Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake Adobe Update tryed to get installed. What to do? [Solved]

Started by SamStencil , May 25 2013 11:20 AM

  • This topic is locked This topic is locked

#1
SamStencil
Posted 25 May 2013 - 11:20 AM

SamStencil

    Member

  • Member
  • PipPip
  • 42 posts
Hello guys again!

Something weird just happened. I was at google and accidentally clicked on a trusted site in my fave bar and it entered the page and right away went to the "adobe flash update page" and also right away it started the download of a .zip file, pobably named adobe_flash_update or something. I found it suspect, cause the page shouldn't have a link at all that uses flash and since I hadn't clicked anything... I got desperate and tried to stop the download but it was too fast, but Chrome showed then the message that "It's not usual from Adobe to download directly" and if I wanted to discard the download and so I clicked discard.
I've checked my Download Folder and the file wasn't there. Scanned the computer with Malwarebytes and AVG and both say it's alright but I'm afraid something might have gotten in. I've found an article about this kind of trojan and would like to know if it only "works" if you really install it.
Can you guys help me?

thank you very much!

Sam
  • 0

Advertisements

#2
Nutloaf
Posted 25 May 2013 - 08:27 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello SamStencil :welcome:

My name is Nutloaf, and I will be helping you with your malware issues.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please take time to read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference. Also, some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally
Removing malware is a complicated multiple step process, please stay with me until I have declared your system clean.

Well lets have a look at what is going on then!

Is the computer running as normal or are there any symptoms?

DOWNLOAD OTL
  • Using this link Download OTL and save it to your Desktop
  • If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

  • 0

#3
SamStencil
Posted 26 May 2013 - 05:28 AM

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi Nutloaf!

The computer is actually working normal until now.

Here are the reports:

OTL logfile created on: 26.05.2013 13:15:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Test\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,95 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 51,49% Memory free
7,90 Gb Paging File | 5,37 Gb Available in Paging File | 68,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,82 Gb Total Space | 385,59 Gb Free Space | 85,53% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 0,28 Gb Free Space | 1,90% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32

Computer Name: TEST-HP | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.26 13:11:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
PRC - [2013.05.17 16:55:38 | 028,711,576 | ---- | M] (Dropbox, Inc.) -- C:\Users\Test\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.12.13 13:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.12.10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010.11.18 12:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010.11.09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.14 04:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.05.16 01:45:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 01:44:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.16 01:44:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Test\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.01.13 20:11:09 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll
MOD - [2013.01.13 20:11:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll
MOD - [2013.01.11 17:47:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 17:47:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 17:46:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 17:46:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 17:46:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Test\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.01.04 23:08:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.18 13:07:50 | 001,700,920 | ---- | M] () -- C:\Users\Test\AppData\Roaming\PictureMover\DE-DE\Presentation.dll
MOD - [2010.11.18 12:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Test\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.12.18 01:32:48 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.14 00:04:46 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.08.05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.19 03:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.18 02:04:50 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.12.18 00:55:34 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.14 00:04:48 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.12.10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.08 23:30:00 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.11.29 07:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.11.29 07:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.03 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yah...psg&type=HPNTDF
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Test\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Test\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Test\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Test\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Test\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)


[2012.09.06 12:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Test\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2013.02.08 00:23:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E2B592-E29E-4EC0-866E-E731AC464C9D}: DhcpNameServer = 40.6.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A8F414-99C9-4018-B550-0EF729867CD4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.26 13:11:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2013.05.18 00:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013.05.16 01:36:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 01:36:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 01:36:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 01:36:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 01:36:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 01:36:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 01:36:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 01:36:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 01:36:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 01:36:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 01:36:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 01:36:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 01:36:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 01:36:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 01:36:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 22:44:51 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 22:44:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 22:44:41 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 22:44:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 22:44:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 22:44:40 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 22:44:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Mozilla
[2013.05.13 22:52:35 | 000,000,000 | ---D | C] -- C:\Users\Test\Desktop\Typographie
[2013.05.13 21:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2013.04.30 20:25:48 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Local\{5E33E3EC-28F9-471A-B554-C5E9378CB7E3}
[1 C:\Users\Test\*.tmp files -> C:\Users\Test\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.26 13:15:04 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 13:15:04 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 13:11:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2013.05.26 13:07:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.26 13:07:32 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 03:25:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1744890044-3013452961-4028736095-1000UA.job
[2013.05.25 22:17:16 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.25 22:17:16 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.25 22:17:16 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.25 22:17:16 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.25 22:17:16 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.25 21:25:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1744890044-3013452961-4028736095-1000Core.job
[2013.05.23 23:06:19 | 000,001,047 | ---- | M] () -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.19 19:23:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTest.job
[2013.05.17 20:06:29 | 005,043,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 21:29:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTEST-HP$.job
[2013.05.16 21:10:35 | 000,005,851 | ---- | M] () -- C:\Users\Test\AppData\Local\recently-used.xbel
[1 C:\Users\Test\*.tmp files -> C:\Users\Test\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.16 21:10:35 | 000,005,851 | ---- | C] () -- C:\Users\Test\AppData\Local\recently-used.xbel
[2013.05.13 21:31:06 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.11.01 23:39:05 | 000,015,861 | ---- | C] () -- C:\Users\Test\New document 5.2012_11_01_22_39_05.0.svg
[2012.03.27 19:09:30 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.31 02:46:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.31 02:40:07 | 000,002,901 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.05.31 02:35:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.11.08 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.04.23 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Amazon
[2013.04.14 22:54:02 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Audacity
[2012.11.02 19:39:57 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\AVG2013
[2013.02.01 01:28:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.01.30 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.05.26 13:08:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Dropbox
[2012.04.18 23:36:08 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Fox Dgital Copy
[2013.05.25 18:57:10 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\inkscape
[2013.04.05 21:39:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Notepad++
[2013.01.30 21:45:31 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\PDAppFlex
[2012.03.26 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\PictureMover
[2013.05.17 00:15:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\SoftGrid Client
[2013.01.30 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.26 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Synaptics
[2013.02.09 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2012.04.02 10:48:31 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Tific
[2012.03.27 19:10:10 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TP
[2012.11.02 19:39:16 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TuneUp Software
[2012.05.03 17:47:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.01.04 23:25:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.01.04 23:20:11 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.01.04 23:25:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.01.04 23:20:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.01.04 23:25:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.01.04 23:20:11 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.01.04 23:25:14 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.01.04 23:20:11 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.01.04 23:25:14 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.01.04 23:25:14 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 362C-E7E6
Verzeichnis von C:\
14.07.2009 07:08 <VERBINDUNG> Documents and Settings [D:\Users]
26.03.2012 13:17 <VERBINDUNG> Dokumente und Einstellungen [C:\Users]
26.03.2012 13:17 <VERBINDUNG> Programme [C:\Program Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files
26.03.2012 13:17 <VERBINDUNG> Gemeinsame Dateien [C:\Program Files\Common Files]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Program Files\Windows NT
26.03.2012 13:17 <VERBINDUNG> Zubeh”r [C:\Program Files\Windows NT\Accessories]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData
26.03.2012 13:17 <VERBINDUNG> Anwendungsdaten [C:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Application Data [D:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Desktop [D:\Users\Public\Desktop]
14.07.2009 07:08 <VERBINDUNG> Documents [D:\Users\Public\Documents]
26.03.2012 13:17 <VERBINDUNG> Dokumente [C:\Users\Public\Documents]
26.03.2012 13:17 <VERBINDUNG> Favoriten [C:\Users\Public\Favorites]
14.07.2009 07:08 <VERBINDUNG> Favorites [D:\Users\Public\Favorites]
14.07.2009 07:08 <VERBINDUNG> Start Menu [D:\ProgramData\Microsoft\Windows\Start Menu]
26.03.2012 13:17 <VERBINDUNG> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 07:08 <VERBINDUNG> Templates [D:\ProgramData\Microsoft\Windows\Templates]
26.03.2012 13:17 <VERBINDUNG> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu
26.03.2012 13:17 <VERBINDUNG> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users
14.07.2009 07:08 <SYMLINKD> All Users [D:\ProgramData]
14.07.2009 07:08 <VERBINDUNG> Default User [D:\Users\Default]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default
26.03.2012 13:17 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Roaming]
14.07.2009 07:08 <VERBINDUNG> Application Data [D:\Users\Default\AppData\Roaming]
14.07.2009 07:08 <VERBINDUNG> Cookies [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
26.03.2012 13:17 <VERBINDUNG> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26.03.2012 13:17 <VERBINDUNG> Eigene Dateien [C:\Users\Default\Documents]
14.07.2009 07:08 <VERBINDUNG> Local Settings [D:\Users\Default\AppData\Local]
26.03.2012 13:17 <VERBINDUNG> Lokale Einstellungen [C:\Users\Default\AppData\Local]
14.07.2009 07:08 <VERBINDUNG> My Documents [D:\Users\Default\Documents]
14.07.2009 07:08 <VERBINDUNG> NetHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26.03.2012 13:17 <VERBINDUNG> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009 07:08 <VERBINDUNG> PrintHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009 07:08 <VERBINDUNG> Recent [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009 07:08 <VERBINDUNG> SendTo [D:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009 07:08 <VERBINDUNG> Start Menu [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
26.03.2012 13:17 <VERBINDUNG> Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009 07:08 <VERBINDUNG> Templates [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
26.03.2012 13:17 <VERBINDUNG> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Local
26.03.2012 13:17 <VERBINDUNG> Anwendungsdaten [C:\Users\Default\AppData\Local]
14.07.2009 07:08 <VERBINDUNG> Application Data [D:\Users\Default\AppData\Local]
14.07.2009 07:08 <VERBINDUNG> History [D:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009 07:08 <VERBINDUNG> Temporary Internet Files [D:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
26.03.2012 13:17 <VERBINDUNG> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
26.03.2012 13:17 <VERBINDUNG> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Default\Documents
26.03.2012 13:17 <VERBINDUNG> Eigene Bilder [C:\Users\Default\Pictures]
26.03.2012 13:17 <VERBINDUNG> Eigene Musik [C:\Users\Default\Music]
26.03.2012 13:17 <VERBINDUNG> Eigene Videos [C:\Users\Default\Videos]
14.07.2009 07:08 <VERBINDUNG> My Music [D:\Users\Default\Music]
14.07.2009 07:08 <VERBINDUNG> My Pictures [D:\Users\Default\Pictures]
14.07.2009 07:08 <VERBINDUNG> My Videos [D:\Users\Default\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Public\Documents
26.03.2012 13:17 <VERBINDUNG> Eigene Bilder [C:\Users\Public\Pictures]
26.03.2012 13:17 <VERBINDUNG> Eigene Musik [C:\Users\Public\Music]
26.03.2012 13:17 <VERBINDUNG> Eigene Videos [C:\Users\Public\Videos]
14.07.2009 07:08 <VERBINDUNG> My Music [D:\Users\Public\Music]
14.07.2009 07:08 <VERBINDUNG> My Pictures [D:\Users\Public\Pictures]
14.07.2009 07:08 <VERBINDUNG> My Videos [D:\Users\Public\Videos]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Test
26.03.2012 13:17 <VERBINDUNG> Anwendungsdaten [C:\Users\Test\AppData\Roaming]
26.03.2012 13:17 <VERBINDUNG> Cookies [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Cookies]
26.03.2012 13:17 <VERBINDUNG> Druckumgebung [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26.03.2012 13:17 <VERBINDUNG> Eigene Dateien [C:\Users\Test\Documents]
26.03.2012 13:17 <VERBINDUNG> Lokale Einstellungen [C:\Users\Test\AppData\Local]
26.03.2012 13:17 <VERBINDUNG> Netzwerkumgebung [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26.03.2012 13:17 <VERBINDUNG> Recent [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Recent]
26.03.2012 13:17 <VERBINDUNG> SendTo [C:\Users\Test\AppData\Roaming\Microsoft\Windows\SendTo]
26.03.2012 13:17 <VERBINDUNG> Startmen [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu]
26.03.2012 13:17 <VERBINDUNG> Vorlagen [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Templates]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Test\AppData\Local
26.03.2012 13:17 <VERBINDUNG> Anwendungsdaten [C:\Users\Test\AppData\Local]
26.03.2012 13:17 <VERBINDUNG> Temporary Internet Files [C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files]
26.03.2012 13:17 <VERBINDUNG> Verlauf [C:\Users\Test\AppData\Local\Microsoft\Windows\History]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu
26.03.2012 13:17 <VERBINDUNG> Programme [C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Test\Documents
26.03.2012 13:17 <VERBINDUNG> Eigene Bilder [C:\Users\Test\Pictures]
26.03.2012 13:17 <VERBINDUNG> Eigene Musik [C:\Users\Test\Music]
26.03.2012 13:17 <VERBINDUNG> Eigene Videos [C:\Users\Test\Videos]
0 Datei(en), 0 Bytes
Anzahl der angezeigten Dateien:
0 Datei(en), 0 Bytes
71 Verzeichnis(se), 414.011.572.224 Bytes frei

< End of report >

--------------------------------

OTL Extras logfile created on: 26.05.2013 13:15:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Test\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,95 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 51,49% Memory free
7,90 Gb Paging File | 5,37 Gb Available in Paging File | 68,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,82 Gb Total Space | 385,59 Gb Free Space | 85,53% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 0,28 Gb Free Space | 1,90% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32

Computer Name: TEST-HP | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CDB88CE-126F-4989-A642-FB99F632993C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{224C0BC4-4D48-474C-9A41-5EA6DBE0A980}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{284AF42A-D444-4484-B112-CB1084981569}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DA6449A-7CB9-4EFD-8663-26D514D9A7CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EEB1D4D-1E4F-4CE8-B879-BF59C60AF488}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47A69CF3-6214-43D6-8269-C7DFF79FBF10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EDD0413-AFCD-4404-9426-561E1FA1DFAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{623BDC7A-BF1D-4760-83EE-D800ACB27C0B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0E56CF2-531E-485C-9BF2-50019057051C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B1F51563-5355-41F3-8A78-B8C5E47E6BDD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CAE4B562-DB3F-4719-BC34-E92F437C9D8C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF08F03A-EFFB-4289-8691-7C7078A08F3E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D5DB8900-51CA-4FC6-96A1-BF9EE3B0FD3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068FCBA-5D8C-4B6A-8F08-27716E09BD3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{105A7050-F75F-4CB7-8E5E-D6747E8AE6DD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{11DF1922-8B55-4D10-A026-DB68778E2CEE}" = protocol=6 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"{15AD9B75-D22F-47D2-B8A6-04006931959D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1EBE2F3A-CBFC-4DE6-B4DB-BEC6B2D88EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{24E1B23C-0856-4EF7-863F-7ECC275F560C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2E86E457-D2FA-4669-B3EB-0B9887255C78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31837D99-CAA0-447B-8311-19B4862025E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{34BE8681-138B-4FBB-BA26-09BA50F02661}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{4CF44ECC-AD5E-4DAF-9BAE-1F36B2D2F8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6A47C7E0-121C-4388-8815-F656C5B0C533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EF04ED3-02D8-4619-AA77-7E921F2C7079}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7774BD07-97A4-485E-98C7-37F409AC6C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{835FAD4B-EB09-4A1E-AA05-8E0F25F4F68E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84844AA3-D327-41F6-AE4D-D2F9D98EC0E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8D15EBCC-9A71-4B91-8E6D-89AD06F6C209}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{92B6B6BE-840E-4000-88DB-64B068A464B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{95794DD3-63FB-429C-84A2-F31EE5A73AB8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{98A37C80-6272-4775-8720-32DAE5EB3B97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B0154E5-64CC-4E8F-B307-9F3AEC762E2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F832313-1100-4F78-AE62-A7CC0DCCDD19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1BAA985-AFD5-4EA2-ACEA-75C54A31038D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{A94F7213-B73A-40BD-8637-C061AEAD4763}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{AA9996EA-715E-4CFA-8FA3-67A7B1C97268}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{AEA9B5E0-801F-437B-B506-836E550234F1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{B866B076-5AC0-4A8F-BB3B-6BA65AEDB3FF}" = protocol=6 | dir=out | app=system |
"{BAEF1E97-2303-4E5A-A935-F2F5431AF637}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFE991A8-11FB-47D2-A873-FCA852AB83AF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{CFF0C964-6198-4620-8F5A-C1A2DAD3095B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D24C6643-7E05-4CED-9FF4-4EC454AD63B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D35D9F35-9A2B-4B92-91C8-482519EBFEAE}" = protocol=6 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCC95CB2-F19E-454F-9BA8-4703510229E6}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{DF4B0493-B874-4F2D-86EB-2254B93F1B61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E061D227-64B0-4FC9-BDA3-797D8AED6178}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6E859B3-E31D-4AB3-825A-DCE84CC77630}" = protocol=17 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9611F2C-7E09-470D-B0FF-916B42C0760A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED256DBE-6337-4EF2-9EA2-C73F09227A15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEABC829-D994-4AC7-97C3-F652B5CCA348}" = protocol=17 | dir=in | app=c:\users\test\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0D16AD7-E71B-47C4-ACEE-26958302B21E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14FCF290-82AB-421A-9034-636EF90EB9E5}" = AVG 2013
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0A6BB10-CC5D-BDB8-6EF6-F9817F9CBECE}" = ATI Catalyst Install Manager
"{D2458705-A810-63B8-0FD5-C0DB30F1294A}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033FB210-6390-F594-691B-336F34197698}" = CCC Help Finnish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22C8EC80-0866-4122-A9D3-0C89B35CD358}" = Catalyst Control Center Profiles Mobile
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2E98073C-A62D-2C9E-3729-3ABFDC23EA26}" = CCC Help Portuguese
"{2EEA0953-E1BB-595A-9C97-5299F17F4FCE}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4EFEA7DE-A061-1B59-1AF7-24457B5376F8}" = CCC Help Korean
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53CD60C7-12F9-420D-A9BF-EC8D815475A9}" = HP Documentation
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C8F9B7-61D9-9AAE-9788-46FBA690C927}" = CCC Help Thai
"{6A068745-2B19-9131-2337-3987B7EE2139}" = CCC Help Chinese Standard
"{6A440BB0-FCBB-1894-91DF-CC77D3552676}" = CCC Help Dutch
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7607DD9E-FA07-AD76-CEAB-174EA6B6EFC6}" = CCC Help Russian
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{81A9D294-775E-4535-F2AC-82AC8BD5F314}" = CCC Help Chinese Traditional
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{878DD5CB-4723-D481-E75B-16D5E4B14EB4}" = CCC Help French
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89857FF8-4D1C-1628-13C2-6EB7A2226302}" = Catalyst Control Center InstallProxy
"{8BFA58D0-D782-8F29-DF73-01658852C812}" = CCC Help Spanish
"{8C02EB1E-1C4B-B42E-8104-3D372C08FDBD}" = PX Profile Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{912FFBD2-DAB4-D1BC-F29D-D9A0667818F3}" = CCC Help German
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A69CF711-D6DD-4BE3-A172-E1E7863715DB}" = CCC Help Czech
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD1D0003-239E-D78B-0714-9EB950932861}" = CCC Help Japanese
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCC34B21-6BEC-C785-D4EC-C323D73974D1}" = CCC Help Italian
"{BD185B24-9653-4C3E-EC62-2232D825E40C}" = CCC Help Danish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE36E13E-6A81-9B81-F4AC-FB03465043FC}" = Catalyst Control Center Localization All
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4D2CC53-8327-740B-31B2-DE7B0CBF5CCC}" = ccc-core-static
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C7D00998-8CC9-C0E0-EFC0-8DB857D3749C}" = CCC Help English
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5192A10-F4FB-EC5C-CB00-41448A6664E2}" = CCC Help Greek
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22C1F3D-1B96-4A87-0419-58475A6BDD85}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EC584A7F-943B-0E0F-0112-C4CF47619E18}" = CCC Help Hungarian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FF3357CE-5663-8C90-33E8-E04BD1BB69FF}" = CCC Help Swedish
"{FFB81EF3-CAB3-1A6F-D816-51079C4C057C}" = Catalyst Control Center Graphics Previews Common
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 2.0.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBits Magic Desktop" = Magic Desktop
"Inkscape" = Inkscape 0.48.4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"My HP Game Console" = HP Game Console
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25.02.2013 14:45:17 | Computer Name = Test-HP | Source = ESENT | ID = 455
Description = Windows (4448) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00023.log.

Error - 25.02.2013 14:45:18 | Computer Name = Test-HP | Source = Windows Search Service | ID = 9000
Description =

Error - 25.02.2013 14:45:18 | Computer Name = Test-HP | Source = Windows Search Service | ID = 7040
Description =

Error - 25.02.2013 14:45:18 | Computer Name = Test-HP | Source = Windows Search Service | ID = 7042
Description =

Error - 25.02.2013 14:45:18 | Computer Name = Test-HP | Source = Windows Search Service | ID = 9002
Description =

Error - 25.02.2013 14:45:18 | Computer Name = Test-HP | Source = Windows Search Service | ID = 3029
Description =

Error - 25.02.2013 14:45:22 | Computer Name = Test-HP | Source = Windows Search Service | ID = 3029
Description =

Error - 25.02.2013 14:45:22 | Computer Name = Test-HP | Source = Windows Search Service | ID = 3028
Description =

Error - 25.02.2013 14:45:22 | Computer Name = Test-HP | Source = Windows Search Service | ID = 3058
Description =

Error - 25.02.2013 14:45:22 | Computer Name = Test-HP | Source = Windows Search Service | ID = 7010
Description =

[ Hewlett-Packard Events ]
Error - 21.04.2012 14:52:42 | Computer Name = Test-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12.05.2012 16:07:41 | Computer Name = Test-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/28bb4511_d378_4c21_9c52_930a4f7ef51e/4eacs3uyu2cn0thehiqyb_45_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 4043 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 12.05.2012 16:08:33 | Computer Name = Test-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12.05.2012 16:08:52 | Computer Name = Test-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 02.06.2012 06:36:59 | Computer Name = Test-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 28.04.2012 19:01:58 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.04.29 01:01:58.786|000008EC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 28.04.2012 19:02:00 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.04.29 01:02:00.692|00000A88|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 02.05.2012 17:37:34 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.02 23:37:34.884|0000189C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 02.05.2012 17:37:41 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.02 23:37:41.705|0000045C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 05.05.2012 13:42:01 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.05 19:42:01.413|00000D88|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12.05.2012 15:03:46 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.12 21:03:46.495|0000046C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12.05.2012 16:08:41 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.12 22:08:41.281|00001110|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 12.05.2012 16:08:44 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.12 22:08:44.312|00000DAC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19.05.2012 05:52:21 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.19 11:52:21.768|00000840|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 19.05.2012 05:52:26 | Computer Name = Test-HP | Source = CaslWmi | ID = 5
Description = 2012.05.19 11:52:26.411|000015C0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 26.03.2012 07:19:24 | Computer Name = Test-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 26.03.2012 07:19:29 | Computer Name = Test-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 26.03.2012 07:19:34 | Computer Name = Test-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 26.03.2012 07:19:39 | Computer Name = Test-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 26.03.2012 07:19:44 | Computer Name = Test-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 26.03.2012 07:19:49 | Computer Name = Test-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 26.03.2012 07:20:49 | Computer Name = Test-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 25.05.2013 13:25:49 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 25.05.2013 13:26:00 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 25.05.2013 14:27:20 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 25.05.2013 14:51:08 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 25.05.2013 14:51:17 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 25.05.2013 21:47:51 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 26.05.2013 04:38:33 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 26.05.2013 04:40:33 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 26.05.2013 07:07:40 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5

Error - 26.05.2013 07:07:47 | Computer Name = Test-HP | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5


< End of report >

-----------------------


Thanks for the quick answer
  • 0

#4
Nutloaf
Posted 26 May 2013 - 08:13 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there thanks for the logs. I am reviewing these now and will get back to you in a while. Posted Image
  • 0

#5
Nutloaf
Posted 26 May 2013 - 11:34 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello SamStencil.

Your log is looking O.K, so lets carry out some checks here.

