Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

W32/Patched.UA [Solved]


  • This topic is locked This topic is locked

#1
moriarty

moriarty

    Member

  • Member
  • PipPip
  • 35 posts
Greetings Geekstogo crew!

Last time I received incrediblely good help and therefor in advance: Thank You!

Unfortunately, I'm infected again.
This time the virus sometimes turns my Avira protection off and furthermore it freezes my computer or shuts it down while the PC is doing simple CPU tasks.

I hope you're able to help me. I have ran Avira a couple of time and Malwarebytes, but it doesn't seem to help.

OTL log:

OTL logfile created on: 11/26/2012 3:23:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mathias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

5.87 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 58.23% Memory free
11.73 Gb Paging File | 8.73 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 285.92 Gb Free Space | 63.30% Space Free | Partition Type: NTFS

Computer Name: PC-MATHIAS | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/26 15:20:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
PRC - [2012/11/09 16:36:51 | 000,638,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/11/07 00:14:48 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/11/06 18:30:45 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/11/06 18:29:54 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/11/06 18:29:20 | 000,387,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012/10/29 17:34:28 | 000,300,480 | ---- | M] (Abine Inc.) -- C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe
PRC - [2012/10/29 17:34:26 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe
PRC - [2012/10/29 17:33:28 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/10/16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/10/16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 15:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/03 23:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/04/09 17:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/08 05:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 05:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 00:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/05/20 16:59:44 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/05/20 16:59:34 | 000,057,672 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 20:13:09 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/15 20:13:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\c2683adc75724d36e8ecc26e9baa97bf\IAStorCommon.ni.dll
MOD - [2012/11/15 20:13:08 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b5917ee962b86d4a567088585607807f\IAStorUtil.ni.dll
MOD - [2012/11/15 20:12:52 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/15 09:05:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/15 09:05:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 09:05:29 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/15 09:05:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/15 09:04:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 09:04:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 09:04:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/15 09:04:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/15 09:04:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 09:04:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 09:04:20 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 09:04:09 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/29 17:34:28 | 000,925,120 | ---- | M] () -- C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll
MOD - [2012/10/29 17:34:28 | 000,245,696 | ---- | M] () -- C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
MOD - [2012/10/29 17:34:28 | 000,051,136 | ---- | M] () -- C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPServicePS.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/30 12:32:30 | 007,158,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.51.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/12/30 12:32:30 | 000,444,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.51.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2010/12/30 12:32:30 | 000,073,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.49.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2010/12/30 12:32:30 | 000,031,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.49.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/12/30 12:32:30 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.51.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2010/12/30 12:32:29 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/12/30 12:32:29 | 000,035,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/12/30 12:32:29 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/12/30 12:32:29 | 000,027,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/12/30 12:32:29 | 000,024,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.51.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2010/12/30 12:32:29 | 000,019,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.51.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2010/12/30 12:32:29 | 000,014,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.51.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/11/13 03:03:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/03 00:10:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/05/03 23:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/05/03 23:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/04/09 17:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2008/06/10 03:07:18 | 000,714,000 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1030\MSGR2DA.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2010/08/19 16:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/03/17 18:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/11/25 20:09:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/17 16:10:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/06 18:30:45 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/10/16 17:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/16 16:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/14 16:10:29 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/10/30 17:07:24 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/08 05:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/11/07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/10/16 15:16:15 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 15:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 09:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/21 10:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/22 17:10:56 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/04/22 17:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/04/22 17:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2000/01/01 01:00:00 | 001,108,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...PW_daDK403DK403
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6C98150D-5964-4101-8170-5F0483CB3AF4}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKCU\..\SearchScopes\{C7F937AD-D70B-47E1-9D43-D23D26B12315}: "URL" = http://websearch.ask...51-E318A1229D68
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYY^YY^DK&&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mathias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 22:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/17 16:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/20 16:57:05 | 000,000,000 | ---D | M]

[2010/11/01 15:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2012/11/20 16:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions
[2012/09/07 08:18:44 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/10/31 20:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions\staged
[2012/11/20 16:37:35 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions\[email protected]
[2012/10/31 20:49:59 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\aes4uofn.default\extensions\[email protected]
[2012/11/20 16:37:34 | 000,002,344 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\mozilla\firefox\profiles\aes4uofn.default\searchplugins\askcom.xml
[2012/11/17 16:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/17 16:10:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/20 22:21:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/11/17 16:10:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/17 16:10:44 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/11/17 16:10:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/17 16:10:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2011/01/27 14:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Spotify] "C:\Users\Mathias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W45AU5O8\Spotify Installer.exe" /uri spotify:autostart File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: danskebank.dk ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.dans...B/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBED4A35-6E24-42C8-A044-DCA2CFF7401C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell - "" = AutoRun
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/26 15:20:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/11/22 16:33:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Film Festudvalg
[2012/11/20 16:56:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/20 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/11/20 16:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/20 16:43:06 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Avira
[2012/11/20 16:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/11/20 16:37:38 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\DoNotTrackPlus
[2012/11/20 16:37:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\AskToolbar
[2012/11/20 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/11/20 16:36:43 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/11/20 16:36:43 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/11/20 16:36:43 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/11/20 16:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/11/20 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/11/20 16:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/11/17 16:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/11 16:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/11 16:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/26 15:29:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/26 15:20:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/11/26 14:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/26 14:08:19 | 001,559,974 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/26 14:08:19 | 000,718,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/26 14:08:19 | 000,573,600 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/11/26 14:08:19 | 000,146,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/26 14:08:19 | 000,122,920 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/11/26 13:34:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 13:34:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 13:26:33 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/26 13:26:26 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/11/26 13:26:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 13:25:20 | 436,634,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/26 13:25:18 | 428,904,447 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/26 12:10:14 | 097,259,276 | ---- | M] () -- C:\Users\Mathias\Desktop\Fest og ballade .m4v
[2012/11/25 21:37:01 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
[2012/11/25 21:37:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
[2012/11/24 18:02:47 | 000,262,144 | ---- | M] () -- C:\Users\Mathias\Desktop\PrintProcess.pdf
[2012/11/24 16:34:30 | 000,285,807 | ---- | M] () -- C:\Users\Mathias\Documents\PDR.dmp
[2012/11/20 16:57:05 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/20 16:56:06 | 000,001,266 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skærmklipper og startprogram til OneNote 2010.lnk
[2012/11/20 16:49:39 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/20 16:37:40 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/20 16:19:05 | 000,001,941 | ---- | M] () -- C:\Users\Mathias\Desktop\Update Checker.lnk
[2012/11/17 17:59:32 | 000,002,223 | ---- | M] () -- C:\Users\Mathias\Desktop\GeoGebraPrim.lnk
[2012/11/15 08:56:19 | 005,040,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 20:05:54 | 000,863,421 | ---- | M] () -- C:\Users\Mathias\Desktop\Respiration (Beat).mp3
[2012/11/13 20:25:25 | 000,000,001 | ---- | M] () -- C:\Users\Mathias\temp.dat
[2012/11/11 16:48:32 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/07 16:03:24 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/11/07 16:03:24 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/26 13:05:08 | 097,259,276 | ---- | C] () -- C:\Users\Mathias\Desktop\Fest og ballade .m4v
[2012/11/24 18:02:47 | 000,262,144 | ---- | C] () -- C:\Users\Mathias\Desktop\PrintProcess.pdf
[2012/11/20 16:57:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/20 16:57:05 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/20 16:37:40 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/11/20 16:19:05 | 000,001,971 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/11/20 16:19:05 | 000,001,941 | ---- | C] () -- C:\Users\Mathias\Desktop\Update Checker.lnk
[2012/11/14 21:22:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 21:12:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/14 20:05:45 | 000,863,421 | ---- | C] () -- C:\Users\Mathias\Desktop\Respiration (Beat).mp3
[2012/11/13 20:24:24 | 000,000,001 | ---- | C] () -- C:\Users\Mathias\temp.dat
[2012/11/11 16:48:32 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/10/16 12:55:37 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/05/18 11:27:17 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/18 09:31:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/04/08 18:43:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/03/05 18:44:31 | 000,004,608 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/15 15:50:53 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/09/12 17:54:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/11 15:57:57 | 000,001,456 | ---- | C] () -- C:\Users\Mathias\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/30 13:22:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/14 16:11:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/12/14 11:01:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Mathias\AppData\Local\{237f4d47-54a7-a343-2afd-b1c745049339}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/26 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\BitTorrent
[2011/01/09 17:38:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/03 17:05:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/14 21:04:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.guppyworks.TrafficTestAIR-Class.F1F6615D691280F0EDF23ED8129A4EBEED86EA96.1
[2012/11/26 15:31:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox
[2012/11/25 21:00:51 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\FileZilla
[2012/10/16 15:45:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ImgBurn
[2011/12/04 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Maple
[2011/07/05 18:28:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mumble
[2012/05/04 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\No Company Name
[2012/11/20 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Notepad++
[2011/02/13 12:44:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Packard Bell
[2011/05/19 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SNS
[2012/11/25 15:32:08 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Spotify
[2011/09/11 17:09:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/04 19:19:28 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client
[2010/12/04 14:44:44 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Windows Live Writer
[2011/12/28 01:11:19 | 000,000,000 | -HSD | M] -- C:\Users\Mathias\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:DAE68457715B921D

< End of report >


Avira Antivrus:



Avira Free Antivirus
Report file date: 25. november 2012 11:14


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC-MATHIAS

Version information:
BUILD.DAT : 13.0.0.2761 48279 Bytes 09-11-2012 16:45:00
AVSCAN.EXE : 13.4.0.262 638752 Bytes 09-11-2012 15:36:51
AVSCANRC.DLL : 13.4.0.219 54560 Bytes 09-10-2012 15:19:07
LUKE.DLL : 13.4.0.251 67360 Bytes 05-11-2012 09:12:42
AVSCPLR.DLL : 13.4.0.262 93984 Bytes 09-11-2012 15:37:00
AVREG.DLL : 13.4.0.244 245536 Bytes 30-10-2012 13:06:23
avlode.dll : 13.4.0.255 426272 Bytes 06-11-2012 17:30:03
avlode.rdf : 13.0.0.24 7196 Bytes 27-09-2012 09:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06-11-2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14-12-2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20-12-2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01-02-2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28-03-2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29-06-2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06-09-2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22-11-2012 15:37:23
VBASE008.VDF : 7.11.50.231 2048 Bytes 22-11-2012 15:37:23
VBASE009.VDF : 7.11.50.232 2048 Bytes 22-11-2012 15:37:23
VBASE010.VDF : 7.11.50.233 2048 Bytes 22-11-2012 15:37:23
VBASE011.VDF : 7.11.50.234 2048 Bytes 22-11-2012 15:37:23
VBASE012.VDF : 7.11.50.235 2048 Bytes 22-11-2012 15:37:23
VBASE013.VDF : 7.11.50.236 2048 Bytes 22-11-2012 15:37:23
VBASE014.VDF : 7.11.51.27 133632 Bytes 23-11-2012 02:18:36
VBASE015.VDF : 7.11.51.28 2048 Bytes 23-11-2012 02:18:36
VBASE016.VDF : 7.11.51.29 2048 Bytes 23-11-2012 02:18:36
VBASE017.VDF : 7.11.51.30 2048 Bytes 23-11-2012 02:18:36
VBASE018.VDF : 7.11.51.31 2048 Bytes 23-11-2012 02:18:36
VBASE019.VDF : 7.11.51.32 2048 Bytes 23-11-2012 02:18:36
VBASE020.VDF : 7.11.51.33 2048 Bytes 23-11-2012 02:18:36
VBASE021.VDF : 7.11.51.34 2048 Bytes 23-11-2012 02:18:36
VBASE022.VDF : 7.11.51.35 2048 Bytes 23-11-2012 02:18:36
VBASE023.VDF : 7.11.51.36 2048 Bytes 23-11-2012 02:18:36
VBASE024.VDF : 7.11.51.37 2048 Bytes 23-11-2012 02:18:36
VBASE025.VDF : 7.11.51.38 2048 Bytes 23-11-2012 02:18:36
VBASE026.VDF : 7.11.51.39 2048 Bytes 23-11-2012 02:18:36
VBASE027.VDF : 7.11.51.40 2048 Bytes 23-11-2012 02:18:36
VBASE028.VDF : 7.11.51.41 2048 Bytes 23-11-2012 02:18:36
VBASE029.VDF : 7.11.51.42 2048 Bytes 23-11-2012 02:18:36
VBASE030.VDF : 7.11.51.43 2048 Bytes 23-11-2012 02:18:36
VBASE031.VDF : 7.11.51.70 62976 Bytes 25-11-2012 10:06:08
Engine version : 8.2.10.204
AEVDF.DLL : 8.1.2.10 102772 Bytes 19-09-2012 13:42:55
AESCRIPT.DLL : 8.1.4.68 467324 Bytes 22-11-2012 15:37:28
AESCN.DLL : 8.1.9.4 131445 Bytes 20-11-2012 15:38:17
AESBX.DLL : 8.2.5.12 606578 Bytes 28-08-2012 15:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 07-11-2012 10:09:14
AEPACK.DLL : 8.3.0.40 815479 Bytes 20-11-2012 15:38:17
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05-11-2012 14:00:38
AEHEUR.DLL : 8.1.4.142 5566841 Bytes 22-11-2012 15:37:28
AEHELP.DLL : 8.1.25.2 258423 Bytes 12-10-2012 14:52:32
AEGEN.DLL : 8.1.6.10 438646 Bytes 20-11-2012 15:38:15
AEEXP.DLL : 8.2.0.12 119158 Bytes 22-11-2012 15:37:28
AEEMU.DLL : 8.1.3.2 393587 Bytes 19-09-2012 13:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 07-11-2012 10:09:14
AEBB.DLL : 8.1.1.4 53619 Bytes 05-11-2012 14:00:38
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19-09-2012 17:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 19-09-2012 17:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 30-10-2012 13:06:41
AVARKT.DLL : 13.4.0.232 260384 Bytes 16-10-2012 15:55:29
AVEVTLOG.DLL : 13.4.0.232 167200 Bytes 16-10-2012 15:56:35
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19-09-2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19-09-2012 17:08:55
NETNT.DLL : 13.4.0.163 15648 Bytes 19-09-2012 17:16:26
RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 19-09-2012 18:40:13
RCTEXT.DLL : 13.4.0.163 66336 Bytes 19-10-2012 10:56:26

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: 25. november 2012 11:14

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started:
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'svchost.exe' - '145' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '49' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '49' Module(s) have been scanned
Scan process 'spoolsv.exe' - '84' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'armsvc.exe' - '29' Module(s) have been scanned
Scan process 'avguard.exe' - '78' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '70' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'dsiwmis.exe' - '45' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '45' Module(s) have been scanned
Scan process 'GREGsvc.exe' - '16' Module(s) have been scanned
Scan process 'LMS.exe' - '34' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '38' Module(s) have been scanned
Scan process 'mbamservice.exe' - '47' Module(s) have been scanned
Scan process 'sqlservr.exe' - '61' Module(s) have been scanned
Scan process 'IScheduleSvc.exe' - '66' Module(s) have been scanned
Scan process 'RichVideo64.exe' - '25' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'c2c_service.exe' - '41' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '28' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'taskhost.exe' - '54' Module(s) have been scanned
Scan process 'mbamgui.exe' - '40' Module(s) have been scanned
Scan process 'Dwm.exe' - '35' Module(s) have been scanned
Scan process 'Explorer.EXE' - '182' Module(s) have been scanned
Scan process 'PLFSetI.exe' - '42' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '49' Module(s) have been scanned
Scan process 'ePowerTray.exe' - '52' Module(s) have been scanned
Scan process 'AlienwareAlienFXController.exe' - '115' Module(s) have been scanned
Scan process 'taskeng.exe' - '30' Module(s) have been scanned
Scan process 'itype.exe' - '61' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '47' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '60' Module(s) have been scanned
Scan process 'BitTorrent.exe' - '97' Module(s) have been scanned
Scan process 'Skype.exe' - '131' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '42' Module(s) have been scanned
Scan process 'UpdateChecker.exe' - '74' Module(s) have been scanned
Scan process 'AWMouseCI.exe' - '46' Module(s) have been scanned
Scan process 'BackupManagerTray.exe' - '39' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'VideoWebCamera.exe' - '45' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '38' Module(s) have been scanned
Scan process 'Dropbox.exe' - '76' Module(s) have been scanned
Scan process 'LManager.exe' - '71' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '76' Module(s) have been scanned
Scan process 'MMDx64Fx.exe' - '29' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '27' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
Scan process 'LMworker.exe' - '27' Module(s) have been scanned
Scan process 'Updater.exe' - '42' Module(s) have been scanned
Scan process 'unsecapp.exe' - '31' Module(s) have been scanned
Scan process 'avgnt.exe' - '91' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '61' Module(s) have been scanned
Scan process 'ePowerEvent.exe' - '21' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '58' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '64' Module(s) have been scanned
Scan process 'UNS.exe' - '60' Module(s) have been scanned
Scan process 'AlienFXHook32Mngr.exe' - '51' Module(s) have been scanned
Scan process 'conhost.exe' - '22' Module(s) have been scanned
Scan process 'AlienFXHook64Mngr.exe' - '45' Module(s) have been scanned
Scan process 'conhost.exe' - '22' Module(s) have been scanned
Scan process 'iexplore.exe' - '115' Module(s) have been scanned
Scan process 'DNTPService.exe' - '96' Module(s) have been scanned
Scan process 'CIDGlobalLight.exe' - '57' Module(s) have been scanned
Scan process 'iexplore.exe' - '146' Module(s) have been scanned
Scan process 'avcenter.exe' - '93' Module(s) have been scanned
Scan process 'avscan.exe' - '120' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'iexplore.exe' - '158' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '34' Module(s) have been scanned
Module is infected -> <C:\Windows\system32\services.exe>
[DETECTION] Contains code of the W32/Patched.UA Windows virus
[NOTE] Process 'services.exe' was terminated
[WARNING] This process is a system process. The associated file will not be deleted.
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'wmplayer.exe' - '118' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\' <Packard Bell>
C:\Windows\System32\services.exe
[DETECTION] Contains code of the W32/Patched.UA Windows virus

Beginning disinfection:
C:\Windows\System32\services.exe
[DETECTION] Contains code of the W32/Patched.UA Windows virus
[NOTE] A backup was created as '589d83fb.qua' ( QUARANTINE )


End of the scan: 25. november 2012 14:50
Used time: 3:33:26 Hour(s)

The scan has been done completely.

45368 Scanned directories
1296201 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1296199 Files not concerned
10662 Archives were scanned
1 Warnings
3 Notes
951491 Objects were scanned with rootkit scan
1 Hidden objects were found


Extras:

OTL Extras logfile created on: 11/26/2012 3:23:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mathias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

5.87 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 58.23% Memory free
11.73 Gb Paging File | 8.73 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 285.92 Gb Free Space | 63.30% Space Free | Partition Type: NTFS

Computer Name: PC-MATHIAS | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0406-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Danish) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0406-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Danish) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}" = Alienware TactX™ Mouse CI 1.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Kontrolpanel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdriver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-lyddriver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}" = Microsoft SQL Server 2008 Setup Support Files
"{C3AF5BD8-30D5-41F5-AF61-705D98146B0F}" = Microsoft SQL Server 2008 Native Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DA-DK Language Pack
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F27D5AAD-758E-460F-964D-6F2E65964C08}" = Microsoft Antimalware Service DA-DK Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Maple 15" = Maple 15
"Maple 16" = Maple 16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B3C771-9456-4334-9F7A-C3A258F8FC0B}_is1" = Gyldendals Røde Ordbøger - Dansk
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45A2D49C-8124-4015-A8B3-073A827EC5C1}" = Windows Live Sync
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76E89E45-9B28-4117-A60C-F64A4CBE5CE3}_is1" = Gyldendals Røde Ordbøger - Dansk Fremmedordbog
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0406-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Danish) 2007
"{90120000-0017-0406-0000-0000000FF1CE}_OMUI.da-dk_{6127DAC2-962C-44CA-9ABD-0D5A65473A1C}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_OMUI.da-dk_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.da-dk_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.da-dk_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0406-0000-0000000FF1CE}" = Kompatibilitetspakke til Office 2007-systemet
"{90120000-002A-0406-1000-0000000FF1CE}_OMUI.da-dk_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2007
"{90120000-0044-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_OMUI.da-dk_{11584158-91C7-4B1B-BFD1-F47D680F13CF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2007
"{90120000-00A1-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2007
"{90120000-00BA-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0406-0000-0000000FF1CE}" = Microsoft Office O MUI (Danish) 2007
"{90120000-0100-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0406-0000-0000000FF1CE}" = Microsoft Office X MUI (Danish) 2007
"{90120000-0101-0406-0000-0000000FF1CE}_OMUI.da-dk_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2010
"{90140000-0015-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2010
"{90140000-0016-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0406-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Danish) 2010
"{90140000-0017-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{7ED77DEC-F3CD-44D5-8B8A-508741757B1E}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2010
"{90140000-0018-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2010
"{90140000-0019-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2010
"{90140000-001A-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2010
"{90140000-001B-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.da-dk_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.OMUI.da-dk_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0406-1000-0000000FF1CE}_Office14.OMUI.da-dk_{2AE96E9C-E4F4-4D18-8A54-C4FABBEA0CDD}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2010
"{90140000-002C-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{EC231F64-29AF-4FBD-85B8-EAFFFAE8B7A5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2010
"{90140000-0044-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2010
"{90140000-006E-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{63CDEDB9-50F5-4C35-9219-72C4F31A61FE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2010
"{90140000-00A1-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2010
"{90140000-00BA-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0406-0000-0000000FF1CE}" = Microsoft Office O MUI (Danish) 2010
"{90140000-0100-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{3C9024A8-26A9-4769-B3EE-C1489421B8E5}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0406-0000-0000000FF1CE}" = Microsoft Office X MUI (Danish) 2010
"{90140000-0101-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{1ED268C2-9EA5-462D-A303-1EB550953ACB}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Danish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E8821E3-D5FC-48CE-B45A-A8387B42A03E}" = Logger Pro 3.5.0
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B238D61F-3EEF-4716-BFEA-9903DEF045D9}" = Microsoft Works
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D8F46E66-E2EF-4A50-95F2-737A2FE1B06C}_is1" = Gyldendals Røde Ordbøger - Retskrivningsordbog
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2898DC0-E1C7-4ED4-862B-FFF256AAE26D}" = Politikens Franskordbog
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6341627-E67F-4959-890A-8349F3A69B77}_is1" = Gyldendals Røde Ordbøger - Synonymordbog
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple-programunderstøttelse
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"AC3Filter" = AC3Filter (remove only)
"ACD/Labs Software(1)" = ACD/Labs Software 5 (C:\ACDFREE5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Diablo III Beta" = Diablo III Beta
"DivX Setup" = DivX Setup
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.1
"Gyldendals Røde Ordbøger - Engelsk_is1" = Gyldendals Røde Ordbøger - Engelsk
"Gyldendals Røde Ordbøger - Fransk_is1" = Gyldendals Røde Ordbøger - Fransk
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Maple 15" = Maple 15
"Maple 16" = Maple 16
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 16.0.2 (x86 da)" = Mozilla Firefox 16.0.2 (x86 da)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.OMUI.da-dk" = Microsoft Office Language Pack 2010 - Danish/dansk
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OMUI.da-dk" = Microsoft Office Language Pack 2007 - Danish/dansk
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"VLC media player" = VLC media player 2.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2012 8:07:31 AM | Computer Name = PC-Mathias | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3448

Error - 11/24/2012 8:07:32 AM | Computer Name = PC-Mathias | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/24/2012 8:07:32 AM | Computer Name = PC-Mathias | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4540

Error - 11/24/2012 8:07:32 AM | Computer Name = PC-Mathias | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4540

Error - 11/24/2012 8:18:40 AM | Computer Name = PC-Mathias | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/24/2012 8:18:40 AM | Computer Name = PC-Mathias | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 672458

Error - 11/24/2012 8:18:40 AM | Computer Name = PC-Mathias | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 672458

Error - 11/24/2012 11:34:25 AM | Computer Name = PC-Mathias | Source = Application Error | ID = 1000
Description = Navn på program med fejl: PDR9.exe, version: 9.0.0.2330, tidsstempel:
0x4cf4e322 Navn på modul med fejl: WorkSpace.dll, version: 9.0.0.2330, tidsstempel:
0x4cf4e2d7 Undtagelseskode: 0xc0000094 Forskydning med fejl 0x0000000000006e7b Proces-id
0x8b4 Programmets starttidspunkt 0x01cdca4ffeeced3e Programsti: C:\Program Files\CyberLink\PowerDirector\PDR9.exe
Modulsti:
C:\Program Files\CyberLink\PowerDirector\WorkSpace.dll Rapport-id: 6c8a0ee3-364c-11e2-bb94-88ae1d0a9f8e

Error - 11/24/2012 11:34:30 AM | Computer Name = PC-Mathias | Source = Application Error | ID = 1000
Description = Navn på program med fejl: PDR9.exe, version: 9.0.0.2330, tidsstempel:
0x4cf4e322 Navn på modul med fejl: ntdll.dll, version: 6.1.7601.17725, tidsstempel:
0x4ec4aa8e Undtagelseskode: 0xc0150010 Forskydning med fejl 0x000000000006f892 Proces-id
0x8b4 Programmets starttidspunkt 0x01cdca4ffeeced3e Programsti: C:\Program Files\CyberLink\PowerDirector\PDR9.exe
Modulsti:
C:\Windows\SYSTEM32\ntdll.dll Rapport-id: 6fcdfb80-364c-11e2-bb94-88ae1d0a9f8e

Error - 11/24/2012 1:54:36 PM | Computer Name = PC-Mathias | Source = Application Error | ID = 1000
Description = Navn på program med fejl: PDHanumanSvr.exe, version: 3.0.0.3428, tidsstempel:
0x4cc92a2f Navn på modul med fejl: CLVidEnc.ax, version: 7.0.1.1118, tidsstempel:
0x4ce4eb01 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x000000000001f791 Proces-id
0x5c8 Programmets starttidspunkt 0x01cdca5935750540 Programsti: C:\Program Files\CyberLink\PowerDirector\PDHanumanSvr.exe
Modulsti:
C:\Program Files\CyberLink\PowerDirector\runtime\encoderPack\CLVidEnc.ax Rapport-id:
021505e0-3660-11e2-bb94-88ae1d0a9f8e

[ System Events ]
Error - 11/26/2012 8:26:12 AM | Computer Name = PC-MATHIAS | Source = BugCheck | ID = 1005
Description =

Error - 11/26/2012 8:26:12 AM | Computer Name = PC-MATHIAS | Source = BugCheck | ID = 1001
Description =

Error - 11/26/2012 8:26:20 AM | Computer Name = PC-Mathias | Source = Service Control Manager | ID = 7023
Description =

Error - 11/26/2012 8:26:27 AM | Computer Name = PC-Mathias | Source = Service Control Manager | ID = 7003
Description =

Error - 11/26/2012 8:26:27 AM | Computer Name = PC-Mathias | Source = Service Control Manager | ID = 7023
Description =

Error - 11/26/2012 8:26:36 AM | Computer Name = PC-Mathias | Source = Service Control Manager | ID = 7003
Description =

Error - 11/26/2012 8:26:50 AM | Computer Name = PC-Mathias | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Der er opstået en alvorlig hardwarefejl. Rapporteret af komponent:
Processorkerne Fejlkilde: 3 Fejltype: 9 Processor-id: 0 Du kan finde flere oplysninger
i detaljevisningen for denne post.

Error - 11/26/2012 8:28:19 AM | Computer Name = PC-Mathias | Source = Service Control Manager | ID = 7023
Description =

Error - 11/26/2012 8:28:19 AM | Computer Name = PC-Mathias | Source = Service Control Manager | ID = 7001
Description =

Error - 11/26/2012 9:05:05 AM | Computer Name = PC-Mathias | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl på \Device\Harddisk1\DR2.


< End of report >


Kind regards,

Mathias Weis Damkjær
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can tidy you up

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#3
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hello again Essex,

Thanks for your quick reply.
Can I yet again offer you a cup of coffee?

Report:

18:30:16.0921 1316 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:30:17.0015 1316 ============================================================
18:30:17.0015 1316 Current date / time: 2012/11/26 18:30:17.0015
18:30:17.0015 1316 SystemInfo:
18:30:17.0015 1316
18:30:17.0015 1316 OS Version: 6.1.7601 ServicePack: 1.0
18:30:17.0015 1316 Product type: Workstation
18:30:17.0015 1316 ComputerName: PC-MATHIAS
18:30:17.0015 1316 UserName: Mathias
18:30:17.0015 1316 Windows directory: C:\Windows
18:30:17.0015 1316 System windows directory: C:\Windows
18:30:17.0015 1316 Running under WOW64
18:30:17.0015 1316 Processor architecture: Intel x64
18:30:17.0015 1316 Number of processors: 2
18:30:17.0015 1316 Page size: 0x1000
18:30:17.0015 1316 Boot type: Normal boot
18:30:17.0015 1316 ============================================================
18:30:19.0152 1316 BG loaded
18:30:20.0244 1316 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:20.0275 1316 ============================================================
18:30:20.0275 1316 \Device\Harddisk0\DR0:
18:30:20.0291 1316 MBR partitions:
18:30:20.0291 1316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
18:30:20.0291 1316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
18:30:20.0291 1316 ============================================================
18:30:20.0322 1316 C: <-> \Device\Harddisk0\DR0\Partition2
18:30:20.0322 1316 ============================================================
18:30:20.0322 1316 Initialize success
18:30:20.0322 1316 ============================================================
  • 0

#4
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
And the OTL log disapeared - what should I do?

It might be a good idea to wait with the coffee to after I'm clean I just reckonised so they don't steal my card etc.

Edited by moriarty, 26 November 2012 - 11:46 AM.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thought the name was familiar :)

Could you post the full TDSSKiler log please it will be at C:\TDSSKiller date time

Then to clear what I feel may be the final remnants

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
TDS-log 1:

18:25:02.0964 6080 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:25:03.0042 6080 ============================================================
18:25:03.0042 6080 Current date / time: 2012/11/26 18:25:03.0042
18:25:03.0042 6080 SystemInfo:
18:25:03.0042 6080
18:25:03.0042 6080 OS Version: 6.1.7601 ServicePack: 1.0
18:25:03.0042 6080 Product type: Workstation
18:25:03.0042 6080 ComputerName: PC-MATHIAS
18:25:03.0042 6080 UserName: Mathias
18:25:03.0042 6080 Windows directory: C:\Windows
18:25:03.0042 6080 System windows directory: C:\Windows
18:25:03.0042 6080 Running under WOW64
18:25:03.0042 6080 Processor architecture: Intel x64
18:25:03.0042 6080 Number of processors: 2
18:25:03.0042 6080 Page size: 0x1000
18:25:03.0042 6080 Boot type: Normal boot
18:25:03.0042 6080 ============================================================
18:25:05.0476 6080 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:25:05.0492 6080 ============================================================
18:25:05.0492 6080 \Device\Harddisk0\DR0:
18:25:05.0492 6080 MBR partitions:
18:25:05.0492 6080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
18:25:05.0492 6080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
18:25:05.0492 6080 ============================================================
18:25:05.0507 6080 C: <-> \Device\Harddisk0\DR0\Partition2
18:25:05.0507 6080 ============================================================
18:25:05.0507 6080 Initialize success
18:25:05.0507 6080 ============================================================
18:25:44.0150 5876 ============================================================
18:25:44.0150 5876 Scan started
18:25:44.0150 5876 Mode: Manual; SigCheck; TDLFS;
18:25:44.0150 5876 ============================================================
18:25:46.0739 5876 ================ Scan system memory ========================
18:25:46.0739 5876 System memory - ok
18:25:46.0739 5876 ================ Scan services =============================
18:25:47.0020 5876 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:25:47.0192 5876 1394ohci - ok
18:25:47.0270 5876 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:25:47.0301 5876 ACPI - ok
18:25:47.0363 5876 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:25:47.0457 5876 AcpiPmi - ok
18:25:47.0628 5876 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:25:47.0660 5876 AdobeARMservice - ok
18:25:47.0862 5876 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:25:47.0894 5876 AdobeFlashPlayerUpdateSvc - ok
18:25:47.0972 5876 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:25:48.0112 5876 adp94xx - ok
18:25:48.0128 5876 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:25:48.0174 5876 adpahci - ok
18:25:48.0174 5876 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:25:48.0206 5876 adpu320 - ok
18:25:48.0221 5876 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:25:48.0362 5876 AeLookupSvc - ok
18:25:48.0440 5876 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:25:48.0502 5876 AFD - ok
18:25:48.0549 5876 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:25:48.0611 5876 agp440 - ok
18:25:48.0627 5876 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:25:48.0674 5876 ALG - ok
18:25:48.0752 5876 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:25:48.0767 5876 aliide - ok
18:25:48.0798 5876 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:25:48.0814 5876 amdide - ok
18:25:48.0845 5876 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:25:48.0908 5876 AmdK8 - ok
18:25:48.0923 5876 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:25:48.0970 5876 AmdPPM - ok
18:25:49.0064 5876 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:25:49.0095 5876 amdsata - ok
18:25:49.0126 5876 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:25:49.0188 5876 amdsbs - ok
18:25:49.0235 5876 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:25:49.0266 5876 amdxata - ok
18:25:49.0469 5876 [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:25:49.0485 5876 AntiVirSchedulerService - ok
18:25:49.0563 5876 [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:25:49.0578 5876 AntiVirService - ok
18:25:49.0625 5876 [ D3CA1C09EE5C9335ADB9D3FA19802EF3 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:25:49.0688 5876 AntiVirWebService - ok
18:25:49.0766 5876 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:25:49.0984 5876 AppID - ok
18:25:50.0015 5876 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:25:50.0109 5876 AppIDSvc - ok
18:25:50.0156 5876 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:25:50.0218 5876 Appinfo - ok
18:25:50.0327 5876 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:25:50.0343 5876 Apple Mobile Device - ok
18:25:50.0374 5876 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:25:50.0468 5876 arc - ok
18:25:50.0483 5876 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:25:50.0499 5876 arcsas - ok
18:25:50.0639 5876 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:25:50.0686 5876 aspnet_state - ok
18:25:50.0717 5876 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:50.0811 5876 AsyncMac - ok
18:25:50.0858 5876 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:25:50.0889 5876 atapi - ok
18:25:50.0936 5876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:25:51.0060 5876 AudioEndpointBuilder - ok
18:25:51.0092 5876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:25:51.0154 5876 AudioSrv - ok
18:25:51.0201 5876 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:25:51.0248 5876 avgntflt - ok
18:25:51.0326 5876 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:25:51.0357 5876 avipbb - ok
18:25:51.0372 5876 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:25:51.0388 5876 avkmgr - ok
18:25:51.0435 5876 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:25:51.0560 5876 AxInstSV - ok
18:25:51.0653 5876 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:25:51.0778 5876 b06bdrv - ok
18:25:51.0840 5876 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:25:51.0887 5876 b57nd60a - ok
18:25:51.0934 5876 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:25:52.0012 5876 BDESVC - ok
18:25:52.0028 5876 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:25:52.0121 5876 Beep - ok
18:25:52.0293 5876 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:25:52.0402 5876 BITS - ok
18:25:52.0433 5876 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:25:52.0464 5876 blbdrive - ok
18:25:52.0667 5876 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:25:52.0714 5876 Bonjour Service - ok
18:25:52.0776 5876 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:25:52.0823 5876 bowser - ok
18:25:52.0854 5876 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:25:52.0917 5876 BrFiltLo - ok
18:25:52.0948 5876 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:25:52.0964 5876 BrFiltUp - ok
18:25:53.0026 5876 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:25:53.0088 5876 Browser - ok
18:25:53.0120 5876 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:25:53.0213 5876 Brserid - ok
18:25:53.0229 5876 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:25:53.0276 5876 BrSerWdm - ok
18:25:53.0307 5876 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:25:53.0369 5876 BrUsbMdm - ok
18:25:53.0400 5876 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:25:53.0478 5876 BrUsbSer - ok
18:25:53.0494 5876 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:25:53.0541 5876 BTHMODEM - ok
18:25:53.0572 5876 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:25:53.0681 5876 bthserv - ok
18:25:53.0712 5876 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:25:53.0806 5876 cdfs - ok
18:25:53.0868 5876 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:25:53.0931 5876 cdrom - ok
18:25:53.0993 5876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:25:54.0134 5876 CertPropSvc - ok
18:25:54.0165 5876 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:25:54.0196 5876 circlass - ok
18:25:54.0243 5876 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:25:54.0274 5876 CLFS - ok
18:25:54.0321 5876 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:54.0352 5876 clr_optimization_v2.0.50727_32 - ok
18:25:54.0383 5876 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:25:54.0399 5876 clr_optimization_v2.0.50727_64 - ok
18:25:54.0446 5876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:54.0555 5876 clr_optimization_v4.0.30319_32 - ok
18:25:54.0586 5876 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:25:54.0648 5876 clr_optimization_v4.0.30319_64 - ok
18:25:54.0695 5876 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:25:54.0726 5876 CmBatt - ok
18:25:54.0742 5876 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:25:54.0789 5876 cmdide - ok
18:25:54.0851 5876 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:25:54.0898 5876 CNG - ok
18:25:54.0945 5876 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:25:54.0960 5876 Compbatt - ok
18:25:55.0023 5876 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:25:55.0054 5876 CompositeBus - ok
18:25:55.0070 5876 COMSysApp - ok
18:25:55.0085 5876 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:25:55.0101 5876 crcdisk - ok
18:25:55.0163 5876 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:25:55.0257 5876 CryptSvc - ok
18:25:55.0319 5876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:25:55.0382 5876 DcomLaunch - ok
18:25:55.0428 5876 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:25:55.0491 5876 defragsvc - ok
18:25:55.0538 5876 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:25:55.0616 5876 DfsC - ok
18:25:55.0694 5876 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:25:55.0803 5876 Dhcp - ok
18:25:55.0834 5876 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:25:55.0896 5876 discache - ok
18:25:55.0943 5876 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:25:55.0974 5876 Disk - ok
18:25:56.0068 5876 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:25:56.0146 5876 Dnscache - ok
18:25:56.0208 5876 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:25:56.0286 5876 dot3svc - ok
18:25:56.0380 5876 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:25:56.0458 5876 DPS - ok
18:25:56.0489 5876 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:25:56.0552 5876 drmkaud - ok
18:25:56.0676 5876 [ E2B2853A0210D6EDAB2261870BD80C1A ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:25:56.0708 5876 DsiWMIService - ok
18:25:56.0895 5876 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:25:56.0942 5876 DXGKrnl - ok
18:25:57.0004 5876 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:25:57.0066 5876 EapHost - ok
18:25:57.0222 5876 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:25:57.0441 5876 ebdrv - ok
18:25:57.0503 5876 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:25:57.0581 5876 EFS - ok
18:25:57.0675 5876 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:25:57.0831 5876 ehRecvr - ok
18:25:57.0846 5876 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:25:57.0909 5876 ehSched - ok
18:25:57.0956 5876 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:25:57.0987 5876 elxstor - ok
18:25:58.0112 5876 [ 91C2E6234F6884C6FEEF9658D8EDE6B6 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
18:25:58.0158 5876 ePowerSvc - ok
18:25:58.0174 5876 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:25:58.0236 5876 ErrDev - ok
18:25:58.0299 5876 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:25:58.0392 5876 EventSystem - ok
18:25:58.0424 5876 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:25:58.0486 5876 exfat - ok
18:25:58.0548 5876 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:25:58.0626 5876 fastfat - ok
18:25:58.0751 5876 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:25:58.0814 5876 Fax - ok
18:25:58.0829 5876 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:25:58.0860 5876 fdc - ok
18:25:58.0892 5876 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:25:58.0970 5876 fdPHost - ok
18:25:58.0985 5876 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:25:59.0048 5876 FDResPub - ok
18:25:59.0079 5876 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:25:59.0094 5876 FileInfo - ok
18:25:59.0110 5876 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:25:59.0204 5876 Filetrace - ok
18:25:59.0344 5876 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:25:59.0406 5876 FLEXnet Licensing Service - ok
18:25:59.0438 5876 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:59.0484 5876 flpydisk - ok
18:25:59.0562 5876 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:25:59.0609 5876 FltMgr - ok
18:25:59.0640 5876 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:25:59.0718 5876 FontCache - ok
18:25:59.0812 5876 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:25:59.0828 5876 FontCache3.0.0.0 - ok
18:25:59.0859 5876 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:25:59.0890 5876 FsDepends - ok
18:25:59.0921 5876 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:25:59.0952 5876 Fs_Rec - ok
18:26:00.0046 5876 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:26:00.0077 5876 fvevol - ok
18:26:00.0124 5876 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:26:00.0140 5876 gagp30kx - ok
18:26:00.0186 5876 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:26:00.0202 5876 GEARAspiWDM - ok
18:26:00.0249 5876 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:26:00.0374 5876 gpsvc - ok
18:26:00.0436 5876 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
18:26:00.0452 5876 GREGService - ok
18:26:00.0530 5876 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:26:00.0545 5876 gupdate - ok
18:26:00.0639 5876 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:26:00.0670 5876 gupdatem - ok
18:26:00.0732 5876 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:26:00.0764 5876 gusvc - ok
18:26:00.0795 5876 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:26:00.0826 5876 hcw85cir - ok
18:26:00.0904 5876 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:26:00.0951 5876 HdAudAddService - ok
18:26:00.0982 5876 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:26:01.0060 5876 HDAudBus - ok
18:26:01.0091 5876 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:26:01.0122 5876 HECIx64 - ok
18:26:01.0169 5876 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:26:01.0232 5876 HidBatt - ok
18:26:01.0247 5876 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:26:01.0278 5876 HidBth - ok
18:26:01.0310 5876 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:26:01.0341 5876 HidIr - ok
18:26:01.0372 5876 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:26:01.0466 5876 hidserv - ok
18:26:01.0590 5876 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:26:01.0637 5876 HidUsb - ok
18:26:01.0746 5876 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:26:01.0809 5876 hkmsvc - ok
18:26:01.0887 5876 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:26:01.0996 5876 HomeGroupListener - ok
18:26:02.0058 5876 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:26:02.0168 5876 HomeGroupProvider - ok
18:26:02.0214 5876 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:26:02.0261 5876 HpSAMD - ok
18:26:02.0448 5876 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:26:02.0558 5876 HTTP - ok
18:26:02.0604 5876 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:26:02.0620 5876 hwpolicy - ok
18:26:02.0667 5876 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:26:02.0682 5876 i8042prt - ok
18:26:02.0745 5876 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:26:02.0776 5876 iaStor - ok
18:26:02.0838 5876 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:26:02.0870 5876 IAStorDataMgrSvc - ok
18:26:02.0932 5876 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:26:02.0979 5876 iaStorV - ok
18:26:03.0166 5876 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:26:03.0260 5876 idsvc - ok
18:26:03.0306 5876 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:26:03.0322 5876 iirsp - ok
18:26:03.0416 5876 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:26:03.0525 5876 IKEEXT - ok
18:26:03.0665 5876 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:26:03.0759 5876 IntcAzAudAddService - ok
18:26:03.0806 5876 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:26:03.0852 5876 intelide - ok
18:26:03.0884 5876 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:26:03.0915 5876 intelppm - ok
18:26:03.0962 5876 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:26:04.0024 5876 IPBusEnum - ok
18:26:04.0071 5876 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:26:04.0164 5876 IpFilterDriver - ok
18:26:04.0211 5876 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:26:04.0242 5876 IPMIDRV - ok
18:26:04.0289 5876 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:26:04.0383 5876 IPNAT - ok
18:26:04.0476 5876 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:26:04.0508 5876 iPod Service - ok
18:26:04.0539 5876 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:26:04.0632 5876 IRENUM - ok
18:26:04.0664 5876 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:26:04.0695 5876 isapnp - ok
18:26:04.0788 5876 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:26:04.0851 5876 iScsiPrt - ok
18:26:04.0866 5876 [ C9B4ECC187581E5BF3F76648884B7829 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:26:04.0898 5876 k57nd60a - ok
18:26:04.0976 5876 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:26:04.0991 5876 kbdclass - ok
18:26:05.0054 5876 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:26:05.0100 5876 kbdhid - ok
18:26:05.0116 5876 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:26:05.0132 5876 KeyIso - ok
18:26:05.0194 5876 KMService - ok
18:26:05.0225 5876 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:26:05.0272 5876 KSecDD - ok
18:26:05.0319 5876 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:26:05.0350 5876 KSecPkg - ok
18:26:05.0397 5876 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:26:05.0475 5876 ksthunk - ok
18:26:05.0522 5876 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:26:05.0615 5876 KtmRm - ok
18:26:05.0662 5876 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:26:05.0724 5876 LanmanServer - ok
18:26:05.0771 5876 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:26:05.0865 5876 LanmanWorkstation - ok
18:26:05.0927 5876 [ 1B669AF5811AE2F69024F34203BAD2A2 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:26:05.0943 5876 LHidFilt - ok
18:26:05.0974 5876 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:26:06.0036 5876 lltdio - ok
18:26:06.0083 5876 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:26:06.0146 5876 lltdsvc - ok
18:26:06.0161 5876 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:26:06.0239 5876 lmhosts - ok
18:26:06.0302 5876 [ 79F3696E25B289A6B2B7EA931C7BEC00 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:26:06.0364 5876 LMouFilt - ok
18:26:06.0536 5876 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:26:06.0582 5876 LMS - ok
18:26:06.0614 5876 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:26:06.0629 5876 LSI_FC - ok
18:26:06.0660 5876 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:26:06.0676 5876 LSI_SAS - ok
18:26:06.0692 5876 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:26:06.0707 5876 LSI_SAS2 - ok
18:26:06.0723 5876 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:26:06.0738 5876 LSI_SCSI - ok
18:26:06.0770 5876 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:26:06.0832 5876 luafv - ok
18:26:06.0863 5876 [ AF69FEC6F299BD07742127C4CC0FE6A6 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
18:26:06.0879 5876 LUsbFilt - ok
18:26:06.0926 5876 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:26:06.0957 5876 MBAMProtector - ok
18:26:07.0035 5876 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:26:07.0082 5876 MBAMScheduler - ok
18:26:07.0160 5876 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:26:07.0191 5876 MBAMService - ok
18:26:07.0253 5876 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:26:07.0347 5876 Mcx2Svc - ok
18:26:07.0394 5876 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:26:07.0409 5876 megasas - ok
18:26:07.0456 5876 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:26:07.0487 5876 MegaSR - ok
18:26:07.0706 5876 Microsoft SharePoint Workspace Audit Service - ok
18:26:07.0768 5876 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:26:07.0846 5876 MMCSS - ok
18:26:07.0877 5876 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:26:07.0955 5876 Modem - ok
18:26:08.0002 5876 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:26:08.0049 5876 monitor - ok
18:26:08.0111 5876 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:26:08.0127 5876 mouclass - ok
18:26:08.0158 5876 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:26:08.0205 5876 mouhid - ok
18:26:08.0252 5876 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:26:08.0267 5876 mountmgr - ok
18:26:08.0392 5876 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:26:08.0470 5876 MozillaMaintenance - ok
18:26:08.0532 5876 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:26:08.0564 5876 mpio - ok
18:26:08.0595 5876 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:26:08.0657 5876 mpsdrv - ok
18:26:08.0735 5876 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:26:08.0829 5876 MRxDAV - ok
18:26:08.0876 5876 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:26:08.0922 5876 mrxsmb - ok
18:26:08.0969 5876 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:26:09.0032 5876 mrxsmb10 - ok
18:26:09.0047 5876 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:26:09.0110 5876 mrxsmb20 - ok
18:26:09.0156 5876 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:26:09.0219 5876 msahci - ok
18:26:09.0281 5876 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:26:09.0328 5876 msdsm - ok
18:26:09.0359 5876 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:26:09.0422 5876 MSDTC - ok
18:26:09.0468 5876 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:26:09.0515 5876 Msfs - ok
18:26:09.0546 5876 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:26:09.0671 5876 mshidkmdf - ok
18:26:09.0718 5876 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:26:09.0749 5876 msisadrv - ok
18:26:09.0827 5876 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:26:09.0936 5876 MSiSCSI - ok
18:26:09.0952 5876 msiserver - ok
18:26:09.0983 5876 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:26:10.0077 5876 MSKSSRV - ok
18:26:10.0092 5876 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:26:10.0155 5876 MSPCLOCK - ok
18:26:10.0155 5876 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:26:10.0233 5876 MSPQM - ok
18:26:10.0342 5876 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:26:10.0373 5876 MsRPC - ok
18:26:10.0451 5876 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:26:10.0467 5876 mssmbios - ok
18:26:10.0592 5876 MSSQL$SQLEXPRESS - ok
18:26:10.0857 5876 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:26:10.0904 5876 MSSQLServerADHelper100 - ok
18:26:10.0935 5876 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:26:11.0013 5876 MSTEE - ok
18:26:11.0028 5876 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:26:11.0060 5876 MTConfig - ok
18:26:11.0060 5876 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:26:11.0091 5876 Mup - ok
18:26:11.0153 5876 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:26:11.0262 5876 napagent - ok
18:26:11.0325 5876 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:26:11.0372 5876 NativeWifiP - ok
18:26:11.0418 5876 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:26:11.0450 5876 NDIS - ok
18:26:11.0496 5876 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:26:11.0559 5876 NdisCap - ok
18:26:11.0590 5876 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:26:11.0715 5876 NdisTapi - ok
18:26:11.0793 5876 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:26:11.0871 5876 Ndisuio - ok
18:26:11.0933 5876 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:12.0011 5876 NdisWan - ok
18:26:12.0058 5876 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:26:12.0152 5876 NDProxy - ok
18:26:12.0214 5876 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:26:12.0292 5876 NetBIOS - ok
18:26:12.0323 5876 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:26:12.0417 5876 NetBT - ok
18:26:12.0448 5876 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:26:12.0464 5876 Netlogon - ok
18:26:12.0495 5876 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:26:12.0573 5876 Netman - ok
18:26:12.0651 5876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:12.0698 5876 NetMsmqActivator - ok
18:26:12.0713 5876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:12.0729 5876 NetPipeActivator - ok
18:26:12.0760 5876 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:26:12.0854 5876 netprofm - ok
18:26:12.0869 5876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:12.0885 5876 NetTcpActivator - ok
18:26:12.0916 5876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:12.0932 5876 NetTcpPortSharing - ok
18:26:12.0978 5876 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:26:12.0994 5876 nfrd960 - ok
18:26:13.0072 5876 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:26:13.0119 5876 NlaSvc - ok
18:26:13.0150 5876 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:26:13.0197 5876 Npfs - ok
18:26:13.0229 5876 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:26:13.0291 5876 nsi - ok
18:26:13.0354 5876 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:26:13.0416 5876 nsiproxy - ok
18:26:13.0588 5876 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:26:13.0728 5876 Ntfs - ok
18:26:13.0806 5876 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
18:26:13.0884 5876 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
18:26:13.0884 5876 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
18:26:13.0915 5876 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
18:26:13.0931 5876 NTIDrvr - ok
18:26:13.0947 5876 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:26:14.0009 5876 Null - ok
18:26:14.0087 5876 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:26:14.0149 5876 NVHDA - ok
18:26:14.0837 5876 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:26:15.0196 5876 nvlddmkm - ok
18:26:15.0227 5876 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:26:15.0242 5876 nvraid - ok
18:26:15.0305 5876 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:26:15.0320 5876 nvstor - ok
18:26:15.0508 5876 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:26:15.0632 5876 nvsvc - ok
18:26:15.0679 5876 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:26:15.0710 5876 nv_agp - ok
18:26:15.0788 5876 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:26:15.0851 5876 ohci1394 - ok
18:26:15.0929 5876 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:26:15.0976 5876 ose - ok
18:26:16.0927 5876 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:26:17.0208 5876 osppsvc - ok
18:26:17.0270 5876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:26:17.0348 5876 p2pimsvc - ok
18:26:17.0380 5876 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:26:17.0520 5876 p2psvc - ok
18:26:17.0551 5876 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:26:17.0598 5876 Parport - ok
18:26:17.0645 5876 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:26:17.0676 5876 partmgr - ok
18:26:17.0723 5876 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:26:17.0770 5876 PcaSvc - ok
18:26:17.0863 5876 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:26:17.0910 5876 pci - ok
18:26:17.0941 5876 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:26:17.0957 5876 pciide - ok
18:26:18.0004 5876 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:26:18.0035 5876 pcmcia - ok
18:26:18.0066 5876 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:26:18.0082 5876 pcw - ok
18:26:18.0113 5876 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:26:18.0191 5876 PEAUTH - ok
18:26:18.0409 5876 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:26:18.0472 5876 PerfHost - ok
18:26:18.0612 5876 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:26:18.0752 5876 pla - ok
18:26:18.0830 5876 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:26:18.0908 5876 PlugPlay - ok
18:26:18.0955 5876 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:26:19.0002 5876 PNRPAutoReg - ok
18:26:19.0049 5876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:26:19.0064 5876 PNRPsvc - ok
18:26:19.0158 5876 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:26:19.0283 5876 PolicyAgent - ok
18:26:19.0314 5876 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:26:19.0392 5876 Power - ok
18:26:19.0470 5876 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:26:19.0548 5876 PptpMiniport - ok
18:26:19.0595 5876 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:26:19.0642 5876 Processor - ok
18:26:19.0829 5876 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:26:19.0907 5876 ProfSvc - ok
18:26:19.0922 5876 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:26:19.0938 5876 ProtectedStorage - ok
18:26:19.0985 5876 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:26:20.0047 5876 Psched - ok
18:26:20.0094 5876 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:26:20.0125 5876 PxHlpa64 - ok
18:26:20.0344 5876 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:26:20.0453 5876 ql2300 - ok
18:26:20.0515 5876 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:26:20.0562 5876 ql40xx - ok
18:26:20.0593 5876 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:26:20.0656 5876 QWAVE - ok
18:26:20.0687 5876 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:26:20.0734 5876 QWAVEdrv - ok
18:26:20.0765 5876 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:26:20.0843 5876 RasAcd - ok
18:26:20.0890 5876 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:26:20.0952 5876 RasAgileVpn - ok
18:26:21.0061 5876 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:26:21.0170 5876 RasAuto - ok
18:26:21.0217 5876 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:26:21.0311 5876 Rasl2tp - ok
18:26:21.0404 5876 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:26:21.0560 5876 RasMan - ok
18:26:21.0638 5876 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:26:21.0716 5876 RasPppoe - ok
18:26:21.0763 5876 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:26:21.0841 5876 RasSstp - ok
18:26:21.0919 5876 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:26:22.0028 5876 rdbss - ok
18:26:22.0122 5876 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:26:22.0169 5876 rdpbus - ok
18:26:22.0169 5876 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:26:22.0247 5876 RDPCDD - ok
18:26:22.0278 5876 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:26:22.0340 5876 RDPENCDD - ok
18:26:22.0356 5876 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:26:22.0434 5876 RDPREFMP - ok
18:26:22.0465 5876 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:26:22.0528 5876 RDPWD - ok
18:26:22.0606 5876 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:26:22.0637 5876 rdyboost - ok
18:26:22.0699 5876 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:26:22.0777 5876 RemoteAccess - ok
18:26:22.0855 5876 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:26:22.0933 5876 RemoteRegistry - ok
18:26:23.0089 5876 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
18:26:23.0120 5876 RichVideo64 - ok
18:26:23.0167 5876 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:26:23.0292 5876 RpcEptMapper - ok
18:26:23.0323 5876 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:26:23.0354 5876 RpcLocator - ok
18:26:23.0417 5876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:26:23.0495 5876 RpcSs - ok
18:26:23.0557 5876 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
18:26:23.0588 5876 RsFx0103 - ok
18:26:23.0620 5876 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:26:23.0698 5876 rspndr - ok
18:26:23.0776 5876 [ CE2EF8030932B98832EB2F9580C5B1DD ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:26:23.0807 5876 RSUSBSTOR - ok
18:26:23.0854 5876 [ 183C4139EC67E7506927DE5EAD28CAAE ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
18:26:23.0900 5876 rtl8192se - ok
18:26:23.0932 5876 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:26:23.0947 5876 SamSs - ok
18:26:24.0072 5876 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:26:24.0119 5876 sbp2port - ok
18:26:24.0166 5876 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:26:24.0244 5876 SCardSvr - ok
18:26:24.0290 5876 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:26:24.0368 5876 scfilter - ok
18:26:24.0540 5876 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:26:24.0696 5876 Schedule - ok
18:26:24.0727 5876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:26:24.0774 5876 SCPolicySvc - ok
18:26:24.0836 5876 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:26:24.0899 5876 SDRSVC - ok
18:26:24.0930 5876 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:26:25.0024 5876 secdrv - ok
18:26:25.0070 5876 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:26:25.0180 5876 seclogon - ok
18:26:25.0226 5876 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:26:25.0289 5876 SENS - ok
18:26:25.0320 5876 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:26:25.0382 5876 SensrSvc - ok
18:26:25.0414 5876 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:26:25.0476 5876 Serenum - ok
18:26:25.0507 5876 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:26:25.0554 5876 Serial - ok
18:26:25.0570 5876 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:26:25.0601 5876 sermouse - ok
18:26:25.0648 5876 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:26:25.0772 5876 SessionEnv - ok
18:26:25.0819 5876 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:26:25.0882 5876 sffdisk - ok
18:26:25.0897 5876 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:26:25.0944 5876 sffp_mmc - ok
18:26:25.0975 5876 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:26:26.0006 5876 sffp_sd - ok
18:26:26.0038 5876 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:26:26.0069 5876 sfloppy - ok
18:26:26.0131 5876 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:26:26.0240 5876 ShellHWDetection - ok
18:26:26.0272 5876 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:26:26.0303 5876 SiSRaid2 - ok
18:26:26.0365 5876 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:26:26.0428 5876 SiSRaid4 - ok
18:26:26.0771 5876 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:26:26.0911 5876 Skype C2C Service - ok
18:26:26.0974 5876 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:26:27.0005 5876 SkypeUpdate - ok
18:26:27.0036 5876 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:26:27.0114 5876 Smb - ok
18:26:27.0192 5876 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:26:27.0239 5876 SNMPTRAP - ok
18:26:27.0270 5876 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:26:27.0301 5876 spldr - ok
18:26:27.0410 5876 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:26:27.0504 5876 Spooler - ok
18:26:27.0613 5876 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:26:27.0800 5876 sppsvc - ok
18:26:27.0816 5876 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:26:27.0910 5876 sppuinotify - ok
18:26:28.0050 5876 [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:26:28.0050 5876 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4C33F139236FD9BD14A920F60C1CB072
18:26:28.0050 5876 sptd ( LockedFile.Multi.Generic ) - warning
18:26:28.0050 5876 sptd - detected LockedFile.Multi.Generic (1)
18:26:28.0222 5876 [ A5609D0178B2FEC118A7F4A24ECD1BFB ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:26:28.0268 5876 SQLAgent$SQLEXPRESS - ok
18:26:28.0362 5876 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:26:28.0409 5876 SQLBrowser - ok
18:26:28.0456 5876 [ C298D989D717CB153702E397B6D9AAAD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:26:28.0518 5876 SQLWriter - ok
18:26:28.0596 5876 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:26:28.0674 5876 srv - ok
18:26:28.0690 5876 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:26:28.0736 5876 srv2 - ok
18:26:28.0783 5876 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:26:28.0861 5876 srvnet - ok
18:26:28.0908 5876 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:26:29.0002 5876 SSDPSRV - ok
18:26:29.0033 5876 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:26:29.0158 5876 SstpSvc - ok
18:26:29.0204 5876 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:26:29.0236 5876 stexstor - ok
18:26:29.0314 5876 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:26:29.0376 5876 stisvc - ok
18:26:29.0407 5876 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:26:29.0423 5876 swenum - ok
18:26:29.0548 5876 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:26:29.0594 5876 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:26:29.0594 5876 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:26:29.0641 5876 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:26:29.0719 5876 swprv - ok
18:26:29.0766 5876 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:26:29.0782 5876 SynTP - ok
18:26:29.0891 5876 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:26:29.0969 5876 SysMain - ok
18:26:30.0016 5876 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:26:30.0125 5876 TabletInputService - ok
18:26:30.0187 5876 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:26:30.0250 5876 TapiSrv - ok
18:26:30.0296 5876 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:26:30.0359 5876 TBS - ok
18:26:30.0484 5876 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:26:30.0593 5876 Tcpip - ok
18:26:30.0671 5876 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:26:30.0733 5876 TCPIP6 - ok
18:26:30.0811 5876 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:26:30.0858 5876 tcpipreg - ok
18:26:30.0905 5876 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:26:30.0967 5876 TDPIPE - ok
18:26:31.0014 5876 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:26:31.0061 5876 TDTCP - ok
18:26:31.0123 5876 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:26:31.0217 5876 tdx - ok
18:26:31.0264 5876 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:26:31.0310 5876 TermDD - ok
18:26:31.0326 5876 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:26:31.0420 5876 TermService - ok
18:26:31.0513 5876 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:26:31.0560 5876 Themes - ok
18:26:31.0607 5876 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:26:31.0669 5876 THREADORDER - ok
18:26:31.0700 5876 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:26:31.0763 5876 TrkWks - ok
18:26:31.0903 5876 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:26:31.0997 5876 TrustedInstaller - ok
18:26:32.0059 5876 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:26:32.0246 5876 tssecsrv - ok
18:26:32.0293 5876 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:26:32.0356 5876 TsUsbFlt - ok
18:26:32.0418 5876 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:26:32.0496 5876 tunnel - ok
18:26:32.0527 5876 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:26:32.0543 5876 uagp35 - ok
18:26:32.0558 5876 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
18:26:32.0574 5876 UBHelper - ok
18:26:32.0621 5876 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:26:32.0699 5876 udfs - ok
18:26:32.0746 5876 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:26:32.0855 5876 UI0Detect - ok
18:26:32.0886 5876 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:26:32.0948 5876 uliagpkx - ok
18:26:33.0011 5876 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:26:33.0042 5876 umbus - ok
18:26:33.0089 5876 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:26:33.0136 5876 UmPass - ok
18:26:33.0292 5876 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:26:33.0354 5876 UNS - ok
18:26:33.0510 5876 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
18:26:33.0541 5876 Updater Service - ok
18:26:33.0588 5876 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:26:33.0682 5876 upnphost - ok
18:26:33.0744 5876 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:26:33.0791 5876 USBAAPL64 - ok
18:26:33.0838 5876 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:26:33.0916 5876 usbccgp - ok
18:26:33.0978 5876 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:26:34.0009 5876 usbcir - ok
18:26:34.0025 5876 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:26:34.0040 5876 usbehci - ok
18:26:34.0056 5876 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:26:34.0087 5876 usbhub - ok
18:26:34.0118 5876 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:26:34.0150 5876 usbohci - ok
18:26:34.0181 5876 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:26:34.0243 5876 usbprint - ok
18:26:34.0274 5876 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:26:34.0352 5876 USBSTOR - ok
18:26:34.0415 5876 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:26:34.0446 5876 usbuhci - ok
18:26:34.0540 5876 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:26:34.0586 5876 usbvideo - ok
18:26:34.0602 5876 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:26:34.0696 5876 UxSms - ok
18:26:34.0711 5876 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:26:34.0727 5876 VaultSvc - ok
18:26:34.0774 5876 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:26:34.0820 5876 vdrvroot - ok
18:26:34.0898 5876 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:26:34.0992 5876 vds - ok
18:26:35.0023 5876 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:26:35.0039 5876 vga - ok
18:26:35.0054 5876 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:26:35.0117 5876 VgaSave - ok
18:26:35.0164 5876 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:26:35.0195 5876 vhdmp - ok
18:26:35.0226 5876 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:26:35.0288 5876 viaide - ok
18:26:35.0320 5876 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:26:35.0351 5876 volmgr - ok
18:26:35.0382 5876 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:26:35.0413 5876 volmgrx - ok
18:26:35.0429 5876 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:26:35.0460 5876 volsnap - ok
18:26:35.0491 5876 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:26:35.0538 5876 vsmraid - ok
18:26:35.0616 5876 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:26:35.0710 5876 VSS - ok
18:26:35.0741 5876 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:26:35.0819 5876 vwifibus - ok
18:26:35.0897 5876 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:26:35.0959 5876 vwififlt - ok
18:26:35.0990 5876 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:26:36.0053 5876 W32Time - ok
18:26:36.0084 5876 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:26:36.0146 5876 WacomPen - ok
18:26:36.0224 5876 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:26:36.0271 5876 WANARP - ok
18:26:36.0287 5876 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:26:36.0334 5876 Wanarpv6 - ok
18:26:36.0568 5876 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:26:36.0911 5876 WatAdminSvc - ok
18:26:37.0036 5876 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:26:37.0145 5876 wbengine - ok
18:26:37.0192 5876 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:26:37.0254 5876 WbioSrvc - ok
18:26:37.0348 5876 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:26:37.0426 5876 wcncsvc - ok
18:26:37.0472 5876 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:26:37.0519 5876 WcsPlugInService - ok
18:26:37.0550 5876 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:26:37.0582 5876 Wd - ok
18:26:37.0613 5876 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:26:37.0660 5876 Wdf01000 - ok
18:26:37.0691 5876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:26:37.0816 5876 WdiServiceHost - ok
18:26:37.0831 5876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:26:37.0862 5876 WdiSystemHost - ok
18:26:37.0956 5876 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:26:38.0003 5876 WebClient - ok
18:26:38.0034 5876 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:26:38.0096 5876 Wecsvc - ok
18:26:38.0112 5876 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:26:38.0174 5876 wercplsupport - ok
18:26:38.0206 5876 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:26:38.0252 5876 WerSvc - ok
18:26:38.0268 5876 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:26:38.0346 5876 WfpLwf - ok
18:26:38.0393 5876 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:26:38.0424 5876 WIMMount - ok
18:26:38.0424 5876 WinHttpAutoProxySvc - ok
18:26:38.0486 5876 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:26:38.0580 5876 Winmgmt - ok
18:26:38.0658 5876 WinRing0_1_2_0 - ok
18:26:38.0845 5876 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:26:39.0017 5876 WinRM - ok
18:26:39.0110 5876 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:26:39.0188 5876 WinUsb - ok
18:26:39.0313 5876 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:26:39.0391 5876 Wlansvc - ok
18:26:39.0454 5876 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:26:39.0485 5876 WmiAcpi - ok
18:26:39.0516 5876 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:26:39.0563 5876 wmiApSrv - ok
18:26:39.0578 5876 WMPNetworkSvc - ok
18:26:39.0610 5876 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:26:39.0641 5876 WPCSvc - ok
18:26:39.0672 5876 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:26:39.0703 5876 WPDBusEnum - ok
18:26:39.0750 5876 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:26:39.0875 5876 ws2ifsl - ok
18:26:39.0890 5876 WSearch - ok
18:26:40.0046 5876 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:26:40.0171 5876 wuauserv - ok
18:26:40.0218 5876 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:26:40.0280 5876 WudfPf - ok
18:26:40.0312 5876 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:40.0374 5876 WUDFRd - ok
18:26:40.0421 5876 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:26:40.0468 5876 wudfsvc - ok
18:26:40.0483 5876 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:26:40.0530 5876 WwanSvc - ok
18:26:40.0561 5876 ================ Scan global ===============================
18:26:40.0577 5876 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:26:40.0655 5876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:26:40.0686 5876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:26:40.0717 5876 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:26:40.0748 5876 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
18:26:40.0748 5876 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 014A9CB92514E27C0107614DF764BC06
18:26:40.0748 5876 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
18:26:40.0748 5876 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
18:26:40.0764 5876 ================ Scan MBR ==================================
18:26:40.0764 5876 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:26:41.0575 5876 \Device\Harddisk0\DR0 - ok
18:26:41.0575 5876 ================ Scan VBR ==================================
18:26:41.0606 5876 [ 9FEE22DEF9F134AFD5927D043E145BB6 ] \Device\Harddisk0\DR0\Partition1
18:26:41.0638 5876 \Device\Harddisk0\DR0\Partition1 - ok
18:26:41.0684 5876 [ ED73FEDACC1B510CEB338FC3685657EE ] \Device\Harddisk0\DR0\Partition2
18:26:41.0700 5876 \Device\Harddisk0\DR0\Partition2 - ok
18:26:41.0716 5876 ============================================================
18:26:41.0716 5876 Scan finished
18:26:41.0716 5876 ============================================================
18:26:41.0731 5864 Detected object count: 4
18:26:41.0731 5864 Actual detected object count: 4
18:27:00.0826 5864 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:00.0826 5864 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:00.0826 5864 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:27:00.0826 5864 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:27:00.0826 5864 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:00.0826 5864 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:00.0935 5864 C:\Windows\system32\services.exe - copied to quarantine
18:27:53.0788 5864 Backup copy found, using it..
18:27:54.0037 5864 C:\Windows\system32\services.exe - will be cured on reboot
18:27:54.0037 5864 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
18:27:57.0547 5956 Deinitialize success


TDS-log 2:

18:30:16.0921 1316 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:30:17.0015 1316 ============================================================
18:30:17.0015 1316 Current date / time: 2012/11/26 18:30:17.0015
18:30:17.0015 1316 SystemInfo:
18:30:17.0015 1316
18:30:17.0015 1316 OS Version: 6.1.7601 ServicePack: 1.0
18:30:17.0015 1316 Product type: Workstation
18:30:17.0015 1316 ComputerName: PC-MATHIAS
18:30:17.0015 1316 UserName: Mathias
18:30:17.0015 1316 Windows directory: C:\Windows
18:30:17.0015 1316 System windows directory: C:\Windows
18:30:17.0015 1316 Running under WOW64
18:30:17.0015 1316 Processor architecture: Intel x64
18:30:17.0015 1316 Number of processors: 2
18:30:17.0015 1316 Page size: 0x1000
18:30:17.0015 1316 Boot type: Normal boot
18:30:17.0015 1316 ============================================================
18:30:19.0152 1316 BG loaded
18:30:20.0244 1316 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:20.0275 1316 ============================================================
18:30:20.0275 1316 \Device\Harddisk0\DR0:
18:30:20.0291 1316 MBR partitions:
18:30:20.0291 1316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
18:30:20.0291 1316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
18:30:20.0291 1316 ============================================================
18:30:20.0322 1316 C: <-> \Device\Harddisk0\DR0\Partition2
18:30:20.0322 1316 ============================================================
18:30:20.0322 1316 Initialize success
18:30:20.0322 1316 ============================================================
18:36:22.0102 2624 Deinitialize success


Combofix log:

ComboFix 12-11-26.02 - Mathias 26-11-2012 19:43:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.6007.3833 [GMT 1:00]
Kører fra: c:\users\Mathias\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mathias\AppData\Roaming\Microsoft\~DFKaa3d8f.tmp
c:\users\Mathias\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Mathias\AppData\Roaming\Microsoft\bass.dll
c:\users\Mathias\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Mathias\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Mathias\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Mathias\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Mathias\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Mathias\Documents\~WRL0005.tmp
c:\users\Mathias\Documents\~WRL3609.tmp
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-10-26 til 2012-11-26 )))))))))))))))))))))))))))))))))))
.
.
2012-11-26 18:52 . 2012-11-26 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 17:27 . 2012-11-26 17:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-26 17:12 . 2012-11-26 17:12 -------- d-----w- C:\_OTL
2012-11-20 15:49 . 2012-11-20 15:49 -------- d-----w- c:\program files\VideoLAN
2012-11-20 15:48 . 2012-11-20 15:48 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-20 15:48 . 2012-11-20 15:48 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-20 15:48 . 2012-11-20 15:48 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-20 15:48 . 2012-11-20 15:48 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-20 15:48 . 2012-11-20 15:48 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-20 15:48 . 2012-11-20 15:48 188904 ----a-w- c:\windows\system32\java.exe
2012-11-20 15:48 . 2012-11-20 15:48 -------- d-----w- c:\program files\Java
2012-11-20 15:43 . 2012-11-20 15:43 -------- d-----w- c:\users\Mathias\AppData\Roaming\Avira
2012-11-20 15:37 . 2012-11-26 11:54 -------- d-----w- c:\users\Mathias\AppData\Local\DoNotTrackPlus
2012-11-20 15:37 . 2012-11-20 15:37 -------- d-----w- c:\users\Mathias\AppData\Local\AskToolbar
2012-11-20 15:37 . 2012-11-20 15:37 -------- d-----w- c:\program files (x86)\Ask.com
2012-11-20 15:36 . 2012-11-07 15:03 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-20 15:36 . 2012-11-07 15:03 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-20 15:36 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-20 15:36 . 2012-11-20 15:37 -------- d-----w- c:\programdata\Avira
2012-11-20 15:36 . 2012-11-20 15:36 -------- d-----w- c:\program files (x86)\Avira
2012-11-20 15:19 . 2012-11-20 15:19 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-11-14 20:22 . 2012-07-26 07:31 2560 ----a-w- c:\windows\system32\drivers\da-DK\wdf01000.sys.mui
2012-11-14 20:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 20:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 20:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 20:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 20:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 20:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 20:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 20:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 20:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 20:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-11 15:48 . 2012-11-11 15:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-11 15:48 . 2012-11-11 15:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-11 15:48 . 2012-11-11 15:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-11 15:48 . 2012-11-11 15:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-11 15:48 . 2012-11-11 15:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-11 15:48 . 2012-11-11 15:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-11 15:48 . 2012-11-11 15:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-11 15:48 . 2012-11-11 15:48 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 17:28 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-11-25 19:09 . 2012-04-03 08:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 19:09 . 2011-05-13 20:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 20:13 . 2010-11-01 15:15 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-03 17:44 . 2012-11-14 13:50 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-09-29 17:54 . 2012-06-06 12:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 20:29 . 2012-09-27 20:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-27 20:29 . 2012-06-09 15:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-27 20:29 . 2011-11-19 12:12 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 14:14 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 14:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 14:14 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 14:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 14:14 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 14:14 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
"Facebook Update"="c:\users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-03 138096]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-09-15 1397144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify Web Helper"="c:\users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-06 1199576]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-03 1480032]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-06 384800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AWMouseCI.lnk - c:\program files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe [2009-6-25 831488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-04-19 245280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-01 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-10-16 868848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 84256]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-11-06 561952]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-03-17 866336]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2000-01-01 1108000]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:09]
.
2012-11-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
- c:\users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-12 19:31]
.
2012-11-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
- c:\users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-12 19:31]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 16:31]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 16:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mathias\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-04-09 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-03-17 860704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2009-05-20 57672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 130576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1873256]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11905128]
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tm85&r=273610109835l0434z175f4692c581
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0406&m=easynote_tm85&r=273610109835l0434z175f4692c581
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: S&end til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: danskebank.dk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\aes4uofn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: 2012-11-20 16:37; [email protected]; c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\aes4uofn.default\extensions\[email protected]
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-35664347.sys
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_¾\00\00¾\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¾\00\00¾\00\00\00\00t\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1709520675-535397089-2455195078-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1709520675-535397089-2455195078-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Gennemført tid: 2012-11-26 20:02:18 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-11-26 19:02
.
Pre-Kørsel: 310.711.472.128 byte ledig
Post-Kørsel: 310.479.187.968 byte ledig
.
- - End Of File - - AC6589F6F208A0F4727127CD8E989F25
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK TDSSKiller fixed services for you :)

Combofix looks nice

If you could now update Malwarebytes, run a quick scan and post the resultant log along with any problems you are still experiencing
  • 0

#8
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
The computer seems to run fine now, but I'm not sure it wont appear again. Shall I give it a day or two and get back to you?

The virus restarted, slowed, freezed and got the PC into BIOS and all sorts of nasty stuff.

Thanks for your help so far!!!

A cup of coffee has been donated.

Edited by moriarty, 26 November 2012 - 01:27 PM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For sure, the initial freeze when you experienced the malware was as it replaced services.exe on the fly
  • 0

#10
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Malwarebytes Log:

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias :: PC-MATHIAS [administrator]

Beskyttelse: Slået til

26-11-2012 20:20:43
mbam-log-2012-11-26 (20-20-43).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 214856
Tid gået: 4 minut(ter),

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK beat it to death for a while to ensure all is OK :lol:
  • 0

#12
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Will do! - and I'll get back to you.

Thank you once again Essex. Means more than you think.

// Mathias
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:cheers: .. No smileys for tea and biccies :lol:
  • 0

#14
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Well, mixed feelings here.

It's definitely better. For sure.

But it has gone into BIOS/restart two times today. On simple tasks. And Internet Explorer and Firefox ran very slow when I first turned on my computer.
It seems to be better now though.

What do you suggest?
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When it restarted did you get a blue screen ?

Or did it just reboot of its own accord
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP