 22:07:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.22 11:36:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U41 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 6.0.410.2 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Ad Blocker = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\
CHR - Extension: avast! WebRep = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Skype Click to Call = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.04.13 19:04:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4:64bit: - HKLM..\Run: [OutpostMonitor] C:\Programme\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Chris Novak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Java Plug-in 1.6.0_43)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Java Plug-in 1.6.0_43)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Java Plug-in 1.6.0_43)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Java Plug-in 1.6.0_43)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632DD7E9-34B8-460E-80C0-5646C13BBD4B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BBDDED3-A4D4-4E62-92A3-56EF485CA89F}: NameServer = 131.130.1.11 131.130.1.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook64.dll) - c:\Programme\Agnitum\Outpost Security Suite Free\wl_hook64.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Programme\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.04.14 18:22:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Novak\Desktop\OTL.exe
[2013.04.14 09:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.14 09:12:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.14 09:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.14 09:11:22 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris Novak\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.13 19:04:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.13 18:40:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.13 18:40:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.13 18:40:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.13 18:40:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.13 18:38:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.13 17:08:49 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\Chris Novak\Desktop\ComboFix.exe
[2013.04.13 11:05:03 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\RK_Quarantine
[2013.04.10 18:04:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 18:04:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 18:04:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 18:04:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 18:04:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 18:04:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 18:04:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 18:04:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 18:04:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 18:04:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 18:04:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 18:04:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 18:04:40 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 18:04:40 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 18:04:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 09:20:28 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 09:20:26 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 09:20:25 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 09:20:24 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 09:20:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 09:20:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.05 11:08:46 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Chris Novak\Desktop\aswMBR.exe
[2013.04.05 11:07:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris Novak\Desktop\dds.com
[2013.04.05 11:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.04.05 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013.04.05 11:04:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Chris Novak\Desktop\erunt-setup.exe
[2013.04.04 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.25 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\Kind Hearts and Coronets (1949)
[2013.03.23 23:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2013.03.23 23:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2013.03.23 23:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2013.03.23 17:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[2013.03.23 17:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinDjView
[2013.03.23 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.23 10:05:27 | 000,293,048 | ---- | C] (VirusBuster Kft.) -- C:\Windows\SysNative\drivers\VBEngNT.sys
[2013.03.23 10:05:25 | 001,097,672 | ---- | C] (Agnitum Ltd.) -- C:\Windows\SysNative\drivers\SandBox64.sys
[2013.03.23 10:05:17 | 000,424,040 | ---- | C] (Agnitum Ltd.) -- C:\Windows\SysNative\drivers\afwcore.sys
[2013.03.23 10:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agnitum
[2013.03.23 10:04:10 | 000,039,528 | ---- | C] (Agnitum Ltd.) -- C:\Windows\SysNative\drivers\afw.sys
[2013.03.23 10:03:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Filt
[2013.03.23 10:03:37 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Roaming\Agnitum
[2013.03.23 10:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2013.03.23 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2013.03.17 19:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013.03.17 19:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013.03.17 19:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2013.03.15 18:57:01 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.15 18:57:01 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.15 18:57:01 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.15 18:57:01 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.15 18:57:01 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.15 18:57:01 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.15 18:57:01 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.15 18:57:01 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.15 18:57:01 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.15 18:57:01 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.15 18:57:01 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.15 18:57:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.15 18:57:01 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.15 18:57:01 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.15 18:57:01 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.15 18:57:01 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.15 18:57:01 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.15 18:57:01 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.15 18:57:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.15 18:57:01 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.15 18:57:01 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.15 18:57:01 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.15 18:57:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.15 18:57:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.15 18:57:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.15 18:57:01 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.15 18:57:01 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.15 18:57:01 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.15 18:57:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.15 18:57:01 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.15 18:57:01 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.15 18:57:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.15 18:57:01 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.15 18:57:01 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.15 18:57:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.15 18:57:01 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.15 18:57:01 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.15 18:57:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.15 18:57:01 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.15 18:57:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.15 18:57:01 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.15 18:57:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.15 18:57:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.15 18:57:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.15 18:57:01 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.15 18:57:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.15 18:57:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.15 18:57:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.15 18:57:01 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.15 18:57:01 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.15 18:57:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.15 18:57:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.15 18:57:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.15 18:53:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2009.12.01 01:20:15 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Chris Novak\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.14 18:27:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 18:27:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 18:26:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.14 18:23:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Novak\Desktop\OTL.exe
[2013.04.14 18:18:43 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.14 18:18:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.14 18:18:22 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.14 14:08:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.14 09:12:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.14 09:11:48 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris Novak\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.13 19:04:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.13 17:09:27 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\Chris Novak\Desktop\ComboFix.exe
[2013.04.13 11:03:54 | 000,791,040 | ---- | M] () -- C:\Users\Chris Novak\Desktop\RogueKillerX64.exe
[2013.04.12 21:01:32 | 000,613,083 | ---- | M] () -- C:\Users\Chris Novak\Desktop\adwcleaner (1).exe
[2013.04.12 20:56:29 | 000,890,815 | ---- | M] () -- C:\Users\Chris Novak\Desktop\SecurityCheck.exe
[2013.04.12 10:04:18 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.12 10:04:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 00:00:13 | 000,430,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.08 17:07:51 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris Novak\Desktop\TDSSKiller.exe
[2013.04.08 17:07:00 | 002,218,636 | ---- | M] () -- C:\Users\Chris Novak\Desktop\tdsskiller.zip
[2013.04.08 12:42:49 | 000,003,107 | ---- | M] () -- C:\Users\Chris Novak\Desktop\attach.zip
[2013.04.08 11:44:50 | 000,000,512 | ---- | M] () -- C:\Users\Chris Novak\Desktop\MBR.dat
[2013.04.07 19:56:06 | 466,398,430 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.05 11:24:07 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Chris Novak\Desktop\aswMBR.exe
[2013.04.05 11:08:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris Novak\Desktop\dds.com
[2013.04.05 11:06:33 | 000,001,106 | ---- | M] () -- C:\Users\Chris Novak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013.04.05 11:06:20 | 000,000,907 | ---- | M] () -- C:\Users\Chris Novak\Desktop\ERUNT.lnk
[2013.04.05 11:04:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Chris Novak\Desktop\erunt-setup.exe
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 19:35:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.02 19:35:35 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.02 19:35:35 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.02 19:35:35 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.02 19:35:35 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.27 00:45:03 | 398,720,570 | ---- | M] () -- C:\Users\Chris Novak\Documents\Malcolm X_ Make It Plain (Full PBS Documentary).flv
[2013.03.26 15:30:38 | 090,634,329 | ---- | M] () -- C:\Users\Chris Novak\Documents\Daisy - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.26 15:22:42 | 112,985,505 | ---- | M] () -- C:\Users\Chris Novak\Documents\Breyelle - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.26 15:21:59 | 116,611,830 | ---- | M] () -- C:\Users\Chris Novak\Documents\Lindsey2 - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.26 15:19:42 | 111,822,650 | ---- | M] () -- C:\Users\Chris Novak\Documents\Rose - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.23 10:28:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.21 15:31:04 | 000,014,883 | ---- | M] () -- C:\Users\Chris Novak\Documents\databox.pdf
[2013.03.19 11:53:22 | 1201,272,133 | ---- | M] () -- C:\Users\Chris Novak\Documents\Nancy Fraser (2012)_ «Rethinking Capitalist Crisis».mp4
[2013.03.19 07:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 06:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 05:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.03.17 22:00:21 | 309,774,373 | ---- | M] () -- C:\Users\Chris Novak\Documents\Axel Honneth- Education and the public sphere a neglected chapter of political philosophy.flv
[2013.03.16 17:14:44 | 324,973,767 | ---- | M] () -- C:\Users\Chris Novak\Documents\Kaiserin Zita oder Zurück zur Monarchie !.flv
[2013.03.15 18:57:01 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.15 18:57:01 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.15 18:57:01 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.15 18:57:01 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.15 18:57:01 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.15 18:57:01 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.15 18:57:01 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.15 18:57:01 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.15 18:57:01 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.15 18:57:01 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.15 18:57:01 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.15 18:57:01 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.15 18:57:01 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.15 18:57:01 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.15 18:57:01 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.15 18:57:01 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.15 18:57:01 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.15 18:57:01 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.15 18:57:01 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.15 18:57:01 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.15 18:57:01 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.15 18:57:01 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.15 18:57:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.15 18:57:01 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.15 18:57:01 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.15 18:57:01 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.15 18:57:01 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.15 18:57:01 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.15 18:57:01 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.15 18:57:01 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.15 18:57:01 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.15 18:57:01 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.15 18:57:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.15 18:57:01 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.15 18:57:01 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.15 18:57:01 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.15 18:57:01 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.15 18:57:01 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.15 18:57:01 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.15 18:57:01 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.15 18:57:01 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.15 18:57:01 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.15 18:57:01 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.15 18:57:01 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.15 18:57:01 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.15 18:57:01 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.15 18:57:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.15 18:57:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.15 18:57:01 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.15 18:57:01 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.15 18:57:01 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.15 18:57:01 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.15 18:57:01 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.15 18:57:01 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.15 18:57:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.14 09:12:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.13 18:40:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.13 18:40:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.13 18:40:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.13 18:40:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.13 18:40:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.13 11:03:51 | 000,791,040 | ---- | C] () -- C:\Users\Chris Novak\Desktop\RogueKillerX64.exe
[2013.04.12 21:01:25 | 000,613,083 | ---- | C] () -- C:\Users\Chris Novak\Desktop\adwcleaner (1).exe
[2013.04.12 20:56:03 | 000,890,815 | ---- | C] () -- C:\Users\Chris Novak\Desktop\SecurityCheck.exe
[2013.04.08 17:06:55 | 002,218,636 | ---- | C] () -- C:\Users\Chris Novak\Desktop\tdsskiller.zip
[2013.04.08 12:42:49 | 000,003,107 | ---- | C] () -- C:\Users\Chris Novak\Desktop\attach.zip
[2013.04.08 11:44:50 | 000,000,512 | ---- | C] () -- C:\Users\Chris Novak\Desktop\MBR.dat
[2013.04.05 11:06:33 | 000,001,106 | ---- | C] () -- C:\Users\Chris Novak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013.04.05 11:06:20 | 000,000,907 | ---- | C] () -- C:\Users\Chris Novak\Desktop\ERUNT.lnk
[2013.03.26 22:54:38 | 398,720,570 | ---- | C] () -- C:\Users\Chris Novak\Documents\Malcolm X_ Make It Plain (Full PBS Documentary).flv
[2013.03.26 15:19:43 | 090,634,329 | ---- | C] () -- C:\Users\Chris Novak\Documents\Daisy - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.26 15:08:08 | 116,611,830 | ---- | C] () -- C:\Users\Chris Novak\Documents\Lindsey2 - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.26 15:07:23 | 112,985,505 | ---- | C] () -- C:\Users\Chris Novak\Documents\Breyelle - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.26 15:06:58 | 111,822,650 | ---- | C] () -- C:\Users\Chris Novak\Documents\Rose - Backroom Casting Couch - XVIDEOS_com.flv
[2013.03.23 10:04:27 | 000,000,049 | ---- | C] () -- C:\Windows\transp.gif
[2013.03.21 15:31:01 | 000,014,883 | ---- | C] () -- C:\Users\Chris Novak\Documents\databox.pdf
[2013.03.19 10:36:57 | 1201,272,133 | ---- | C] () -- C:\Users\Chris Novak\Documents\Nancy Fraser (2012)_ «Rethinking Capitalist Crisis».mp4
[2013.03.17 20:47:29 | 309,774,373 | ---- | C] () -- C:\Users\Chris Novak\Documents\Axel Honneth- Education and the public sphere a neglected chapter of political philosophy.flv
[2013.03.16 16:26:50 | 324,973,767 | ---- | C] () -- C:\Users\Chris Novak\Documents\Kaiserin Zita oder Zurück zur Monarchie !.flv
[2013.03.15 18:57:01 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.15 18:57:01 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.22 11:19:04 | 000,000,160 | ---- | C] () -- C:\Windows\MyDrivers.ini
[2012.12.21 00:24:02 | 000,000,362 | ---- | C] () -- C:\Users\Chris Novak\AppData\Roaming\wklnhst.dat
[2012.11.10 21:55:11 | 000,033,930 | ---- | C] () -- C:\Users\Chris Novak\Tractatus.png
[2012.09.20 13:13:15 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2012.09.20 12:31:41 | 000,186,071 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012.09.20 12:31:41 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012.08.11 15:43:56 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012.08.08 14:00:06 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012.08.08 13:41:07 | 000,245,234 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.08.08 13:41:07 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.02.18 10:19:42 | 023,360,000 | ---- | C] () -- C:\Users\Chris Novak\Livestation-3.2.0.msi
[2012.01.11 10:43:33 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.08.08 23:34:19 | 000,026,812 | ---- | C] () -- C:\Users\Chris Novak\North America.torrent
[2011.06.21 19:09:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2011.06.09 22:23:13 | 000,037,196 | ---- | C] () -- C:\Users\Chris Novak\Wohnzimmer1.jpg
[2011.06.09 22:23:13 | 000,032,634 | ---- | C] () -- C:\Users\Chris Novak\U-Schrank3.jpg
[2011.06.09 22:23:12 | 000,035,160 | ---- | C] () -- C:\Users\Chris Novak\TVklein1.jpg
[2011.06.09 22:23:11 | 000,030,867 | ---- | C] () -- C:\Users\Chris Novak\Spiegelschränke.jpg
[2011.06.09 22:23:11 | 000,028,203 | ---- | C] () -- C:\Users\Chris Novak\Rollschrank.jpg
[2011.06.09 22:23:10 | 000,035,312 | ---- | C] () -- C:\Users\Chris Novak\Nachtk.2.jpg
[2011.06.09 22:23:09 | 000,034,996 | ---- | C] () -- C:\Users\Chris Novak\Essgarnitur1.jpg
[2011.06.09 22:23:09 | 000,033,883 | ---- | C] () -- C:\Users\Chris Novak\Kniesessel.jpg
[2011.06.09 22:23:08 | 000,035,447 | ---- | C] () -- C:\Users\Chris Novak\Eckgarnitur2.jpg
[2011.06.09 22:23:08 | 000,034,726 | ---- | C] () -- C:\Users\Chris Novak\Eckgarnitur1.jpg
[2011.06.09 22:23:07 | 000,032,361 | ---- | C] () -- C:\Users\Chris Novak\Betten1.jpg
[2011.06.09 22:23:07 | 000,029,681 | ---- | C] () -- C:\Users\Chris Novak\Büro1.jpg
[2011.06.09 22:23:06 | 000,043,113 | ---- | C] () -- C:\Users\Chris Novak\Bad.JPG
[2011.06.09 22:22:26 | 000,039,324 | ---- | C] () -- C:\Users\Chris Novak\Wohnzimmer3.jpg
[2011.05.27 11:01:46 | 000,181,012 | ---- | C] () -- C:\Windows\hpoins13.dat
[2011.05.27 11:01:46 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2011.05.10 13:29:26 | 000,221,022 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011.05.10 13:29:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011.05.08 10:36:16 | 001,033,347 | ---- | C] () -- C:\Users\Chris Novak\Leviathan_1.jpg
[2010.01.02 01:10:09 | 029,816,832 | ---- | C] () -- C:\Users\Chris Novak\VeraFarmiga_DownToTheBone_DVD_.01.nn.avi
[2009.12.31 16:19:52 | 000,041,628 | ---- | C] () -- C:\Users\Chris Novak\etp-pin1.jpg
[2009.12.31 14:06:32 | 000,032,699 | ---- | C] () -- C:\Users\Chris Novak\obama symbol.jpg
[2009.12.30 17:37:53 | 000,675,615 | ---- | C] () -- C:\Users\Chris Novak\Obama_portrait_crop.jpg
[2009.12.30 17:37:04 | 000,029,727 | ---- | C] () -- C:\Users\Chris Novak\obama.jpg
[2009.12.15 18:51:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.11.11 16:43:43 | 000,007,653 | ---- | C] () -- C:\Users\Chris Novak\AppData\Local\Resmon.ResmonCfg
[2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Chris Novak\AppData\Roaming\MafiaSetup.exe
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.23 10:03:37 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Agnitum
[2012.06.23 13:15:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Audacity
[2009.11.15 12:09:59 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\DAEMON Tools Lite
[2013.02.16 11:43:56 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Dropbox
[2011.10.23 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Exif Viewer
[2012.06.23 10:08:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\FreeAudioPack
[2009.12.27 12:28:41 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Livestation
[2009.12.27 12:28:41 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Mchid
[2012.07.15 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\MxBoost
[2012.06.16 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Need for Speed World
[2013.02.02 20:29:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Opera
[2011.05.08 01:14:08 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\PCDr
[2011.08.10 00:07:57 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\ROUTE 66 Sync
[2013.02.13 17:02:02 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Runscanner.net
[2012.11.05 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Swiss Academic Software
[2012.12.21 00:24:09 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Template
[2009.12.06 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\The Creative Assembly
[2009.12.27 23:42:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Thunderbird
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012.11.13 15:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500BEVT-75ZCT2 ATA Device
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39,00MB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15,00GB
Starting Offset: 41126400
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 218,00GB
Starting Offset: 15769766400
Hidden sectors: 0
< End of report >
and here's extras.txt
OTL Extras logfile created on: 14.04.2013 18:33:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris Novak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,51% Memory free
7,93 Gb Paging File | 6,31 Gb Available in Paging File | 79,52% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 54,22 Gb Free Space | 24,85% Space Free | Partition Type: NTFS
Computer Name: CHRISNOVAK-PC | User Name: Chris Novak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\OperaNew\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\OperaNew\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\OperaNew\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\OperaNew\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0EDC7AEE-881B-48DF-8449-96E35CF548E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{0FB619EE-929E-4949-BBA1-00065C902ED5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{155B763A-8B5F-427B-9EE9-9672DB53FD15}" = rport=10243 | protocol=6 | dir=out | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F94125F-4706-4F3F-8A03-A7F5AEE929DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{22798D04-136C-4098-8941-1AE0B72CF14F}" = lport=138 | protocol=17 | dir=in | app=system |
"{254F127A-F29E-4672-8061-2C4BC96037A8}" = lport=137 | protocol=17 | dir=in | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2BFE9AF9-3867-4273-B668-A154F5A07D18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D8DE75C-8AE4-4D2F-9401-D9F923C7B961}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3344D9B6-D4F1-4BFB-89E7-811357AFE003}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3CB6A8C6-AA59-4EBC-A848-494AD913E5B6}" = rport=139 | protocol=6 | dir=out | app=system |
"{40388CEB-8FBC-44C7-BBED-99D750916607}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BCC23D0-824E-4F15-BFA9-487A01B26ED0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{69C328F1-AA5E-48B5-B733-6E36E8E91235}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A8703DE-BBF6-4B58-8911-D1E42E27C3F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{791940DB-E6C7-49B4-B5E3-AD27541833A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{864EF917-C9C7-4EB5-9D12-EAE62A4CE911}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F840B20-948C-4630-A592-71F673BE1141}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A907513B-2955-433B-9E79-D9CF24ED2F5A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AFC207A1-057E-4852-9662-D96906C6039E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAE9374F-3AAC-45A5-B87B-955FD8BA1EF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC21E51B-916E-44F3-B3D8-4F1C2BD0B20C}" = lport=139 | protocol=6 | dir=in | app=system |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB56FC98-5F1C-4876-BE56-91EBACA73C8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6C9F88C-C2FE-4276-BF0A-C9857C6EAE97}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F03AC7AC-583F-475B-BCA9-0F5AD88D9D92}" = rport=137 | protocol=17 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC0796FD-074F-43C2-8DB4-A9FC74C42829}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0357E180-1EB5-4823-8DF9-FB4BDD1654BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0A36BD93-E64D-4D24-AAA2-11CE808F4248}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{0A709832-296D-450B-8557-D9C4801B84E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B9CD836-8629-4642-A2F4-949C4B21F5D7}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{0BFEDD24-37C2-4C61-8EB1-B94AB3C77FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0F101210-4FE2-4B04-BE5F-9015FD09F61C}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{12F0177C-443F-49D3-A0C8-0A6404A33F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15071301-26FA-4BF7-9CA3-69A509DC17A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{15B83E89-BE07-4F3A-9178-AED024B1D902}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{18651C38-755D-4D9A-82F8-34BD84D54FBA}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{1950F767-8A1B-472C-A44D-FAE5CC5DC9D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D0DAB26-D7CB-4708-81C4-15576556C606}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{20A14A04-8443-4958-8797-E407401B47B8}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper.exe |
"{261F9C1C-D129-4600-8D11-CBAB31F17D9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{2AABC5A8-B370-4C47-BB70-BB55DCF755C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{30290194-39ED-4191-814A-A4AE8405F14C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{307E7220-1657-47A7-B044-7599753C9C3B}" = protocol=17 | dir=in | app=c:\users\chris novak\appdata\local\temp\7zs2a33\hppiw.exe |
"{31B5543F-B07B-4452-B937-3F8BF091E5C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31BAB83B-A6FC-4AD1-AF9E-3351B4560DE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{37A64E20-3F4F-4C8E-B297-10D7858A6E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{386DEC60-0475-4F01-8C2E-89CCC1552C93}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3E502B65-B066-41C6-85F4-4680418F49BA}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{3F1B7BFD-66A9-4C72-9EA1-5F91E8FFB4A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{436698AB-6E43-4EB0-BF91-CBBE174FBE74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{aa6f009f-0ccd-4dd6-a462-28419c101d54}\setup\hpznui40.exe |
"{46CECF51-167E-4C9D-AAD3-2359C49040B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CFBF4AB-3A5A-46B7-86E7-72CE7543D161}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4E3715BB-97FD-4131-9ADC-E1E7C1D14C5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{587B72F7-964C-4E85-8A61-25CE75382F19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F14D3D3-AEC3-4193-8B67-6E10305D7888}" = protocol=6 | dir=out | app=system |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63792210-5EE9-46DC-BAF3-AF2AD90BD3EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{6405CCCC-3CF5-4887-8D5A-D1379228CE63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C192B7F-5808-438A-8AEA-7BF58ADB7BD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{706DAD22-1F71-401A-A23D-66643EF79802}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{7A1EF966-EAB6-40C0-95A2-69DE0DEE47D3}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{7ECC5ED9-1294-49DE-B988-549A18A8AF01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{809F8DE5-E97B-4516-BA20-1E4AEE45A742}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{81691EFC-47C3-4648-A738-44E8B714C48C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88761702-8EF8-41FD-8E98-45D3F6CC1138}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{8AE78723-3BAA-4AC5-8712-EB411BB2A3BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{94C3DA5A-02E9-412A-AFEC-8CA3901DCDA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94F866EB-0100-44EF-8A6D-3F80A3E22FDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{96505291-7980-4F95-8CD1-1D3AC9E83E0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{97B317DD-7CD1-4FFD-B133-8213DEFBC511}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{981A554E-FD9E-4C38-A84F-F52EC228C34C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A1D1086-A67B-4859-BECF-3E58F09F5DC0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB502200-4996-4453-B9C5-D87770F776AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2948D65-0F75-43C7-AB34-DFCFAE5700C9}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{B7A53DB9-4A61-434C-B4D9-FFC9D7E13E82}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BD87DD33-CEA6-4A0B-8A51-DEDFF6682BFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{C02C20A0-88F5-44E1-9807-A22D815FF077}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{C5418746-5BB5-461C-A0BD-CF1604E2A1A5}" = protocol=6 | dir=in | app=c:\users\chris novak\appdata\local\temp\7zs2a33\hppiw.exe |
"{C68CF271-9A74-4807-8B75-C11CFE7A2679}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C917F1F1-DF32-49BB-B0A9-C89F8C4FF6A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C9F50667-FBE2-4B5C-AF9F-FB9605C1368C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CDCE1802-3B1A-4FF7-807D-CB01FC78342C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D055CBAD-BAAD-440A-9EC9-4775852E69DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D0D7862D-4E05-4F54-ADB6-81412B32C5B0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D10E785C-BE8C-470B-9724-2C4B92E16770}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D49680B2-9C09-41E2-BABF-0BEED677D344}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D6279283-5DAF-4D2D-9198-3CB6351F18DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDCE2F62-01B4-48F8-8D0A-7CBAFE0FCCE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{E04FADD4-6218-408C-80D3-9523AE74DFF3}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper_32.exe |
"{E4F6F6A9-A416-4EBA-9898-E360FBFACC8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBA63CA2-8D75-46D4-9954-52BB12903666}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EBCAA67B-4015-4812-8EDB-56111B7DFDD6}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F129D79C-C269-4022-9754-EA497E8F45EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3EF1E1B-4F22-4AF9-9E9C-ED403B6DD26A}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper_32.exe |
"{F5DCA2BD-1AFE-49EC-B1AF-7DA4F2D28EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8CD931B-85D2-4B90-8810-5E39966771EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{FA9EFF7B-CB58-44D7-8E11-13B7181D4E81}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{FC024F60-943D-42F4-B987-FB73DA1299B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD1EB5A0-5C7E-400C-BFF8-D8605E46A3BF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FD655F00-ACFC-4753-A993-A01F6BE61351}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{EF3B5A7F-9665-4D34-96B1-F8D4FD67FED8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1166F75F-7B18-47FC-9F80-E69906FE7156}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{26A24AE4-039D-4CA4-87B4-2F86416043FF}" = Java(TM) 6 Update 43 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Agnitum Outpost Security Suite Free_is1" = Outpost Security Suite 7.1.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"WinDjView" = WinDjView 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216043FF}" = Java(TM) 6 Update 43
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"Diablo II" = Diablo II
"EAX Unified" = EAX Unified
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Forte 3 Free" = Forte 3 - Free Edition
"Google Chrome" = Google Chrome
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Plants vs. Zombies" = Plants vs. Zombies
"ScanToPDF" = ScanToPDF 3.2.0
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"VLC media player" = VLC media player 2.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.04.2013 15:13:22 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\dps.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen. Programm: Hostprozess für Windows-Dienste Datei: C:\Windows\System32\dps.dll
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
Error - 14.04.2013 06:41:33 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_ShellHWDetection, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: RPCRT4.dll,
Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c96e Ausnahmecode: 0xc0000006 Fehleroffset:
0x000000000004818a ID des fehlerhaften Prozesses: 0x1ac Startzeit der fehlerhaften
Anwendung: 0x01ce38e70c7e9da8 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll Berichtskennung: df9107e1-a4ef-11e2-bc90-0026b90b12fb
Error - 14.04.2013 06:41:34 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\actxprxy.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen. Programm: Hostprozess für Windows-Dienste Datei: C:\Windows\System32\actxprxy.dll
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
Error - 14.04.2013 07:50:39 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_Dhcp, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: dhcpcore.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c5c3 Ausnahmecode: 0xc0000006 Fehleroffset: 0x00000000000247e4
ID
des fehlerhaften Prozesses: 0x3b0 Startzeit der fehlerhaften Anwendung: 0x01ce38e70c4f0223
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\dhcpcore.dll Berichtskennung: 867f936d-a4f9-11e2-bc90-0026b90b12fb
Error - 14.04.2013 07:50:39 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\dhcpcore.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen. Programm: Hostprozess für Windows-Dienste Datei: C:\Windows\System32\dhcpcore.dll
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
Error - 14.04.2013 07:53:50 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd026 Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7ca81 Ausnahmecode: 0xc0000006 Fehleroffset: 0x000000000044cff8
ID
des fehlerhaften Prozesses: 0x32c Startzeit der fehlerhaften Anwendung: 0x01ce390670a16b82
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\wmp.dll Berichtskennung: f87c98ac-a4f9-11e2-bc90-0026b90b12fb
Error - 14.04.2013 07:53:50 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\wmp.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Windows Media Player Network Sharing Service
Configuration Application wurde wegen dieses Fehlers geschlossen. Programm: Windows
Media Player Network Sharing Service Configuration Application Datei: C:\Windows\System32\wmp.dll
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
Error - 14.04.2013 08:00:22 | Computer Name = CHRISNOVAK-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrustedInstaller.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7989b Name des fehlerhaften Moduls: wrpint.dll, Version: 6.1.7601.17592,
Zeitstempel: 0x4da00365 Ausnahmecode: 0xc0000006 Fehleroffset: 0x0000000000006388
ID
des fehlerhaften Prozesses: 0x1658 Startzeit der fehlerhaften Anwendung: 0x01ce390731c8f49e
Pfad
der fehlerhaften Anwendung: C:\Windows\servicing\TrustedInstaller.exe Pfad des fehlerhaften
Moduls: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll
Berichtskennung:
e24b21f6-a4fa-11e2-bc90-0026b90b12fb
Error - 14.04.2013 08:00:23 | Computer Name = CHRISNOVAK-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Windows Modules Installer wurde wegen dieses
Fehlers geschlossen. Programm: Windows Modules Installer Datei: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
Error - 14.04.2013 14:00:40 | Computer Name = ChrisNovak-PC | Source = Windows Backup | ID = 4103
Description =
[ Dell Events ]
Error - 02.07.2011 07:39:21 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.07.2011 18:17:39 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.07.2011 18:17:40 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:16:40 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:16:40 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:21:27 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:21:27 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 18.11.2011 10:57:56 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 18.11.2011 10:57:56 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 22.11.2011 18:07:58 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ OSession Events ]
Error - 31.05.2011 09:55:54 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6625
seconds with 2880 seconds of active time. This session ended with a crash.
Error - 02.06.2011 06:57:44 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9081
seconds with 6540 seconds of active time. This session ended with a crash.
Error - 02.06.2011 07:00:24 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 139
seconds with 120 seconds of active time. This session ended with a crash.
Error - 26.08.2011 16:00:58 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 98381
seconds with 10260 seconds of active time. This session ended with a crash.
Error - 14.10.2011 11:32:42 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8933
seconds with 3840 seconds of active time. This session ended with a crash.
Error - 03.02.2013 06:31:28 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.03.2013 13:36:23 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25216
seconds with 1020 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 21.02.2013 11:42:29 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 21.02.2013 12:54:54 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 21.02.2013 18:47:53 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 22.02.2013 07:23:57 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 22.02.2013 10:48:48 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 14.04.2013 14:15:40 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
< End of report >
Hi novfan ;)
" I see from the logs that you have two antivirus products installed. Having more than one antivirus can cause slowdowns, conflicts and crashes.
I suggest removing one of them via Programs and Features"
Next
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?so...6551512134D5A4
IE - HKCU\..\SearchScopes,DefaultScope = {793C1E1A-528F-4323-8EF2-00F4CAC48E8A}
IE - HKCU\..\SearchScopes\{793C1E1A-528F-4323-8EF2-00F4CAC48E8A}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4"
FF - user.js - File not found
CHR - homepage: http://securesearch.lavasoft.com/?so...6551512134D5A4
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
ipconfig /flushdns /c
:Commands
[EMPTYFLASH]
[REBOOT]
[RESETHOSTS]
[CREATERESTOREPOINT]
Then click the Run Fix button at the top
Let the program run unhindered.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
Please let me know how your machine is running and if there are any outstanding issues
notepad did not open, do you know where to find the report file?
I get a message that i should activate my outpost antivir program; however i think the license I have does not include antivirus - i am unable to activate it neither by clicking on "activate" in the microsoft window advising me to activate it; nor manually in the outpost control centre
I uninstalled avast before that
since you were also asking about the performance:
just now, after rebooting I opened chrome and tried to open this page when chrome was non responsive for, i guess 1 minute or so. then explorer.exe crashed and restarted. now everything looks ok again...
Ok novfan ;)
Please follow this step
Please download Windows Repair (all in one) from here (http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe)
Install the program then run it
Go to step 2 and allow it to run Disk check
http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif
Once that is done then go to step 3 and allow it to run SFC
http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.gif
On the the Start Repairs tab => Click the Start
http://i.imgur.com/7fthj.png
Click on the select all check box and then click on Start
DON'T use the computer while each scan is in progress.
Restart may be needed to finish the repair procedure
i did as you told me, however I received an error message when performing the sfc scan at 51% completion sating that it wasn't able to do something and stopped for this reason. i restarted and performed the fixes
here's _Windows_Repair_Log
and afterwards windows_repair_windows_log
there are some more but these are the most recent
Running Repair Under System Account
Running Repair Under System Account
Starting Repairs...
Start (16.04.2013 10:39:53)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (16.04.2013 10:39:53)
Running Repair Under Current User Account
Done (16.04.2013 10:40:31)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (16.04.2013 10:40:31)
Running Repair Under System Account
Done (16.04.2013 10:46:05)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (16.04.2013 10:46:05)
Running Repair Under System Account
Done (16.04.2013 10:50:27)
Reset File Permissions 01/23
C:\1033 & Sub Folders
Start (16.04.2013 10:50:43)
Running Repair Under System Account
Done (16.04.2013 10:50:46)
Reset File Permissions 02/23
C:\ComboFix & Sub Folders
Start (16.04.2013 10:50:46)
Running Repair Under System Account
Done (16.04.2013 10:51:18)
Reset File Permissions 03/23
C:\Config.Msi & Sub Folders
Start (16.04.2013 10:51:18)
Running Repair Under System Account
Done (16.04.2013 10:51:33)
Reset File Permissions 04/23
C:\dell & Sub Folders
Start (16.04.2013 10:51:33)
Running Repair Under System Account
Done (16.04.2013 10:53:56)
Reset File Permissions 05/23
C:\Dokumente und Einstellungen & Sub Folders
Start (16.04.2013 10:53:56)
Running Repair Under System Account
Done (16.04.2013 11:08:06)
Reset File Permissions 06/23
C:\Drivers & Sub Folders
Start (16.04.2013 11:08:06)
Running Repair Under System Account
Done (16.04.2013 11:08:11)
Reset File Permissions 07/23
C:\Games & Sub Folders
Start (16.04.2013 11:08:11)
Running Repair Under System Account
Done (16.04.2013 11:08:13)
Reset File Permissions 08/23
C:\JRT & Sub Folders
Start (16.04.2013 11:08:13)
Running Repair Under System Account
Done (16.04.2013 11:08:16)
Reset File Permissions 09/23
C:\MSOCache & Sub Folders
Start (16.04.2013 11:08:16)
Running Repair Under System Account
Done (16.04.2013 11:08:20)
Reset File Permissions 10/23
C:\PerfLogs & Sub Folders
Start (16.04.2013 11:08:20)
Running Repair Under System Account
Done (16.04.2013 11:08:23)
Reset File Permissions 11/23
C:\PFiles & Sub Folders
Start (16.04.2013 11:08:23)
Running Repair Under System Account
Done (16.04.2013 11:08:29)
Reset File Permissions 12/23
C:\Program Files & Sub Folders
Start (16.04.2013 11:08:31)
Running Repair Under System Account
Done (16.04.2013 11:20:31)
Reset File Permissions 13/23
C:\Program Files (x86) & Sub Folders
Start (16.04.2013 11:20:31)
Running Repair Under System Account
Done (16.04.2013 11:38:02)
Reset File Permissions 14/23
C:\ProgramData & Sub Folders
Start (16.04.2013 11:38:02)
Running Repair Under System Account
Done (16.04.2013 11:38:40)
Reset File Permissions 15/23
C:\Programme & Sub Folders
Start (16.04.2013 11:38:40)
Running Repair Under System Account
Done (16.04.2013 11:39:00)
Reset File Permissions 16/23
C:\Qoobox & Sub Folders
Start (16.04.2013 11:39:00)
Running Repair Under System Account
Done (16.04.2013 11:39:02)
Reset File Permissions 17/23
C:\RegBackup & Sub Folders
Start (16.04.2013 11:39:02)
Running Repair Under System Account
Done (16.04.2013 11:39:05)
Reset File Permissions 18/23
C:\System Recovery & Sub Folders
Start (16.04.2013 11:39:05)
Running Repair Under System Account
Done (16.04.2013 11:39:07)
Reset File Permissions 19/23
C:\Temp & Sub Folders
Start (16.04.2013 11:39:07)
Running Repair Under System Account
Done (16.04.2013 11:39:10)
Reset File Permissions 20/23
C:\VJVod_Cache & Sub Folders
Start (16.04.2013 11:39:10)
Running Repair Under System Account
Done (16.04.2013 11:39:12)
Reset File Permissions 21/23
C:\VueScan & Sub Folders
Start (16.04.2013 11:39:12)
Running Repair Under System Account
Done (16.04.2013 11:39:15)
Reset File Permissions 22/23
C:\Windows & Sub Folders
Start (16.04.2013 11:39:15)
Running Repair Under System Account
Done (16.04.2013 12:00:42)
Reset File Permissions 23/23
C:\_OTL & Sub Folders
Start (16.04.2013 12:00:42)
Running Repair Under System Account
Done (16.04.2013 12:00:45)
Reset File Permissions: Cleanup
& Sub Folders
Start (16.04.2013 12:00:45)
Running Repair Under System Account
Done (16.04.2013 12:00:51)
Register System Files
Start (16.04.2013 12:00:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:01:53)
Repair WMI
Start (16.04.2013 12:01:53)
Running Repair Under Current User Account
Ungltiger globaler Parameter.
Ungltiger globaler Parameter.
Running Repair Under System Account
Ungltiger globaler Parameter.
Ungltiger globaler Parameter.
Done (16.04.2013 12:05:57)
Repair Windows Firewall
Start (16.04.2013 12:05:57)
Running Repair Under Current User Account
Gemeinsame Nutzung der Internetverbindung ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Gemeinsame Nutzung der Internetverbindung konnte nicht gestartet werden.
Der Dienst hat keinen Fehler gemeldet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3534 eingeben.
Running Repair Under System Account
Gemeinsame Nutzung der Internetverbindung ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Gemeinsame Nutzung der Internetverbindung konnte nicht gestartet werden.
Der Dienst hat keinen Fehler gemeldet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3534 eingeben.
Done (16.04.2013 12:06:29)
Repair Internet Explorer
Start (16.04.2013 12:06:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:07:18)
Repair MDAC/MS Jet
Start (16.04.2013 12:07:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:07:42)
Repair Hosts File
Start (16.04.2013 12:07:42)
Running Repair Under System Account
Done (16.04.2013 12:07:44)
Remove Policies Set By Infections
Start (16.04.2013 12:07:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:07:49)
Repair Missing Start Menu Icons Removed By Infections
Start (16.04.2013 12:07:49)
Running Repair Under System Account
Done (16.04.2013 12:07:51)
Repair Icons
Start (16.04.2013 12:07:51)
Running Repair Under System Account
C:\Users\Chris Novak\AppData\Local\IconCache.db.bak konnte nicht gefunden werden
C:\Users\Chris Novak\AppData\Local\IconCache.db konnte nicht gefunden werden
Done (16.04.2013 12:07:54)
Repair Winsock & DNS Cache
Start (16.04.2013 12:07:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:08:13)
Remove Temp Files
Start (16.04.2013 12:08:13)
Running Repair Under System Account
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\CHRISN~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\CHRISN~1\AppData\Local\Temp\~DF5604E62DE6292370.TMP - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Windows\Temp\HPSLPSVC0012.log - Zugriff verweigert
Done (16.04.2013 12:08:15)
Repair Proxy Settings
Start (16.04.2013 12:08:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:08:20)
Unhide Non System Files
Start (16.04.2013 12:08:20)
C:\ - Total Files Unhidden: 455
Done (16.04.2013 12:49:33)
Repair Windows Updates
Start (16.04.2013 12:49:33)
Running Repair Under Current User Account
Windows Update ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Das System kann die angegebene Datei nicht finden.
Running Repair Under System Account
Kryptografiedienste ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Intelligenter Hintergrundbertragungsdienst ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Windows Update ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Das System kann die angegebene Datei nicht finden.
Done (16.04.2013 12:50:12)
Repair CD/DVD Missing/Not Working
Start (16.04.2013 12:50:12)
Done (16.04.2013 12:50:12)
Repair Volume Shadow Copy Service
Start (16.04.2013 12:50:12)
Running Repair Under Current User Account
Volumeschattenkopie ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Microsoft-Softwareschattenkopie-Anbieter ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Running Repair Under System Account
Volumeschattenkopie ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Microsoft-Softwareschattenkopie-Anbieter ist nicht gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 3521 eingeben.
Done (16.04.2013 12:50:21)
Repair Windows Sidebar/Gadgets
Start (16.04.2013 12:50:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:50:30)
Repair MSI (Windows Installer)
Start (16.04.2013 12:50:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:50:39)
Repair Windows Snipping Tool
Start (16.04.2013 12:50:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:50:44)
Repair bat Association
Start (16.04.2013 12:50:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:50:49)
Repair cmd Association
Start (16.04.2013 12:50:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:50:53)
Repair com Association
Start (16.04.2013 12:50:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:50:58)
Repair Directory Association
Start (16.04.2013 12:50:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:03)
Repair Drive Association
Start (16.04.2013 12:51:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:08)
Repair exe Association
Start (16.04.2013 12:51:08)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:13)
Repair Folder Association
Start (16.04.2013 12:51:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:17)
Repair inf Association
Start (16.04.2013 12:51:17)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:22)
Repair lnk (Shortcuts) Association
Start (16.04.2013 12:51:22)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:27)
Repair msc Association
Start (16.04.2013 12:51:27)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:32)
Repair reg Association
Start (16.04.2013 12:51:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:36)
Repair scr Association
Start (16.04.2013 12:51:36)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:41)
Repair Windows Safe Mode
Start (16.04.2013 12:51:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:46)
Repair Print Spooler
Start (16.04.2013 12:51:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:51:59)
Restore Important Windows Services
Start (16.04.2013 12:51:59)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:52:04)
Set Windows Services To Default Startup
Start (16.04.2013 12:52:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16.04.2013 12:52:21)
Cleaning up empty logs...
All Selected Repairs Done.
Done (16.04.2013 12:52:21)
Total Repair Time: 02:12:28
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
----------------------------------------------
C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7600.16385_none_54909cf4692b5b3c\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7600.16597_none_54916f66692aa877\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7600.16759_none_548d4066692e76ff\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7600.16789_none_54904144692bc304\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7600.20717_none_3dbbc63282d93e16\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7600.20901_none_3dbb4e5082d98b9b\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7600.20935_none_3dbdf40e82d73e24\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.17514_none_5465aa786982a1f2\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.17559_none_546939b8697f8773\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.17587_none_546c6826697ca036\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.17648_none_54685012698054cc\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.17755_none_54699490697f2191\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.17952_none_5469d8a0697ed550\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.21660_none_3d9d604a83251a27\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.21693_none_3da01cd08322b30f\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.21768_none_3d9ca9e68325e780\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.21890_none_3da060e0832266ce\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
C:\Windows\winsxs\amd64_mscorlib_b77a5c561934e089_6.1.7601.22110_none_3d98617283299706\normnfd.nlp - CreateFile Error : 1117 Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
uh, and i realized that the file check (step 2) also didn't work; it said that autochk could not start due to recently installed software or something like this... :sad:
now everytime I reboot it is trying to perform such a disk scan before starting windows which however always fails right at the start...
Hi novfan ;)
Run a Scandisk
1. Click on MY COMPUTER (or COMPUTER)
2. Right click on Drive and select PROPERTIES.
3.Select TOOLS tab.
4. Under "Error - Checking", click CHECK NOW button.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To automatically repair problems with files and folders that the scan detects, select Automatically fix file system errors.
Otherwise, the disk check will simply report problems but not fix them.
To perform a thorough disk check, select Scan for and attempt recovery of bad sectors. This scan attempts to find and repair physical errors on the hard disk itself, and it can take much longer to complete.
5. Click Start. It will prompt you to Schedule the CHKDSK at restart.
6. Reboot.
done; i did the normal check, not a thorough disk check
should i run windows repair again? just in case...?!
No need :)
Take a little more time, then come back and let me know if you are having any problems ;)
Hi! Things are working quite well. everything but opera is running stable and nearly as fast as new :-)
with opera i'm not sure what might be the problem - sometime it freezes (also the cursor!) or just crashes. however after restarting it is working again.
furthermore, i still have a security message that i don't have an anti-vir installed, since you said that i have two and uninstalled avast. i think the one which comes with the outpost security center is permanently disabled because it's not a full-version...
should i reinstall avast?
Hi novfan
:D: welcome back :D:
with opera i'm not sure what might be the problem - sometime it freezes (also the cursor!) or just crashes. however after restarting it is working again. Many times, certain problems are not related to malware, but rather to some driver error.
should i reinstall avast? Yes you can :bigthumb:
Next
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :) SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :)
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Unistall AdwCleaner
Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.
Clean up with OTL:
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
Go to this site http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.
Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.
Java is very easily exploited these days and it's a good idea to disable Java in the browser
Please read here (http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html)
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
5.SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How Did I Get Infected In The First Place? (http://forums.whatthetech.com/So_how_did_I_get_infected_first_place_t57817.html) by TonyKlein
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)by miekiemoes
PC Safety and Security--What Do I Need? (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)
6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
hey, I have done everything until step 2 so far ;-)
what shall i do with
roguekillerx64.exe
securitycheck.exe
there is also a RK_quarantine folder on my desktop which seems to be empty
Hi novfan
can i just delete them? Yes!! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.