You have Java installed, are you sure you need this? My advice is to get rid! If a program you have needs Java the carry on with step 3 below and make sure to disable it in your web browsers. keeping Java up to date is crucial

1. Run ADWcleaner

2. Security Check
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

3. UPDATE JAVA
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.
Please download JavaRa v2.1 to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
  • How to disable Java in your web browsers - Disable Java


Things I want to see in your next post.
  • ADWcleaner Scan results
  • Checkup.txt

  • 0

#6
SamStencil
Posted 26 May 2013 - 12:00 PM

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi Nutloaf

here are the next logs...I'm not really sure about my Java version, does it show in the JavaRa then?
EDIT: nevermind! already unninstalled Java with JavaRa.. I thought it would show up older versions of Java in the list :)


# AdwCleaner v2.301 - Datei am 26/05/2013 um 19:53:11 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Test - TEST-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Test\Desktop\AdwCleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\ClickIT
Ordner Gefunden : C:\Users\Test\Desktop\Save

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gefunden : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1263 octets] - [26/05/2013 19:52:29]
AdwCleaner[R2].txt - [1194 octets] - [26/05/2013 19:53:11]

########## EOF - C:\AdwCleaner[R2].txt - [1254 octets] ##########








Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Google Chrome 27.0.1453.93
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Edited by SamStencil, 26 May 2013 - 12:14 PM.

  • 0

#7
Nutloaf
Posted 26 May 2013 - 02:06 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Sam, good job with Java you just improved your chances of not getting infected Posted Image

I have posted to my instructor and will post once given clearance. :)
  • 0

#8
Nutloaf
Posted 26 May 2013 - 08:59 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
My instructor is really busy tonight so hang on in there, once we get going there will be no stopping us Posted Image
  • 0

#9
Nutloaf
Posted 27 May 2013 - 08:34 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Sam, I've got a few things for you to do here to check all the junk is cleared.

1. Junkware Removal Tool
Posted Image 1. Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

2. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:OTL
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

:COMMANDS
[EMPTYTEMP]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

RUN MALWAREBYTES
  • Open Malwarebytes select the Updates Tab - Select Check for Updates then O.K
  • Once complete click Scanner Tab - Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs tab then Open log I need to see this.


ESET SCAN
Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next post.
  • Jrt.txt
  • OTL Fix.txt
  • Malwarebytes Log
  • ESET results
  • How is the computer now, any problems?

  • 0

#10
SamStencil
Posted 27 May 2013 - 01:02 PM

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hey...

Computer's working normally I'd say...

Before starting the ESET part, do I need to deactivate AVG again?

Here are the logs for JRT, OTL and Malwarebytes:



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Test on 27.05.2013 at 20:42:06,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{00380527-8BF4-40A2-A585-AE2A27AD0787}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{00D74483-CAF5-4AF5-91F1-3006BF16EC24}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{00E38D41-1272-4964-A3AF-06B35AE5B09E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{018F22D1-4F6E-42C3-9CD8-A6BF343C6415}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{0228E2A7-A4B7-4E89-AAEE-7FA635A5314D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{047FB571-A158-4047-A48C-6D9B7A9C8902}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{05263F15-C13B-4FC1-848C-DD3BB61C4179}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{053EC135-B41C-4A91-B186-FA9DAB34A492}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{05B3EB18-3677-4C2D-9590-836424CB760C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{0D589787-4D66-44F1-95FB-C33D0151EFDB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{0DD83D74-4B86-4C6B-941A-257ECDE2BDCD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{0EB1ABF9-B1F6-447E-96A9-A2D4FF130590}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{0F2B5B2D-52AF-4877-95D7-1029A2A47C8C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{105028CB-9E4A-4DDC-9A20-8A6CAC30C0E8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1096E989-609F-40C9-A97F-0B56ADD70630}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1293B1C0-D849-4F2F-899B-EF920932BA20}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{12EE8636-6BDA-4F1E-BEA4-C4E0209BB63B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1324903F-2C58-4ACA-A579-1B458582F57D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{139CEF43-8762-467C-A259-BB62000BA978}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{13BF6D0C-9488-472A-8383-3A3388988634}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{13D70B21-A5EA-4B41-89AA-A3D37DCD4DB5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{154F51F1-D9AD-4114-B68F-475E25D04973}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{162FC29C-A5E8-4776-9937-E2082E23D1B8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1632061F-91DD-492C-BB60-7F83048A582C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{16E215BC-DD08-4350-A244-A920D54904BD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{16E7B217-383E-4945-B0C9-18BB5F84D17F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{17DA37E6-0502-4E52-923F-388F61D468DF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{18B22ECD-57DC-4F52-8938-9728E9ACD93C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{19F12FAD-A3DB-40D4-A61E-22FC6573A363}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1C0503E2-A353-408E-9D6A-112662D4F6CE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1C6DF8D8-2FEF-4169-A63D-2CEC2FCBEE42}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1C979039-6480-49F0-9194-E56D61FC3F8B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1D3EEF38-4C11-4597-B1BE-64242CAC6693}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1D4DC587-80AD-491B-A0AB-6B2BD79B592C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1DA9E46A-7F96-45A2-AA14-A6FD766B69FF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1E0296A8-3018-48AB-ABB6-F77120420033}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1EB1C618-381C-42BA-80B8-3E2C7D601C45}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1EB378B1-7C99-4067-92EF-540170290068}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{1F69218B-24E6-4498-A175-3945379F1E96}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{20988C7C-897F-4CFC-81D0-1FCAAEB6E68E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{20DAB051-7FC4-41A4-B284-198BE6E216C9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2143035B-0F49-43AF-8BC1-F9DD3ED0FAF2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{21E8CD60-160B-4E35-BB3F-C04F5CEA050A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{23C693E7-7757-41CA-B6F2-AC3C149CEC02}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2441BB8C-64DE-403E-8060-6D3AE5B6019C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2462319A-3757-4A1E-9C50-CEE87460D603}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2471250C-18EC-422A-9A01-A8EACEBC18A7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{25D48DEB-76B7-4DD3-B365-8283F7DCBEB7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{26AE9EDB-ED1E-42E6-8646-F1BF51A3C719}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{278004A5-B07A-4AD4-99ED-F91B161A36B0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{27E5CCE7-6898-4C55-B987-15F4932DEEE5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{293FA8D2-D43F-43FF-9B0B-0F20661FA5B4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{29D7F98C-393F-460D-AB0B-AB132214B046}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2A58503B-7F1E-482C-82F4-D3A471EE5ABE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2B03C2E2-5692-4757-AE64-6431359843A6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2B88F9FD-3863-42FF-B33C-C23F3B1EA19F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2D3BC4D0-1DFA-4728-B35F-D6768BA85572}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2DE02D9C-DB88-4337-ACE2-BAD257671450}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2EA015A5-F976-4471-928B-10FE4010EACB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2EAE53E2-6400-45D0-8EAE-7F0ECFAEED8A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2EE7BBB3-5281-4C96-9EDD-5A4895A18831}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2F089DA0-5D92-4733-BDF3-3082C78E7390}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{2FE56A71-825C-40ED-AA68-3BD5D82610AB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{30241E7A-F801-4F89-80A7-91A854014CF7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{30BBAE4B-67F5-4B0A-8DE8-C16568C4F5A2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{31493B6E-18CA-456E-8AD2-6850771585FD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{32B69DC8-EB86-41F4-B0A6-8B503AB4674F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{32BFD5FD-74E3-45C9-AD4C-C933792EFC79}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3339150B-E7B4-451E-BF9A-614268A97134}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{35006D9C-385F-4EB7-B1FB-B40D073B270D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{357F7B79-205D-479E-AC42-B31C8A9920CD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{36759B8E-E475-490A-A9BD-D98B80EE7BB7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{384B8E41-6F76-49F6-9120-571F7C728FC4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{38DC910A-333F-4036-BEB9-50F9A0EB7710}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{39A409C2-00CF-471D-B034-1C70EB1B0BD9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{39B4E790-0DBD-488C-8283-F3904771BAD5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{39CD7D2E-0C77-4FA4-A766-0E325B7E6B5B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3B2938A4-2E21-414F-9872-B82FDB519C88}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3BC9F94C-DF4B-4696-A74F-2A6F9FBC7768}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3BE9BE8B-A2B0-4345-8C12-58697A82C34D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3C21FDB0-E0A9-46AE-8FAB-1F9877415FA9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3C89F814-EBCC-476C-8FDC-DD6830B63717}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3C94360F-A442-4F7E-81A1-3291F07DB561}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3DC139F5-10A3-496C-9F2D-B7BCBA91A19E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3E389479-320A-4253-9576-A33C2A8E43CE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3EB24FB9-B021-42E9-AB5C-3282D955C332}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3ED698AD-0764-4B07-B586-A5429676E350}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3EDB5049-B020-42FF-A158-B259FFC3A658}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{3F4406DC-6F1E-438A-B755-5DCF39E333C3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{40BED461-A2EA-4CB6-94B3-B5ABC93BF42F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{40CA481C-ADD6-4549-98EF-83462E2C9C89}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{416FE517-35D5-4A86-B596-A2BC69120219}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4397FD22-8585-4C59-98E0-4A6C6CC79468}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{443F65B8-6581-4FA8-AA59-72023C938E56}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4448BD9F-0B21-4FA5-B777-DFBB0DD2CD92}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{446181A0-F4AA-4FEF-ABD5-957CD2FE25B3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{44FF0DB7-F482-4361-8877-46F12A80E375}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{45A30CD4-5D2C-406C-B02B-5DC9FB143556}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{46044131-6CB2-4BF7-9ACC-6A89F2C8DCA6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{463E6249-4A07-4FF5-838A-4FC097672F51}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{481A0757-328B-4100-A558-F6887A8E4DAA}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{488E6F4E-F258-44F5-8F76-6F96E72A1B7A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{493E180B-C103-4F73-84CD-74E98B40B82D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4955B036-EAE2-4C42-84C5-14ADEBF48A8D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4A6B8C2A-8A6D-4EAD-ADC2-6ED1B1EDD985}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4A9EF0FE-0191-41F1-A98B-67BF5EDAD5DF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4AA43981-4643-49CF-87E9-0C1FF8ABBB54}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4CEB9CB9-B5D2-46F2-83DA-3BA0A694FF70}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4DED9040-858B-4DF1-898B-7EA828D2AFC4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4DFB064E-C7A3-4828-8A6C-5EBE0CC23CF7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4E50A357-512B-4BEA-B785-D52EEF22EE2B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4E5E324D-0570-4EEE-8100-9DDEE7A01E0D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4E9E540A-73B6-4889-90D8-2560EF21F346}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4EB9B776-4DC7-40FF-9D41-C44FDDAA00AC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4F261BF1-BC67-46C9-88D9-7B17F36ABB74}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{4F8AC171-3CDC-42CA-BF97-13045B5F2555}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{50883D19-0844-40B5-BA65-76389DA3EE66}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{50D9EEAD-3A0A-49C2-AF30-26E5A658E9C0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{50ED2E5B-79E8-410F-AAC5-11E254BF1AE1}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{518A965F-2C59-44D7-A839-C7396F3AEA7E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{51E0A7AE-AE61-4780-A3E4-8DF5DF442AFB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5468976E-A19E-40CB-B621-2F9FD87D4F83}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{54751D7D-E2E9-45CD-A85C-4A2BF1E89406}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5559CE94-36C9-45D3-B3B5-51190821BA57}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{55C97D64-DB71-4314-A14E-064F0382B9B0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{56124574-E797-4BB2-A760-64991A1A40D0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{574F6544-EA91-4437-AF45-1DDB19F664D4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5790BDF3-5C24-4992-886B-FB6796BC69E9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{57CB687B-4AC3-4A80-ACF0-EA4E750B03E5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{57D73E27-537F-4076-8AD5-09999DB27F62}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{583BD38E-2364-4A9C-9FE4-11B0DA4065FD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{584048AF-4015-400C-AB84-149DD893923E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5842B206-903E-48C0-B349-30DB9FD8D0E3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{58B0BB67-CDCD-4DD1-A460-8B7977CD47C4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{592B5EBC-8EC4-4B83-A348-C6A74BF18027}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5962DED6-6842-4CC5-B469-1137BAEA7883}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5A315529-1D1F-456C-BB50-BD90C397429E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5A97B99F-CD3C-4D87-A444-54043E25DF8B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5AEE64EA-7117-49E8-ACAB-DE95BC7BD3D5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5B042BF1-544F-4C6D-B260-6494317AB8AE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5B7D7C61-0ABE-48FC-8058-7199F5CA466A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5B890E9D-6556-44B7-B7BD-A0A13AED299D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5BFA9382-D9E2-4ED7-8ACE-F3D08281A8E3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5D113819-7291-48A7-9FDB-7C27133C3324}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5E24C512-282D-4BBD-B65B-ACFA11C84A7A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5E33E3EC-28F9-471A-B554-C5E9378CB7E3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5E433015-B721-47AD-9920-2BBB3040591E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5E4EED37-5F7B-4D79-B807-E28AE51E44AB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5EA7B8F3-F954-4CDD-8323-132880803F13}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5EC09837-CF4B-49A4-8EE3-2BEB2490EC00}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5EC35C88-FEDC-4E5F-8D34-5112708F05E0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5ECA652C-B557-4EB0-A883-ABDC17212D4F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5F0FD5BD-7960-4343-A9ED-29905B52FFAE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{5F7D4D6A-C1CE-4FD5-9C62-071DB18340A6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{607A8FE5-2620-436C-8B40-EE4F1559BF60}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{62A535C6-589E-4C0C-8C20-9C768508FB35}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{62E48DFD-784E-4B4E-A4BC-3D3203BF0347}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{63E53E07-D7F0-4E24-ACF6-8DE3AB843CC8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{645D190A-77A2-4F4E-BC10-96FC521BE51C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6487E240-8C1A-4E92-B059-DC7ECE6AD0EC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{64E14DC3-6361-44C1-81D4-CCEB332192F8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{657CBA01-6D5E-4D6B-ABA9-86ABE4F656C9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{661D4C17-122C-4C34-86E1-006B41DE2003}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{66600B27-8FB2-41E0-899C-20C3384A5321}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6680B056-9079-4C7F-987B-FA83A510507B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{66D902B0-9F23-4132-B918-657417ED0BA5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{66EAECAD-1A27-4C26-9F50-ED08BA5BEF3C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{69A4FFED-42B5-42FB-9967-C7F05704700E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{69E9DF0A-FF06-45F2-B3EC-A62C4B3D9308}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6A845742-F9E5-42F8-B10A-DCA6D96DBFB2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6B024D8B-94CF-4FBB-AD14-BC123E998856}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6B190AD3-E771-43E5-A3D8-3B57ACE82CBE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6B314643-2646-4F4B-BA06-A537E68A9251}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6B71E6DB-FFAF-484D-9429-14864C685B97}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6B9A187B-A791-4A41-93B5-344007B376CC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6C9EC785-7F32-463C-9B23-B964E6AD4B15}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6EB0913B-3551-46E3-A8BF-02BC7F8938B6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6EC6F4CF-236F-442E-A857-26F5F1B1CAF6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6EDB3C18-5BAB-4E95-9E25-7C50CA3C5DD8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6F193A11-5D1E-417C-B513-470C317CA48A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6F42EB75-F92E-43B8-B1FE-D6C33EEDDF2B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{6FA0521D-324B-4941-A96B-D716B3CC00F6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{70783846-EF41-48B0-A9EA-65251E8B660C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{70EA6E7E-CD2B-4EBE-8E41-103BFF3E8B4B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{72E9C47A-1509-4127-B29C-B5E2F41B4DE2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{738BA6A3-E49F-42AA-ABC3-E832793198DC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{75876C42-0FF5-41B9-8817-5B55C5504952}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{75A98E79-DDBA-43B7-AF23-A31AC8BC156A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{75F48309-2E77-4D7F-9E82-47306F84B810}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{760E1B43-71EB-42E4-AC20-B53AC3398186}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{77E714DB-173A-458F-A322-D1647BF3739A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{783D5FA8-A5B6-420E-99A2-D4A84532B897}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{78AF554B-F1C5-4DD0-BA4C-9000E615BC01}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{79D5C2BC-EA37-4F46-88C0-F6B4BCC67DA1}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{79F31CEB-EC10-494B-9CE5-A7CDB5B95781}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7A16D678-915E-48E1-A796-2793B37F339B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7A485CBD-44A2-41DC-A975-249ABEB5BCE9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7B270550-AEEE-4F39-9DE3-E4505720591D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7B33D68E-F932-427C-87B7-5679E6F42B16}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7BA8B8FB-05D6-4B55-9CC1-05E950F7D88D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7BBE00A8-D997-4EBE-9992-22883DE7B366}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7E81D48B-B126-4097-8E7E-E4D7A12740CF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7EAC8F8E-38F1-468A-BBB2-0A56D79CB36A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{7F4B782F-7582-4812-A59B-DE6E8E883ECC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{80010BDE-9246-49A4-8DE5-FBAA84F64391}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8072A95E-330C-43E9-9D2A-350147114567}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{813EEAAF-A882-48E3-B666-329FFFC01505}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8192CCFF-1F73-4628-96AC-55D69C721580}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{828546F4-237F-4541-B776-166851821F96}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{82B9149E-A935-4EC7-A6D2-FA0769AA1192}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{83E62CA8-D1E1-47CC-806D-7F697E481E7B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8451E20D-C310-42DE-A096-3FAE1A32380B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8538FAB7-EBDB-45E8-994C-E51AB7342CCB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8557A764-EBBD-4A38-8188-93D3AC98B413}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8616D97B-6DDF-4ACE-8E4F-ADC2A4106FF8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{86A278C9-B7F8-491F-99ED-714B544CD28C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{86CEA9F8-0EDC-4C53-BBA4-84E0B2F7A1BC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{884B9D75-A076-4598-8212-3D2021DBBF78}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8881B9B6-C70D-426F-8A2B-6CE91772FC67}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8910AA12-F111-4443-869E-92B6A5C7B718}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8B997675-1FD7-46A0-AD01-1900F33108B9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8CEB71CD-FE33-4FF6-AD1A-C9288E57CD84}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8D31E403-618E-486B-85DA-1C8945390C49}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8DA9AE10-81EB-4141-9668-E6BE4173ED0C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8DBBD20A-9C3A-42D5-8702-3260C5F243DC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8DD2FB98-9F09-4D3D-A0A6-95BB336A62CB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8E135B70-44A1-48A5-93E5-7FA33DB08BF1}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8EBD3890-82DA-4E9B-BDA9-E61C2A4993EC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8EED6390-85F6-4C1D-AB9E-FE03FF2FBE25}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{8F922D64-B955-493E-B6D0-8CED03F1AC2A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{900D42D5-CFFF-44BD-972D-08793BE3C905}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9084FE17-3216-4FBC-870D-CEA47149C6E1}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{91791D27-A7F8-4F38-B3D6-8753D99B4C79}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9191B0D2-4989-42A8-81E7-85F13A506127}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{91CAEF62-0A34-44A1-8418-55D3F632AD3A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{91DF1FE3-A0E8-43D6-BB8B-9935FFAE0140}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{921E2536-4DF8-4017-B189-DF66EB7B116F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9229F90C-65EB-4AA0-A754-1D35C5F59A74}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{932CCE5A-5F76-4913-B650-C09072D63951}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{93B91628-3C59-4D2A-A865-19683C499610}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{94136980-5EB1-47F5-8B55-A85E2788E6F6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9427C17C-6D6E-44D5-A700-B0693CDF8372}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{948D1FC6-FAEC-4BEF-B862-716F535FE31D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{95C38F74-1087-4CCB-9EC2-D623BA423A89}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{97282C21-DB6C-48EE-BBBD-8CD5072901E3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{97E5CC41-75C4-4E10-9452-6C983370C845}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{98977987-AEBA-41E3-B5E5-EA49ADED508B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{999A9325-4868-4662-9EA8-9B4DEF833C42}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{999D0FDA-0250-449B-89C7-2E8B00264D19}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9A2A5742-6295-48C2-9AB6-56A81440E8B7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9AD75B70-BD76-40D4-9161-3AFCC47DFBC3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9B77E909-FDAF-4B3F-BA4A-CD5493CF1AEB}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9B8F8E69-5661-47E9-A9F5-85DDA6820444}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9BDDF61A-6EF6-4379-9E62-1F9D9CF34C09}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9C406CF1-DEF0-4159-A650-923517991EFD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9D5A0B58-8BAA-452A-8D04-6D5AD439061D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9DC8D277-1BD0-4CCC-980F-F51F9C21AABC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9DDD2F89-1941-47B0-BEAE-590257702F60}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9E405782-F871-43D7-8D75-AA54B62CC078}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9E559FB9-A8BD-4B09-A310-83FD98B2675E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9E62AE7B-13D9-4A20-BD06-1DD26CEF263F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9ECD52D8-4816-4C46-BAF2-BC9C0C212EB0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9F0D4D86-A367-40D1-8762-95A8192AF232}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9F90D0B0-6CE9-4455-A576-D625FDB6EF5F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9FD9C98F-F8C9-4B33-A4C8-537E2755F903}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9FDBE2D0-3D36-4244-8811-481350102F97}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{9FE6F3E3-4784-4308-AB4D-0EDCEC9A2B8F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A12512E3-AA06-4261-B9D6-83158A7617E9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A1327530-BC73-4C56-A853-7A94EAA40E3B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A15DF6B8-34D3-44B3-BB63-DA042511D4AA}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A193D22F-2243-4763-A46C-260BF9E4C3E9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A1ABCE64-5236-4949-82B3-AF480B31DAB9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A1B421F0-A9EB-489B-961E-0C9805071DC7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A214D6F5-1608-4FBB-B117-E448EBA67505}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A366535F-5340-4114-BE04-CFFC3009F1AF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A46759E6-FAA0-4F64-80FC-38132D8332DD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A4BF9F5B-CA8C-45BA-9F57-BB46B5EA2157}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A4E9785B-E6BB-4482-9D1B-9041508255E6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A56F489E-028C-40C3-8E03-03E40CA17CE7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A6BBE0CB-DA2F-4944-B0DD-137C350D46F0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A75392BF-0DE2-497F-B10D-927E1C07DB6B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A76638AC-96D7-4B49-9184-5E8B61609B6B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A7C268AB-F6C4-453C-9715-D7D105101EF0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A7E1E55C-A28D-4434-9925-3646648FE0AF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A8D667EA-6D1F-466C-B9F0-C494ADF3D7C2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A933D629-68F1-4EF8-B74C-CBA86D4645FD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A960A278-4BC4-4083-B2A4-97479FB65A57}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{A9801778-E12E-43B8-AA20-EEB14ACECDD8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AA2EB315-9F88-4987-AECD-DCF1BAB00228}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AAB3B9E0-33B2-4F06-99BE-D94B2810209D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AB43C6B1-C477-41DA-A313-EA042A5706C2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{ACEE8CE3-B2A5-41E6-9559-26B47A849C63}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AD0147BE-3AA1-40C2-BD5B-178BAC0662BE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AD0C17CA-8441-4884-82BD-D0CE77873CA1}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AE130792-0309-4E55-98F8-14D2DC14E392}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AE713E7E-80AB-415E-AD55-C033905222A2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AE8BB9C3-0D5B-47C1-AAC4-FEC65946F748}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{AEFFB07C-6E43-4065-AB1D-C67071989CF6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B058693D-532B-48D2-828A-92EFF9FA6AD4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B16D8661-EF2C-451E-962F-A5FB2780651D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B21D2DEB-EB6B-4334-99F5-00AD18EC25B5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B254F97A-9C61-42E7-BDB8-288AB2974A10}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B2CEDA22-9694-48C2-A84D-CDD6B0EF868A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B3720812-9127-4986-B3B2-176BF069872F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B3CF3FBC-E008-48F4-96D7-D5715C1142F6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B4BA638A-F3E4-45F2-8743-21E935EC4889}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B525A659-D368-4B3B-9F8A-BA3F1703BAB4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B55C4C0B-DA1B-46BE-B1DC-565C1F76FF2E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B5F908CF-09F3-486B-B6FC-B247095796D4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B62D44BC-10B0-4D1C-A96D-658146ABCC67}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B759DA49-BB52-4C56-A3F1-FC92C4101D8D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B79D252F-56E6-47F1-94D5-01840921CC73}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B8170932-94BB-42F3-95AA-4DC665BBAADA}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B9ADB523-FF34-4902-820A-E059374DD6C0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{B9F1DD3D-46F2-4070-B2A8-1DF7DCB37A1A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BB08785E-EDBD-4F24-8364-6635C57AD9B1}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BB2AB9F6-905A-4FB5-A06C-1D8BA711ED38}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BB32C66A-963B-4BD6-9D87-5F13D0088E6D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BC14619F-2FDA-42A2-9D3D-033D9AF4DF1B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BC5BD0A7-85D4-4948-9AA8-36EBD126BCDE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BC6D398C-99FF-4B58-B113-377303450240}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BE5C97CA-F11B-4480-A997-A4697AF0775B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BF2E5D88-C085-424F-801C-3CF46935E5D5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{BFFC7861-F86C-43FA-8CCE-F21DC9518871}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C132CB5C-840C-4298-AB73-E036B8186A9C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C248E7A2-9CCE-4165-8760-84D5C32E09F7}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C25BA813-D5E1-4D54-B565-F472E2DFB701}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C29505DA-8186-45B2-B64F-4903727A29AE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C2C66E71-26D3-4A45-9E23-F63C08C6B205}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C4406748-B695-46B4-B683-2A1C4C183525}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C4474293-6646-4523-A95F-27C56A3DB4D2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C49F31CB-2C50-430D-9888-C5F9257CB9ED}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C50FB95A-F744-4758-9C38-FAF2B7957CBC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C5EA7589-97C3-4EAB-9DC4-BC745C57167D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C61A591C-8FD0-4511-87EA-432F2D51C135}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C6848A97-22A3-449A-9103-6A2982BDF4C3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C73B3FE4-5B3B-4C86-B39B-81FE344C8E80}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C8C7F0D7-4FD4-4A09-B041-1A9B34464822}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C8CD563C-AF90-415C-B8E8-C8B7F59A6913}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C8F288F3-3154-4E73-9D4F-F1196CB4FC67}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{C9E1FCFC-C57A-44AA-BDDD-087098E5D4AD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{CA62DA96-8346-4A92-A204-E860FAEB144D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{CC147FAA-017F-4F6F-92F1-C111DAF6DC1A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{CC7FFB54-EB76-41FE-9123-38C71ACC8F93}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{CD794EDE-39D3-4938-A4EE-257120AF6906}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{CDCD0706-EF57-4E6E-9355-AB9226E7F02D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{CF64F4F8-F4EF-4AAD-83D1-8AEF8A81E271}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{CF921708-A1A7-4B81-BC4E-6CF3E2F26612}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D0DFE5F9-8D0F-4735-A691-1F3954BE6C1D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D10C3B83-2D93-4B36-B9D7-762F23D1D601}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D1723BBA-1C70-4FEC-8A55-BC369F9DF42B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D246379F-A1FF-4392-A77E-0EC33DE1D776}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D298B6D3-E394-478F-8C41-EED67456559B}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D2A75BCC-C231-44D9-A4FF-1B386099DCA4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D2AC5789-84E9-498B-8171-E4A2C6A49CF6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D2ECC580-516A-4911-9967-137A3FE1A89C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D4043E55-936D-4E4E-AFBF-338AFD6B426D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D536A717-7028-424E-ADD3-B23667328CBE}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D5E99C92-6FB4-4C8F-89B2-B6112D8BD24F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D6B8F7A8-C16C-4EC2-A6DA-F975E86BD4CC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D72888A7-61D3-42CF-B798-7AF5B1A3F8F4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D73DC546-6B63-4279-8702-C4CB80405870}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D803C012-5CBC-49C4-BEAA-6C68E1735B6E}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D827B3DD-D07A-458F-97BD-7F54DF2F4A23}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D8830141-BA08-4D4E-A7E9-57B6EF6716AD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D88650BC-1EEA-44B7-928E-394D7437F2FF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D8B27C86-1AE1-4574-A5D8-992477526A98}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D8B2CF22-B078-46A8-83FE-7530C926CAEA}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{D8D6F3D0-A544-4DFE-BCF8-623708270095}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DA5F3A67-E575-449E-8AC7-8A1CC5646F31}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DAABE049-2FF0-429A-B003-02EB013B82CD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DB5688D2-AC69-43CF-BDCF-581897B469C0}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DB57A0FD-B5E8-4C59-9AF8-D1FC97DA2389}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DB63F043-2F7B-44FE-A1E4-87CDC1DED715}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DB661049-A158-4732-BD15-D33D07298A55}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DD30D337-C642-4ED2-9C83-DF5AC0D37D0A}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{DDCDC5BB-2430-43F9-A6EB-529D12642956}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E07A2EC3-9492-46A2-8EBD-86C770321B6C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E44C4244-F5EB-42FB-9C97-92D23CF2A8F2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E49B70AA-213F-48A9-83B0-F81652AFCB4D}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E4E7B649-7857-45C7-A1A1-594FCC70BAB6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E5BF1435-D536-4EDE-945E-D36E8AB956B3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E66FC205-826A-4CD3-97FA-E65F9352DA65}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E84D56D0-A9C2-4251-AF69-2E8EEFC4878F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E8922B2D-4C52-4A13-97C6-65966E5D4504}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E8BA3365-F09D-4352-BE3F-E93A4CA07E46}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E8BF9DD5-C913-42E0-A8B4-484F27D402A2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E93213E8-D2A9-45F2-BA84-02C5F37F9D3F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{E98D6460-E064-45D3-A578-2B85EE681723}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{EB1E75C6-38A1-4CCC-9EA9-24CF9F6F25EF}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{EB29EAC0-B90A-47C3-A6D9-B5AD7EE224E9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{EC1AAF59-D701-4D12-814A-1AF4AC826ED8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{ED0B4225-3EA2-45BD-A1E6-07FA0F2E7CF9}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{EDC98498-FD84-476C-B47F-21C57629B16C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{EF13EC5D-F74E-4F27-BBA7-5894C6A00E05}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{EF36C128-0DDD-450A-9211-72FE6947ACD6}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{EFDC8B74-B3F7-41F6-ACE9-F66E7B0395FC}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F1D97F68-B516-47DD-9197-DA8C9FD26943}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F25E061B-05DD-49E6-84BA-5FC0A4222DA3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F2856B8D-B939-4F8C-89B3-B695FE436FD2}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F3AE5E95-9DBC-4FD9-A2EC-F1B421F0720F}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F3FAD007-4C33-41AF-85E4-8BF3F568D698}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F459C6F3-A869-47E5-B145-743C727D2C69}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F4C0635C-0246-45B8-A8FB-0DEB3EBD294C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F4CD07A0-DE38-4BFC-95B2-C434A0F4BC72}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F4DBF936-FF83-4CB6-B9A4-9015929548CD}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F61DEC8B-4832-470C-A174-767A49B898A8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F6A2644D-BC9D-4414-96A4-D4698829AF04}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F766AF74-4AA1-4648-8AAB-78E66E0D6CD5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F81C2BC1-B56C-45B4-A005-9038A35BC038}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F86DF4AB-BC68-4555-9C00-68685977BA56}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F87AB490-953B-4820-A46A-30683F3B53D8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F88199A9-B8AC-4142-B309-09D6F35174C3}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F8F7F218-FFE2-486A-8355-1CD350D2B77C}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F935A626-0D4E-430D-9D69-6872E4ADF1F4}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{F942ECEA-8A3A-4193-9E70-DC2AE9DC1503}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{FAF7C1E3-DA16-4BD1-B151-35B1BF97EA32}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{FB5A0EB6-DFCA-4CD7-A27B-C984821CA5E8}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{FB7ACE25-66D1-44AF-9278-7D72E0FFB3E5}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{FB932905-A08A-4656-B9AD-1622C7C10568}
Successfully deleted: [Empty Folder] C:\Users\Test\appdata\local\{FC1949E2-D8A2-40FA-AA44-053B6D6CD6A2}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2013 at 20:46:13,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2\ not found.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2\ not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
File C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1744890044-3013452961-4028736095-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: Test
->Temp folder emptied: 2781345 bytes
->Temporary Internet Files folder emptied: 182645706 bytes
->Java cache emptied: 6663 bytes
->Google Chrome cache emptied: 359306977 bytes
->Flash cache emptied: 58817 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3180 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045936 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 444439458 bytes

Total Files Cleaned = 978,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05272013_204743

Files\Folders moved on Reboot...
C:\Users\Test\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...







Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Test :: TEST-HP [administrator]

27.05.2013 20:53:42
mbam-log-2013-05-27 (20-53-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216516
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

Advertisements

#11
Nutloaf
Posted 27 May 2013 - 01:13 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Yes please, deactivate AVG again and run ESET Posted Image
  • 0

#12
SamStencil
Posted 27 May 2013 - 03:09 PM

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
So...here's the ESET log..

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=26221e1209b59d41ad95c428263dd930
# engine=13931
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-27 08:58:22
# local_time=2013-05-27 10:58:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 17810771 17810771 0 0
# compatibility_mode=1043 16777213 100 94 8426 56818686 0 0
# compatibility_mode=5893 16776574 100 94 17880032 121318152 0 0
# scanned=189424
# found=0
# cleaned=0
# scan_time=5037
  • 0

#13
Nutloaf
Posted 27 May 2013 - 03:15 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for those logs. ESET and MBAM came back clean so that is good. I will post to my instructor and get back to you with further instructions Posted Image
  • 0

#14
Nutloaf
Posted 28 May 2013 - 03:35 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Sam

I need you to run ADWcleaner once more to remove the entries found and carry out an OTL scan to check how things are looking.

1. Run ADWcleaner
  • Double click ADWcleaner and select Search
  • The search will complete and a log produced I do not need to see this log.
  • Back to ADWcleaner and click Delete and O.K to remove malware.
  • A reboot will be asked for click O.K
  • On reboot a log is produced. I need to see this log

OTL SCAN
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce 1 log file. OTL.txt
  • Post both in your next reply

Things I want to see in your next post.
  • ADWcleaner log
  • OTL scan

  • 0

#15
SamStencil
Posted 28 May 2013 - 06:38 AM

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ADW log... however it deleted my folder named SAVE that was on my desktop!!! :angry:

# AdwCleaner v2.301 - Datei am 28/05/2013 um 14:33:55 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Test - TEST-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Test\Desktop\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\ClickIT
Ordner Gelöscht : C:\Users\Test\Desktop\Save

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1263 octets] - [26/05/2013 19:52:29]
AdwCleaner[R2].txt - [1323 octets] - [26/05/2013 19:53:11]
AdwCleaner[R3].txt - [1299 octets] - [28/05/2013 14:32:49]
AdwCleaner[S2].txt - [1232 octets] - [28/05/2013 14:33:55]

########## EOF - C:\AdwCleaner[S2].txt - [1292 octets] ##########






OTL:


OTL logfile created on: 28.05.2013 15:09:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Test\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,95 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,91% Memory free
7,90 Gb Paging File | 5,15 Gb Available in Paging File | 65,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,82 Gb Total Space | 385,55 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 0,28 Gb Free Space | 1,90% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32

Computer Name: TEST-HP | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.26 13:11:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
PRC - [2013.05.17 16:55:38 | 028,711,576 | ---- | M] (Dropbox, Inc.) -- C:\Users\Test\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.12.13 13:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.12.10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010.11.18 12:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010.11.09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.14 04:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.05.16 01:45:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 01:44:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.16 01:44:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Test\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.01.13 20:11:09 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll
MOD - [2013.01.13 20:11:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll
MOD - [2013.01.11 17:47:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 17:47:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 17:46:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 17:46:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 17:46:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Test\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.01.04 23:08:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.18 13:07:50 | 001,700,920 | ---- | M] () -- C:\Users\Test\AppData\Roaming\PictureMover\DE-DE\Presentation.dll
MOD - [2010.11.18 12:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Test\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.12.18 01:32:48 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.14 00:04:46 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.08.05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.19 03:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.18 02:04:50 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.12.18 00:55:34 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.14 00:04:48 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.12.10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.08 23:30:00 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.11.29 07:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.11.29 07:23:16 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.26 20:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.03 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Test\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Test\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Test\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Test\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Test\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)


[2012.09.06 12:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Test\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2013.02.08 00:23:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000..\Run: [Google Update] C:\Users\Test\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-1744890044-3013452961-4028736095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E2B592-E29E-4EC0-866E-E731AC464C9D}: DhcpNameServer = 40.6.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A8F414-99C9-4018-B550-0EF729867CD4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.28 14:40:24 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.05.27 20:47:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.27 20:42:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.27 20:37:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 20:36:53 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Test\Desktop\JRT.exe
[2013.05.26 20:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.26 20:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.05.26 13:11:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2013.05.18 00:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013.05.16 01:36:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 01:36:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 01:36:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 01:36:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 01:36:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 01:36:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 01:36:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 01:36:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 01:36:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 01:36:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 01:36:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 01:36:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 01:36:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 01:36:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 01:36:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 22:44:51 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 22:44:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 22:44:41 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 22:44:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 22:44:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 22:44:40 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 22:44:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Mozilla
[2013.05.13 21:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[1 C:\Users\Test\*.tmp files -> C:\Users\Test\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.28 15:02:30 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 15:02:30 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 14:55:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 14:55:04 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 14:44:17 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.28 14:44:17 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.28 14:44:17 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.28 14:44:17 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.28 14:44:17 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.28 14:25:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1744890044-3013452961-4028736095-1000UA.job
[2013.05.27 21:25:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1744890044-3013452961-4028736095-1000Core.job
[2013.05.27 20:36:55 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Test\Desktop\JRT.exe
[2013.05.26 19:53:53 | 000,890,854 | ---- | M] () -- C:\Users\Test\Desktop\SecurityCheck.exe
[2013.05.26 19:51:55 | 000,632,031 | ---- | M] () -- C:\Users\Test\Desktop\AdwCleaner.exe
[2013.05.26 13:11:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2013.05.23 23:06:19 | 000,001,047 | ---- | M] () -- C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.19 19:23:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTest.job
[2013.05.17 20:06:29 | 005,043,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 21:29:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTEST-HP$.job
[2013.05.16 21:10:35 | 000,005,851 | ---- | M] () -- C:\Users\Test\AppData\Local\recently-used.xbel
[1 C:\Users\Test\*.tmp files -> C:\Users\Test\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.26 19:53:44 | 000,890,854 | ---- | C] () -- C:\Users\Test\Desktop\SecurityCheck.exe
[2013.05.26 19:51:52 | 000,632,031 | ---- | C] () -- C:\Users\Test\Desktop\AdwCleaner.exe
[2013.05.16 21:10:35 | 000,005,851 | ---- | C] () -- C:\Users\Test\AppData\Local\recently-used.xbel
[2013.05.13 21:31:06 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012.11.01 23:39:05 | 000,015,861 | ---- | C] () -- C:\Users\Test\New document 5.2012_11_01_22_39_05.0.svg
[2012.03.27 19:09:30 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.31 02:46:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.31 02:40:07 | 000,002,901 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.05.31 02:35:26 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.11.08 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.04.23 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Amazon
[2013.04.14 22:54:02 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Audacity
[2012.11.02 19:39:57 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\AVG2013
[2013.02.01 01:28:13 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.01.30 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.05.28 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Dropbox
[2012.04.18 23:36:08 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Fox Dgital Copy
[2013.05.25 18:57:10 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\inkscape
[2013.04.05 21:39:58 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Notepad++
[2013.01.30 21:45:31 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\PDAppFlex
[2012.03.26 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\PictureMover
[2013.05.17 00:15:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\SoftGrid Client
[2013.01.30 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.03.26 13:21:02 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Synaptics
[2013.02.09 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TeamViewer
[2012.04.02 10:48:31 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Tific
[2012.03.27 19:10:10 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TP
[2012.11.02 19:39:16 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\TuneUp Software
[2012.05.03 17:47:28 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Windows Live Writer

< End of report >

Edited by SamStencil, 28 May 2013 - 07:16 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP