Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Maybe hacked by neighbours - keylogger?

Started by Airlike , Jan 04 2014 02:25 PM

  • This topic is locked This topic is locked

#1
Airlike
Posted 04 January 2014 - 02:25 PM

Airlike

    New Member

  • Member
  • Pip
  • 3 posts
Hello

A friend of mine told me his story about some serious trouble with his neighbours. According to security camera footage, they entered into his apartment and manipulated his internet router and WLAN access point (according to a technician from the police). The police already opened a case but we would like to know whether they did something with his computer since he also used it for his daily work (e-banking, etc.). He told me that 3 days ago - as he had the evidence of break-in - he opened Microsoft Word and typed something like "Dear neighbours - I ask you to stop your illegal acitivities - I have informed the police" and just 10 seconds later, he heard noises and acitivity from upstairs (where the neighbors live). Maybe he is just paranoid because of all the trouble and it was probably just a coincidence... Still, itt would be really great if someone could scan following log file for some evidence. Many thanks!

OTL logfile created on: 04.01.2014 21:00:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\office-pc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

2.99 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 55.66% Memory free
6.18 Gb Paging File | 4.55 Gb Available in Paging File | 73.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 73.55 Gb Free Space | 53.90% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.80 Gb Free Space | 57.99% Space Free | Partition Type: NTFS
Drive F: | 14.94 Gb Total Space | 14.85 Gb Free Space | 99.39% Space Free | Partition Type: NTFS

Computer Name: office-pc-PC | User Name: office-pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.01.04 20:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\office-pc\Desktop\OTL.exe
PRC - [2013.10.08 13:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013.06.05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\office-pc\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.11.02 01:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010.10.04 11:50:16 | 000,336,560 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKTray.exe
PRC - [2010.06.27 20:02:22 | 010,165,456 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Programme\Duden\Duden-Bibliothek\dudenbib.exe
PRC - [2010.05.28 16:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.10 14:04:54 | 000,676,520 | ---- | M] () -- C:\Programme\Dell V505\dldwmon.exe
PRC - [2009.08.10 14:04:50 | 000,025,256 | ---- | M] () -- C:\Programme\Dell V505\dldwmsdmon.exe
PRC - [2009.07.24 17:04:12 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\dldwcoms.exe
PRC - [2009.05.21 10:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.12.20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe
PRC - [2008.12.20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008.12.16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.11.06 17:47:50 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2008.08.13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.05.13 15:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DellDock.exe
PRC - [2008.05.04 10:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.05.04 10:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.05.04 10:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 10:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.04.28 15:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.02.22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.02.15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008.02.15 18:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PRC - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.03 16:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.03 16:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2013.10.09 12:56:31 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013.10.09 12:36:39 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013.08.15 16:55:26 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c0cc4069b1d17f3f7e9d9ec857d797d4\Microsoft.VisualBasic.ni.dll
MOD - [2013.08.15 16:53:06 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013.08.15 16:52:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013.08.15 16:52:48 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\c5d7cc214a08d3ae111eed2042838c1d\VistaBridgeLibrary.ni.dll
MOD - [2013.08.15 16:52:47 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\3dfb7c123d891abbda4bdf824e1c8cb4\DellDock.ni.exe
MOD - [2013.08.15 16:52:46 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\0f252d1eaaf68b7e1d006eb96e610d76\MyDock.Util.ni.dll
MOD - [2013.08.15 16:52:43 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013.08.15 04:56:54 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013.08.15 04:56:01 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013.08.15 04:52:53 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013.07.11 19:49:22 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2010.10.04 11:50:16 | 000,079,872 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\MBControls.dll
MOD - [2009.08.10 14:04:54 | 000,676,520 | ---- | M] () -- C:\Programme\Dell V505\dldwmon.exe
MOD - [2009.08.10 14:04:50 | 000,025,256 | ---- | M] () -- C:\Programme\Dell V505\dldwmsdmon.exe
MOD - [2009.07.23 15:52:40 | 001,036,288 | ---- | M] () -- C:\Programme\Dell V505\dldwdrs.dll
MOD - [2009.07.23 15:51:56 | 000,380,928 | ---- | M] () -- C:\Programme\Dell V505\dldwscw.dll
MOD - [2009.05.13 10:50:52 | 000,081,920 | ---- | M] () -- C:\Programme\Dell V505\dldwcaps.dll
MOD - [2009.05.13 10:48:00 | 000,151,552 | ---- | M] () -- C:\Programme\Dell V505\dldwmonr.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.12 02:38:58 | 000,036,864 | ---- | M] () -- C:\Programme\Dell V505\app4r.monitor.core.dll
MOD - [2009.02.12 02:38:56 | 000,028,672 | ---- | M] () -- C:\Programme\Dell V505\app4r.monitor.common.dll
MOD - [2009.02.12 02:37:56 | 000,065,536 | ---- | M] () -- C:\Programme\Dell V505\app4r.devmons.mcmdevmon.dll
MOD - [2008.12.20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe
MOD - [2008.12.20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2008.05.09 13:54:19 | 000,149,504 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldwdrui.dll
MOD - [2008.05.09 13:53:44 | 000,198,144 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldwdr.dll
MOD - [2008.05.07 10:56:35 | 000,155,648 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldwprpr.dll
MOD - [2008.04.25 07:44:40 | 000,077,906 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldwcfg.dll
MOD - [2008.04.25 07:44:40 | 000,077,906 | ---- | M] () -- C:\Programme\Dell V505\DLDWcfg.dll
MOD - [2008.03.25 09:53:10 | 000,012,288 | ---- | M] () -- C:\Programme\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2008.03.10 12:30:50 | 000,188,416 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldwdatr.dll
MOD - [2008.02.28 08:15:33 | 000,811,008 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldwptpc.dll
MOD - [2008.02.26 20:24:06 | 000,069,632 | ---- | M] () -- C:\Programme\Dell V505\dldwcnv4.dll
MOD - [2007.12.08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007.03.26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldwcats.dll
MOD - [2006.11.03 16:46:24 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.11.03 16:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2013.12.13 19:43:22 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.10 20:18:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.08 13:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013.07.02 06:53:58 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013.05.10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.05.28 16:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.24 17:04:12 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldwcoms.exe -- (dldw_device)
SRV - [2008.12.16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.08.13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008.08.11 18:30:04 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.05.16 15:58:22 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008.04.28 15:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.02.15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)
SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\office-pc\AppData\Local\Temp\uwrirfoc.sys -- (uwrirfoc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\office-pc\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013.12.18 12:12:52 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140103.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.12.18 12:12:52 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.12.18 12:12:52 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140103.008\NAVENG.SYS -- (NAVENG)
DRV - [2013.12.13 06:45:35 | 000,394,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140103.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013.12.03 19:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.12.02 12:34:02 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013.12.01 01:00:00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.09.27 04:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013.09.27 03:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013.09.27 03:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013.09.26 04:27:59 | 000,383,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\symtdiv.sys -- (SYMTDIv)
DRV - [2013.09.26 03:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\ccSetx86.sys -- (ccSet_N360)
DRV - [2013.09.10 03:47:43 | 000,063,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2013.09.10 03:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013.09.10 02:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2011.12.08 05:22:34 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2011.12.08 05:22:34 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2011.12.08 05:22:34 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.12.17 07:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.12.16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.05.04 10:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.02.15 18:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.09.06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.02.03 09:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.08.05 01:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACH

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch...=ch&ibd=4080812
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mymusclevideo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D9F72A1-AA64-4EAD-B6E1-CE5E002FB5A8}: "URL" = http://websearch.ask...4-F89E7B7EAAC0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ixquick - Deutsch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B2d3fbcf7-be69-4433-8858-c621a8d0e58d%7D:6.0.0.12442
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.5.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\office-pc\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\office-pc\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\office-pc\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\office-pc\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014.01.04 17:04:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013.12.03 05:58:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.13 19:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.12.13 19:43:05 | 000,000,000 | ---D | M]

[2011.11.12 18:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\office-pc\AppData\Roaming\mozilla\Extensions
[2011.11.12 18:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\office-pc\AppData\Roaming\mozilla\Extensions\{847441a0-668c-4f1e-857f-7fb5fabebdb9}
[2014.01.03 16:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\office-pc\AppData\Roaming\mozilla\Firefox\Profiles\0d8w7v52.default\extensions
[2010.05.08 07:16:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\office-pc\AppData\Roaming\mozilla\Firefox\Profiles\0d8w7v52.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.01 19:01:26 | 000,000,000 | ---D | M] (Widevine Media Optimizer) -- C:\Users\office-pc\AppData\Roaming\mozilla\Firefox\Profiles\0d8w7v52.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
[2014.01.03 16:50:40 | 000,475,779 | ---- | M] () (No name found) -- C:\Users\office-pc\AppData\Roaming\mozilla\firefox\profiles\0d8w7v52.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014.01.03 16:48:38 | 000,001,610 | ---- | M] () -- C:\Users\office-pc\AppData\Roaming\mozilla\firefox\profiles\0d8w7v52.default\searchplugins\ixquick---deutsch.xml
[2014.01.03 16:48:38 | 000,005,492 | ---- | M] () -- C:\Users\office-pc\AppData\Roaming\mozilla\firefox\profiles\0d8w7v52.default\searchplugins\startpage---deutsch.xml
[2013.12.13 19:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.12.13 19:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013.12.13 19:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.12.13 19:43:23 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\office-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\office-pc\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\office-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\office-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\office-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\office-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Mail = C:\Users\office-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dldwamon] C:\Program Files\Dell V505\dldwamon.exe ()
O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files\Dell V505\dldwmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\office-pc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\office-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\office-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{455B1982-957D-4E48-8DA9-41C6E5F01B6A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB0AB36-B09B-4455-AB42-81DE0B0BD1B0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014.01.04 21:00:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\office-pc\Desktop\OTL.exe
[2014.01.04 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\office-pc\Desktop\gmer (1)
[2014.01.04 17:18:15 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\office-pc\Desktop\dds.scr
[2014.01.02 13:18:51 | 000,000,000 | ---D | C] -- C:\Users\office-pc\Documents\Bla, Bla, Bla
[2014.01.02 08:29:21 | 000,000,000 | R--D | C] -- C:\Users\office-pc\Desktop\Videos
[2014.01.02 08:29:09 | 000,000,000 | ---D | C] -- C:\Users\office-pc\Documents\Bluetooth-Exchange-Ordner
[2013.12.30 15:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2013.12.21 14:15:51 | 000,063,576 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013.12.14 08:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.12.13 19:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.01.04 21:01:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.01.04 21:01:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.01.04 20:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\office-pc\Desktop\OTL.exe
[2014.01.04 20:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.04 20:13:08 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720703342-2840020968-1605016965-1000UA.job
[2014.01.04 20:10:25 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.04 19:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.04 17:17:27 | 000,368,554 | ---- | M] () -- C:\Users\office-pc\Desktop\gmer (1).zip
[2014.01.04 17:16:50 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.01.04 17:16:50 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.01.04 17:16:50 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.01.04 17:16:50 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.01.04 17:14:44 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\office-pc\Desktop\dds.scr
[2014.01.04 17:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.01.04 12:33:31 | 000,004,398 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014.01.02 13:12:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720703342-2840020968-1605016965-1000Core.job
[2014.01.01 20:43:48 | 000,014,910 | ---- | M] () -- C:\Users\office-pc\AppData\Roaming\wklnhst.dat
[2013.12.31 17:27:56 | 000,000,000 | ---- | M] () -- C:\Users\office-pc\Documents\RIMPTG
[2013.12.21 14:24:18 | 000,005,972 | ---- | M] () -- C:\Users\office-pc\AppData\Local\d3d9caps.dat
[2013.12.15 08:36:12 | 000,071,680 | ---- | M] () -- C:\Users\office-pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.12.14 14:12:56 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2013.12.14 08:13:02 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.12.12 18:01:11 | 000,311,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[12 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.01.04 17:18:15 | 000,368,554 | ---- | C] () -- C:\Users\office-pc\Desktop\gmer (1).zip
[2013.12.30 17:02:37 | 000,000,000 | ---- | C] () -- C:\Users\office-pc\Documents\RIMPTG
[2013.12.14 08:13:01 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.06.08 16:59:46 | 000,000,218 | ---- | C] () -- C:\Users\office-pc\.recently-used.xbel
[2013.06.06 19:17:11 | 000,000,039 | ---- | C] () -- C:\Users\office-pc\.gtk-bookmarks
[2013.06.06 19:15:28 | 000,001,491 | ---- | C] () -- C:\Users\office-pc\Anmeldung Klient HAG
[2012.01.31 00:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.01.31 00:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.01.31 00:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.01.31 00:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.11.27 16:31:14 | 000,064,700 | ---- | C] () -- C:\Users\office-pc\ESt2010_E_T.elfo
[2010.10.27 12:19:32 | 000,001,940 | ---- | C] () -- C:\Users\office-pc\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.09.14 15:42:04 | 000,073,966 | ---- | C] () -- C:\Users\office-pc\Elster 2009.elfo
[2010.02.27 13:10:18 | 000,008,828 | ---- | C] () -- C:\Users\office-pc\AppData\Local\de.ini
[2009.06.22 09:44:21 | 000,001,226 | ---- | C] () -- C:\Users\office-pc\AppData\Local\03F67F67.il
[2009.06.22 09:44:21 | 000,000,280 | ---- | C] () -- C:\Users\office-pc\AppData\Local\IndexIE_03F67F67.il
[2009.02.15 10:10:30 | 000,005,972 | ---- | C] () -- C:\Users\office-pc\AppData\Local\d3d9caps.dat
[2008.10.18 12:32:02 | 000,014,910 | ---- | C] () -- C:\Users\office-pc\AppData\Roaming\wklnhst.dat
[2008.10.05 14:52:34 | 000,024,206 | ---- | C] () -- C:\Users\office-pc\AppData\Roaming\UserTile.png
[2008.08.25 07:08:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.22 09:24:28 | 000,071,680 | ---- | C] () -- C:\Users\office-pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.03.14 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\.Kanton ZH
[2012.02.26 15:38:41 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\1&1 Mail & Media GmbH
[2013.11.08 17:48:32 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Amazon
[2011.07.28 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Duden
[2013.03.23 11:30:12 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\EasyTax
[2012.11.25 14:45:02 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\elsterformular
[2013.06.08 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\gtk-2.0
[2011.11.12 18:01:03 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Haufe Mediengruppe
[2013.03.02 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\IDM
[2009.09.04 09:53:11 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Leadertech
[2011.07.24 18:41:35 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Opera
[2008.09.15 18:15:06 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\pdf995
[2013.02.16 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\PeerNetworking
[2011.03.31 09:29:25 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\phonostar GmbH
[2011.03.15 17:03:24 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\ProtectDisc
[2013.04.30 15:12:55 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Research In Motion
[2011.11.12 17:31:02 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\SafeStick
[2012.03.31 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Samsung
[2008.10.18 12:32:16 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Template
[2011.01.14 16:02:38 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Tific
[2013.05.19 10:31:17 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\Tobit
[2009.03.02 19:28:49 | 000,000,000 | ---D | M] -- C:\Users\office-pc\AppData\Roaming\V505 Series

========== Purity Check ==========



< End of report >

Edited by Airlike, 04 January 2014 - 02:28 PM.

  • 0

Advertisements

#2
Airlike
Posted 05 January 2014 - 12:45 PM

Airlike

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I kindly ask for some advice on my formulated issue above. many thanks
  • 0

#3
RKinner
Posted 06 January 2014 - 02:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Replying to your own post takes you off the list of posts with no replies which is where we look for posts to answer.

I don't see anything obvious but we can look a little deeper:


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#4
Airlike
Posted 11 January 2014 - 06:55 AM

Airlike

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
the owner bought a new laptop. we do not need any help anymore. thanks for your time!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP