Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware sweetpage uninstalled, bu. can't change browser start page


  • Please log in to reply

#1
nept

nept

    Member

  • Member
  • PipPip
  • 62 posts

Hi again

And here I am with my gf's comps :S For some reason she managed to install sth called "sweet page". It showed up in the windows uninstall list, so I uninstalled it. After doing so the start page on all browsers remain sweetpage. Chaning it back to www.google.com or whatever doesn't help. Neat malware...

Here's the OTL log:

OTL logfile created on: 09.05.2014 20:57:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elyn\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,25% Memory free
7,71 Gb Paging File | 5,36 Gb Available in Paging File | 69,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,34 Gb Total Space | 284,31 Gb Free Space | 62,85% Space Free | Partition Type: NTFS
 
Computer Name: ELYN-PC | User Name: Elyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.09 20:56:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elyn\Downloads\OTL.exe
PRC - [2014.04.29 20:13:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.04.02 21:03:22 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2014.04.02 21:03:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 11:09:39 | 000,657,504 | ---- | M] () -- C:\ProgramData\Internet Everywhere\OnlineUpdate\ouc.exe
PRC - [2012.12.08 15:50:00 | 000,472,216 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2012.12.03 11:18:48 | 002,436,096 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware View\Client\bin\vmware-view-usbd.exe
PRC - [2012.11.09 21:30:26 | 000,353,640 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
PRC - [2012.11.09 21:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe
PRC - [2012.11.09 21:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe
PRC - [2012.05.04 00:11:54 | 000,397,824 | ---- | M] () -- C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe
PRC - [2011.03.14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.06.01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.05.31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.05.31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.04.29 20:13:38 | 003,845,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.02.15 17:26:59 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6075432058b0de45ff925a5a78272154\IAStorUtil.ni.dll
MOD - [2014.02.15 11:13:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014.02.15 11:12:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.15 11:12:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.15 11:12:47 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.15 11:12:44 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.15 11:12:32 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.02.15 11:12:30 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.15 11:12:24 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014.01.20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014.01.20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013.12.05 14:43:11 | 019,336,120 | ---- | M] () -- C:\Programme\AVAST Software\Avast\libcef.dll
MOD - [2012.12.20 14:08:15 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.07.19 16:57:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.03.06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.06.24 22:06:19 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014.04.29 20:13:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.04.28 21:08:16 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.04.02 21:03:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.07.19 13:01:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Elyn\AppData\Local\Temp\7zS0DFB\hpslpsvc64.dll -- (HPSLPSVC)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.11 11:09:39 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Internet Everywhere\UpdateDog\ouc.exe -- (Internet Everywhere. RunOuc)
SRV - [2012.12.08 15:50:00 | 000,472,216 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2012.12.03 11:18:48 | 002,436,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware View\Client\bin\vmware-view-usbd.exe -- (vmware-view-usbd)
SRV - [2012.11.20 14:08:32 | 000,919,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.11.09 21:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.07.19 16:14:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.04 00:11:54 | 000,397,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe -- (XMail)
SRV - [2011.03.14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.06.20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.06.20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.06.18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.06.17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.06.09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.06.09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.06.09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.08 17:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.06.06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.05.09 08:07:27 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014.05.09 08:07:27 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014.05.09 08:07:27 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.05.09 08:07:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.05.09 08:07:27 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014.05.09 08:07:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.05.09 08:07:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.05.09 08:07:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013.03.11 20:28:45 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV:64bit: - [2013.03.11 02:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013.03.07 01:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013.03.04 14:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.12.03 13:22:47 | 000,241,152 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2012.11.20 14:08:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.11.20 14:08:20 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.10.30 06:42:27 | 000,014,336 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.20 02:55:56 | 000,104,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012.08.20 02:55:56 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.08.20 02:55:56 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.06 12:14:08 | 000,026,496 | ---- | M] (Clavia DMI AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ClaviaUSB64.sys -- (CLAVIAUSB64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.24 22:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.06.24 22:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.05.31 23:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...EE_enCH493CH493
IE - HKCU\..\SearchScopes\{93161774-7206-4AC2-8840-1069E29D4B4A}: "URL" = http://websearch.ask...A7-DA65C99B2D46
IE - HKCU\..\SearchScopes\{A4828A74-F1F0-4104-8A43-B4150A432A13}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{E342CF82-865B-4043-9A53-F632CEA1BE55}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...Moac_waqiIGQBQ"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.05.09 08:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.04.29 20:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.6.4\FF
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.04.29 20:13:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.29 21:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elyn\AppData\Roaming\mozilla\Extensions
[2014.05.02 09:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elyn\AppData\Roaming\mozilla\Firefox\Profiles\jqfjcomt.default\extensions
[2014.03.25 07:27:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Elyn\AppData\Roaming\mozilla\Firefox\Profiles\jqfjcomt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.05.02 09:21:37 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Elyn\AppData\Roaming\mozilla\firefox\profiles\jqfjcomt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.20 10:50:08 | 000,002,299 | ---- | M] () -- C:\Users\Elyn\AppData\Roaming\mozilla\firefox\profiles\jqfjcomt.default\searchplugins\askcom.xml
[2013.08.30 20:24:32 | 000,002,146 | ---- | M] () -- C:\Users\Elyn\AppData\Roaming\mozilla\firefox\profiles\jqfjcomt.default\searchplugins\ecosia.xml
[2014.04.29 20:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2014.04.29 20:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2014.04.29 20:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014.04.29 20:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.04.29 20:13:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.05.09 20:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2014.05.09 20:23:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2014.05.09 20:23:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014.05.09 20:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions
[2014.05.09 20:23:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: sweet-page (Enabled)
CHR - default_search_provider: search_url = http://www.sweet-pag...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.sweet-pag..._S29MJ1MZA00258
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: avast! Online Security = C:\Users\Elyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Elyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
 
O1 HOSTS File: ([2012.08.14 16:37:56 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       ElynDrupalTest01
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: wikispace.com ([fallingflying] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2990E8A8-3232-4765-8986-A454DEF90943}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A87B82D5-93F3-48A8-BDC7-B3ACF10F8B2C}: NameServer = 192.168.212.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE95562B-E153-4C50-815F-67E1A2045EBB}: NameServer = 10.9.11.21 10.9.11.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{520a1d5a-e86a-11e2-9765-18f46af17995}\Shell - "" = AutoRun
O33 - MountPoints2\{520a1d5a-e86a-11e2-9765-18f46af17995}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{6889fc2d-7e8e-11e3-b86b-544249f2e6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{6889fc2d-7e8e-11e3-b86b-544249f2e6b3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6889fc4f-7e8e-11e3-b86b-544249f2e6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{6889fc4f-7e8e-11e3-b86b-544249f2e6b3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6889fcfc-7e8e-11e3-b86b-544249f2e6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{6889fcfc-7e8e-11e3-b86b-544249f2e6b3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{eeb258d4-1390-11e2-9ff8-18f46af17995}\Shell - "" = AutoRun
O33 - MountPoints2\{eeb258d4-1390-11e2-9ff8-18f46af17995}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.09 08:07:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.05.06 21:29:25 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014.05.06 18:53:48 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.05.06 18:53:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.04.30 18:22:34 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.30 18:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.04.30 18:22:07 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.30 18:22:07 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.30 18:22:07 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.04.30 18:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.04.30 18:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.04.30 18:11:20 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.04.30 18:10:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.04.29 20:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.04.28 22:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014.04.28 22:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fortunitas
[2014.04.27 00:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\testdisk-7.0-WIP
[2014.04.27 00:23:32 | 000,000,000 | ---D | C] -- C:\rec
[2014.04.27 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\testdisk-6.14
[2014.04.20 19:13:14 | 000,000,000 | ---D | C] -- C:\Users\Elyn\AppData\Local\Skype
[2014.04.20 19:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014.04.20 19:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014.04.20 19:12:56 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014.04.18 17:21:19 | 000,000,000 | ---D | C] -- C:\Users\Elyn\Documents\01 Elyn 2014
[2014.04.18 15:49:59 | 000,000,000 | ---D | C] -- C:\Users\Elyn\Desktop\00 elyn Homepage export Ebenen
[2014.04.18 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Elyn\Documents\00 Homepage Elyn
[2014.04.18 11:41:14 | 000,000,000 | -HSD | C] -- C:\Users\Elyn\AppData\Local\EmieUserList
[2014.04.18 11:41:14 | 000,000,000 | -HSD | C] -- C:\Users\Elyn\AppData\Local\EmieSiteList
[2014.04.14 10:12:28 | 000,000,000 | ---D | C] -- C:\Users\Elyn\Desktop\Barcelona Tickets
[2014.04.13 17:56:14 | 000,000,000 | ---D | C] -- C:\Users\Elyn\Desktop\Sonderwoche Spiele 2014
[2014.04.11 21:48:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.04.11 21:48:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.04.11 21:47:56 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.04.11 21:47:44 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.04.11 21:47:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.04.11 21:47:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.04.11 21:47:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.04.11 21:47:41 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.04.11 21:47:41 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.04.11 21:47:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.04.11 21:47:40 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.04.11 21:47:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.04.11 21:41:17 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.04.11 21:41:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.04.11 21:41:15 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.04.11 21:41:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.04.11 21:41:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.04.11 21:41:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.04.11 21:41:13 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.04.11 21:41:07 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.04.11 21:41:07 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.04.11 21:41:07 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.04.11 21:41:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.04.11 21:41:06 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.04.11 21:41:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.04.11 21:41:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.04.11 21:40:58 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.04.11 21:40:58 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.04.11 21:40:51 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.09 20:54:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.09 20:17:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.09 20:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.09 19:25:16 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.09 19:25:16 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.09 19:17:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.09 08:07:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.05.09 08:07:27 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014.05.09 08:07:27 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014.05.09 08:07:27 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014.05.09 08:07:27 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014.05.09 08:07:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014.05.09 08:07:27 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014.05.09 08:07:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014.05.09 08:07:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014.05.09 08:07:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.05.09 08:07:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.05.09 08:03:33 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.08 21:03:44 | 000,037,711 | ---- | M] () -- C:\Users\Elyn\Desktop\image4xl.jpg
[2014.05.03 13:28:33 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.03 13:28:33 | 000,699,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.03 13:28:33 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.03 13:28:33 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.03 13:28:33 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.02 10:10:14 | 000,016,457 | ---- | M] () -- C:\Users\Elyn\Desktop\hope.odt
[2014.04.30 21:38:05 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.28 21:08:15 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.04.28 21:08:15 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.04.27 15:05:24 | 000,009,755 | ---- | M] () -- C:\Users\Elyn\Desktop\We can do better.odt
[2014.04.27 00:42:05 | 001,503,881 | ---- | M] () -- C:\Users\Elyn\Desktop\f0091207.jpg
[2014.04.23 16:49:12 | 000,053,832 | ---- | M] () -- C:\Users\Elyn\Desktop\Einzahlung Kurs ProTalk.JPG
[2014.04.21 00:40:31 | 000,007,666 | ---- | M] () -- C:\Users\Elyn\Desktop\bury my medicine.odt
[2014.04.19 13:33:03 | 000,012,282 | ---- | M] () -- C:\Users\Elyn\Desktop\Keep thinking.odt
[2014.04.18 21:33:56 | 000,010,360 | ---- | M] () -- C:\Users\Elyn\Desktop\Lonely person.odt
[2014.04.18 15:48:44 | 000,073,003 | ---- | M] () -- C:\Users\Elyn\.recently-used.xbel
[2014.04.18 12:16:34 | 000,198,044 | ---- | M] () -- C:\test.xml
[2014.04.17 20:02:28 | 000,119,629 | ---- | M] () -- C:\Users\Elyn\Desktop\Schiffsfahrplan2014_print__2_.pdf
[2014.04.14 04:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.04.14 04:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.09 08:07:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.05.09 08:07:29 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.05.08 21:03:44 | 000,037,711 | ---- | C] () -- C:\Users\Elyn\Desktop\image4xl.jpg
[2014.04.30 21:11:29 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014.04.27 19:04:59 | 000,016,457 | ---- | C] () -- C:\Users\Elyn\Desktop\hope.odt
[2014.04.27 15:03:07 | 010,518,535 | ---- | C] () -- C:\Users\Elyn\Desktop\Hope (mix 1).mp3
[2014.04.27 00:42:05 | 001,503,881 | ---- | C] () -- C:\Users\Elyn\Desktop\f0091207.jpg
[2014.04.23 16:49:12 | 000,053,832 | ---- | C] () -- C:\Users\Elyn\Desktop\Einzahlung Kurs ProTalk.JPG
[2014.04.21 00:40:31 | 000,007,666 | ---- | C] () -- C:\Users\Elyn\Desktop\bury my medicine.odt
[2014.04.19 10:12:26 | 000,009,755 | ---- | C] () -- C:\Users\Elyn\Desktop\We can do better.odt
[2014.04.18 21:33:56 | 000,010,360 | ---- | C] () -- C:\Users\Elyn\Desktop\Lonely person.odt
[2014.04.18 16:22:52 | 000,012,282 | ---- | C] () -- C:\Users\Elyn\Desktop\Keep thinking.odt
[2014.04.18 15:48:44 | 000,073,003 | ---- | C] () -- C:\Users\Elyn\.recently-used.xbel
[2014.04.17 20:02:28 | 000,119,629 | ---- | C] () -- C:\Users\Elyn\Desktop\Schiffsfahrplan2014_print__2_.pdf
[2013.02.03 02:08:22 | 019,657,194 | ---- | C] () -- C:\Program Files (x86)\vlc-1.1.4-win32.exe
[2012.12.28 20:13:20 | 001,594,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 20:14:57 | 000,000,046 | ---- | C] () -- C:\Users\Elyn\.gtk-bookmarks
[2012.08.14 20:55:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.08.06 20:14:14 | 000,019,456 | ---- | C] () -- C:\Users\Elyn\AppData\Local\WebpageIcons.db
[2012.07.29 20:50:47 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2006.02.12 12:28:10 | 000,004,718 | ---- | C] () -- C:\Program Files\RazorLame.html
[2006.02.12 12:26:04 | 000,001,678 | ---- | C] () -- C:\Program Files\RazorLame.dat
[2001.12.11 23:04:04 | 000,678,400 | ---- | C] () -- C:\Program Files\RazorLame.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Thank you very much for looking into this in advance!

Very best wishes

nept


Edited by nept, 09 May 2014 - 02:16 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    nept

    nept

      Member

    • Topic Starter
    • Member
    • PipPip
    • 62 posts

    Hi RKinner

     

    Thank you very much for helping me! I will post the three logs in the next three posts to retain readability:


    Edited by nept, 10 May 2014 - 06:03 AM.

    • 0

    #4
    nept

    nept

      Member

    • Topic Starter
    • Member
    • PipPip
    • 62 posts

    # AdwCleaner v3.207 - Bericht erstellt am 10/05/2014 um 13:35:02
    # Aktualisiert 05/05/2014 von Xplode
    # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Benutzername : Elyn - ELYN-PC
    # Gestartet von : C:\Users\Elyn\Downloads\AdwCleaner.exe
    # Option : Löschen

    ***** [ Dienste ] *****


    ***** [ Dateien / Ordner ] *****

    Ordner Gelöscht : C:\ProgramData\Ask
    Ordner Gelöscht : C:\ProgramData\Partner
    Ordner Gelöscht : C:\ProgramData\WPM
    Ordner Gelöscht : C:\Program Files (x86)\Conduit
    Ordner Gelöscht : C:\Program Files (x86)\Fortunitas
    Ordner Gelöscht : C:\Program Files (x86)\acquia-drupal
    Ordner Gelöscht : C:\Users\Elyn\AppData\Local\Conduit
    Ordner Gelöscht : C:\Users\Elyn\AppData\Local\Temp\Fortunitas
    Ordner Gelöscht : C:\Users\Elyn\AppData\LocalLow\Conduit
    Ordner Gelöscht : C:\Users\Elyn\AppData\LocalLow\PriceGong
    Ordner Gelöscht : C:\Users\Elyn\AppData\Roaming\PerformerSoft
    Ordner Gelöscht : C:\Users\Elyn\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjcomt.default\Smartbar
    Datei Gelöscht : C:\END
    Datei Gelöscht : C:\ProgramData\uninstaller.exe
    Datei Gelöscht : C:\Users\Elyn\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjcomt.default\searchplugins\Askcom.xml

    ***** [ Verknüpfungen ] *****

    Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Verknüpfung Desinfiziert : C:\Users\Elyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Verknüpfung Desinfiziert : C:\Users\Elyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

    ***** [ Registrierungsdatenbank ] *****

    Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_clocx[1]_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_clocx[1]_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_word-search-construction-kit_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_word-search-construction-kit_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
    Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
    Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
    Schlüssel Gelöscht : HKCU\Software\Conduit
    Schlüssel Gelöscht : HKCU\Software\Softonic
    Schlüssel Gelöscht : HKCU\Software\wecarereminder
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
    Schlüssel Gelöscht : HKLM\Software\Conduit
    Schlüssel Gelöscht : HKLM\Software\DeviceVM
    Schlüssel Gelöscht : HKLM\Software\supWPM
    Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

    ***** [ Browser ] *****

    -\\ Internet Explorer v11.0.9600.17041

    Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

    -\\ Mozilla Firefox v29.0.1 (de)

    [ Datei : C:\Users\Elyn\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjcomt.default\prefs.js ]

    Zeile gelöscht : user_pref("CT2504091.CBOpenMAMSettings.enc", "MA==");
    Zeile gelöscht : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Zeile gelöscht : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Zeile gelöscht : user_pref("CT2504091.FirstTime", "true");
    Zeile gelöscht : user_pref("CT2504091.FirstTimeFF3", "true");
    Zeile gelöscht : user_pref("CT2504091.LoginRevertSettingsEnabled", true);
    Zeile gelöscht : user_pref("CT2504091.PG_ENABLE", "ZmFsc2U=");
    Zeile gelöscht : user_pref("CT2504091.RevertSettingsEnabled", true);
    Zeile gelöscht : user_pref("CT2504091.SearchAppState.enc", "Mw==");
    Zeile gelöscht : user_pref("CT2504091.SearchAppTracking.enc", "c2VudA==");
    Zeile gelöscht : user_pref("CT2504091.UserID", "UN04959913423021533");
    Zeile gelöscht : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
    Zeile gelöscht : user_pref("CT2504091.autoDisableScopes", -1);
    Zeile gelöscht : user_pref("CT2504091.cbcountry_001.enc", "Q0g=");
    Zeile gelöscht : user_pref("CT2504091.cbfirsttime.enc", "V2VkIERlYyAxOSAyMDEyIDIwOjQ4OjAwIEdNVCswMTAw");
    Zeile gelöscht : user_pref("CT2504091.defaultSearch", "false");
    Zeile gelöscht : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
    Zeile gelöscht : user_pref("CT2504091.enableAlerts", "always");
    Zeile gelöscht : user_pref("CT2504091.enableFix404ByUser", "FALSE");
    Zeile gelöscht : user_pref("CT2504091.enableSearchFromAddressBar", "true");
    Zeile gelöscht : user_pref("CT2504091.firstTimeDialogOpened", "true");
    Zeile gelöscht : user_pref("CT2504091.fixPageNotFoundError", "true");
    Zeile gelöscht : user_pref("CT2504091.fixPageNotFoundErrorByUser", "true");
    Zeile gelöscht : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
    Zeile gelöscht : user_pref("CT2504091.fixUrls", true);
    Zeile gelöscht : user_pref("CT2504091.installId", "conduitinstallerstub.exe");
    Zeile gelöscht : user_pref("CT2504091.installType", "conduitnsisintegration");
    Zeile gelöscht : user_pref("CT2504091.isCheckedStartAsHidden", true);
    Zeile gelöscht : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Zeile gelöscht : user_pref("CT2504091.isFirstTimeToolbarLoading", "false");
    Zeile gelöscht : user_pref("CT2504091.isNewTabEnabled", false);
    Zeile gelöscht : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
    Zeile gelöscht : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Zeile gelöscht : user_pref("CT2504091.lastVersion", "10.15.0.562");
    Zeile gelöscht : user_pref("CT2504091.migrateAppsAndComponents", true);
    Zeile gelöscht : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fdub119.mail.live.com%2F%23n%3D975424869%26fid%3D1%26fav%3D1\",\"EB_MAIN_FRAME_TITLE\":\"%0A%09Hotmail%20-%20elianes[...]
    Zeile gelöscht : user_pref("CT2504091.openThankYouPage", "false");
    Zeile gelöscht : user_pref("CT2504091.openUninstallPage", "false");
    Zeile gelöscht : user_pref("CT2504091.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"12\\\\/19\\\\/2012 22\\\"}\"}");
    Zeile gelöscht : user_pref("CT2504091.price-gong.isManagedApp", "true");
    Zeile gelöscht : user_pref("CT2504091.revertSettingsEnabled", "false");
    Zeile gelöscht : user_pref("CT2504091.search.searchAppId", "129079840422026594");
    Zeile gelöscht : user_pref("CT2504091.search.searchCount", "1");
    Zeile gelöscht : user_pref("CT2504091.searchInNewTabEnabled", "false");
    Zeile gelöscht : user_pref("CT2504091.searchInNewTabEnabledByUser", "false");
    Zeile gelöscht : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
    Zeile gelöscht : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VuzeRemote.OurToolbar.com//xpi\"}");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363989429894");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1364138589031");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363989429780");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_location_lastUpdate", "1364138594735");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358362020409");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363983189245");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359055776044");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360681264407");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363203099437");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_login_10.15.0.562_lastUpdate", "1364138589766");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363989429822");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1364138595543");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1364138589985");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363989429738");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1364138590397");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1364138593093");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1364138592951");
    Zeile gelöscht : user_pref("CT2504091.serviceLayer_services_userApps_lastUpdate", "1364138592958");
    Zeile gelöscht : user_pref("CT2504091.settingsINI", true);
    Zeile gelöscht : user_pref("CT2504091.shouldFirstTimeDialog", "false");
    Zeile gelöscht : user_pref("CT2504091.showToolbarPermission", "false");
    Zeile gelöscht : user_pref("CT2504091.smartbar.CTID", "CT2504091");
    Zeile gelöscht : user_pref("CT2504091.smartbar.Uninstall", "0");
    Zeile gelöscht : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
    Zeile gelöscht : user_pref("CT2504091.startPage", "false");
    Zeile gelöscht : user_pref("CT2504091.toolbarBornServerTime", "19-12-2012");
    Zeile gelöscht : user_pref("CT2504091.toolbarCurrentServerTime", "24-3-2013");
    Zeile gelöscht : user_pref("CT2504091.toolbarLoginClientTime", "Thu Mar 14 2013 17:30:01 GMT+0100");
    Zeile gelöscht : user_pref("CT2504091.url_history0001.enc", "aHR0cDovL2ZvcnVtLnZ1emUuY29tL3RocmVhZC5qc3BhP21lc3NhZ2VJRD0yNjUxMjI6OjpjbGlja2hhbmRsZXI6OjoxMzU1OTQ3NTA3Njg3LCwsaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFu[...]
    Zeile gelöscht : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364025499258,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
    Zeile gelöscht : user_pref("smartbar.machineId", "YLPM7DPYFEI/NHX2C62U4MEZ3H2Z1PZNN9EKTKA1U7PNTAZW6GY0TBTISYKJUSLAIKK0HH7TQW1DFUACWGOQ8G");

    -\\ Google Chrome v34.0.1847.131

    [ Datei : C:\Users\Elyn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398715399&from=tugs&uid=SAMSUNGXHM500JI_S29MJ1MZA00258&q={searchTerms}
    Gelöscht [Homepage] : hxxp://www.sweet-page.com/?type=hp&ts=1398715399&from=tugs&uid=SAMSUNGXHM500JI_S29MJ1MZA00258
    Gelöscht [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok
    Gelöscht [Extension] : ippkomaaonokjnfjoikaemidanojkfmm

    *************************

    AdwCleaner[R0].txt - [20600 octets] - [30/04/2014 18:10:52]
    AdwCleaner[R1].txt - [15399 octets] - [10/05/2014 13:28:57]
    AdwCleaner[R2].txt - [15460 octets] - [10/05/2014 13:33:23]
    AdwCleaner[S0].txt - [14325 octets] - [10/05/2014 13:35:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14386 octets] ##########
     


    • 0

    #5
    nept

    nept

      Member

    • Topic Starter
    • Member
    • PipPip
    • 62 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Elyn on 10.05.2014 at 13:42:34.33
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93161774-7206-4AC2-8840-1069E29D4B4A}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Elyn\AppData\Roaming\mozilla\firefox\profiles\jqfjcomt.default\minidumps [290 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10.05.2014 at 13:54:32.08
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #6
    nept

    nept

      Member

    • Topic Starter
    • Member
    • PipPip
    • 62 posts

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
    Ran by Elyn (administrator) on ELYN-PC on 10-05-2014 13:58:23
    Running from C:\Users\Elyn\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    () C:\Program Files (x86)\Connectify\ConnectifyService.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    () C:\ProgramData\Internet Everywhere\OnlineUpdate\ouc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
    (Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
    (ALPS) C:\Program Files\Apoint\Apvfb.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
    HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-09] (AVAST Software)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\Run: [] => [X]
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-19] (Google Inc.)
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\MountPoints2: {520a1d5a-e86a-11e2-9765-18f46af17995} - E:\setup.exe
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\MountPoints2: {6889fc2d-7e8e-11e3-b86b-544249f2e6b3} - F:\AutoRun.exe
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\MountPoints2: {6889fc4f-7e8e-11e3-b86b-544249f2e6b3} - F:\AutoRun.exe
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\MountPoints2: {6889fcfc-7e8e-11e3-b86b-544249f2e6b3} - F:\AutoRun.exe
    HKU\S-1-5-21-3660762544-4063354053-3610636353-1000\...\MountPoints2: {eeb258d4-1390-11e2-9ff8-18f46af17995} - F:\LaunchU3.exe -a

    ==================== Internet (Whitelisted) ====================

    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {A4828A74-F1F0-4104-8A43-B4150A432A13} URL = http://services.zini...}&rf=sonyslices
    SearchScopes: HKCU - {E342CF82-865B-4043-9A53-F632CEA1BE55} URL = http://rover.ebay.co...e={searchTerms}
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: 127.0.0.1       ElynDrupalTest01
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{A87B82D5-93F3-48A8-BDC7-B3ACF10F8B2C}: [NameServer]192.168.212.1
    Tcpip\..\Interfaces\{DE95562B-E153-4C50-815F-67E1A2045EBB}: [NameServer]10.9.11.21 10.9.11.22

    FireFox:
    ========
    FF ProfilePath: C:\Users\Elyn\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjcomt.default
    FF NewTab: chrome://quick_start/content/index.html
    FF Homepage: https://www.google.c...YMoac_waqiIGQBQ
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Elyn\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjcomt.default\searchplugins\ecosia.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
    FF Extension: DownloadHelper - C:\Users\Elyn\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjcomt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
    FF Extension: Adblock Plus - C:\Users\Elyn\AppData\Roaming\Mozilla\Firefox\Profiles\jqfjcomt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-29]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-04-29]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-04-29]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-19]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR RestoreOnStartup: "hxxp://www.sweet-page.com/?type=hp&ts=1398715399&from=tugs&uid=SAMSUNGXHM500JI_S29MJ1MZA00258"
    CHR DefaultSearchKeyword: sweet-page
    CHR DefaultSearchProvider: sweet-page
    CHR DefaultSearchURL: http://www.sweet-pag...q={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Extension: (avast! Online Security) - C:\Users\Elyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-17]
    CHR Extension: (Chrome In-App Payments service) - C:\Users\Elyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]

    ==================== Services (Whitelisted) =================

    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-09] (AVAST Software)
    R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [65536 2012-11-09] ()
    R2 HPSLPSVC; C:\Users\Elyn\AppData\Local\Temp\7zS0DFB\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.)
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
    S2 Internet Everywhere. RunOuc; C:\Program Files (x86)\Internet Everywhere\UpdateDog\ouc.exe [657504 2012-12-11] ()
    R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
    R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
    S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
    R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2436096 2012-12-03] (VMware, Inc.)
    R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
    S2 XMail; C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-09] ()
    R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-09] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-09] ()
    S3 CLAVIAUSB64; C:\Windows\System32\DRIVERS\ClaviaUSB64.sys [26496 2011-10-06] (Clavia DMI AB)
    R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-03-11] (Connectify)
    S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-10 13:58 - 2014-05-10 13:58 - 00018316 _____ () C:\Users\Elyn\Desktop\FRST.txt
    2014-05-10 13:58 - 2014-05-10 13:58 - 00000000 ____D () C:\FRST
    2014-05-10 13:56 - 2014-05-10 13:57 - 02065408 _____ (Farbar) C:\Users\Elyn\Desktop\FRST64.exe
    2014-05-10 13:54 - 2014-05-10 13:54 - 00000903 _____ () C:\Users\Elyn\Desktop\JRT.txt
    2014-05-10 13:42 - 2014-05-10 13:42 - 00000000 ____D () C:\Windows\ERUNT
    2014-05-10 13:41 - 2014-05-10 13:53 - 00014491 _____ () C:\Users\Elyn\Desktop\AdwCleaner[S0].txt
    2014-05-10 13:41 - 2014-05-10 13:41 - 01016261 _____ (Thisisu) C:\Users\Elyn\Downloads\JRT.exe
    2014-05-10 13:27 - 2014-05-10 13:27 - 01316991 _____ () C:\Users\Elyn\Downloads\AdwCleaner.exe
    2014-05-09 21:10 - 2014-05-09 21:10 - 00135864 _____ () C:\Users\Elyn\Downloads\Extras.Txt
    2014-05-09 21:08 - 2014-05-09 21:08 - 00117516 _____ () C:\Users\Elyn\Downloads\OTL.Txt
    2014-05-09 20:56 - 2014-05-09 20:56 - 00602112 _____ (OldTimer Tools) C:\Users\Elyn\Downloads\OTL.exe
    2014-05-09 08:07 - 2014-05-09 08:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-05-09 08:07 - 2014-05-09 08:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-05-09 08:07 - 2014-05-09 08:07 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-05-06 21:29 - 2014-05-06 21:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-06 18:53 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-06 18:53 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-02 23:53 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-02 23:53 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-02 23:53 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-02 23:53 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-30 21:11 - 2014-02-21 18:25 - 00000426 _____ () C:\AVScanner.ini
    2014-04-30 18:22 - 2014-04-30 21:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-30 18:22 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-04-30 18:22 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-30 18:22 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-30 18:22 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-30 18:22 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-30 18:22 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-30 18:16 - 2014-04-30 18:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elyn\Downloads\mbam-setup-2.0.1.1004.exe
    2014-04-30 18:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-04-30 18:10 - 2014-05-10 13:35 - 00000000 ____D () C:\AdwCleaner
    2014-04-30 13:55 - 2014-04-30 13:55 - 00729592 _____ () C:\Users\Elyn\Downloads\FlvPlayerSetup.exe
    2014-04-29 20:13 - 2014-05-09 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-27 19:04 - 2014-05-02 10:10 - 00016457 _____ () C:\Users\Elyn\Desktop\hope.odt
    2014-04-27 00:34 - 2014-04-27 00:35 - 00000000 ____D () C:\Program Files (x86)\testdisk-7.0-WIP
    2014-04-27 00:34 - 2014-04-27 00:34 - 03474302 _____ () C:\Users\Elyn\Downloads\testdisk-7.0-WIP.win.zip
    2014-04-27 00:23 - 2014-04-27 00:42 - 00000000 ____D () C:\rec
    2014-04-27 00:19 - 2014-04-27 00:20 - 00000000 ____D () C:\Program Files (x86)\testdisk-6.14
    2014-04-27 00:19 - 2014-04-27 00:19 - 01572074 _____ () C:\Users\Elyn\Downloads\testdisk-6.14.win64.zip
    2014-04-26 13:59 - 2014-04-26 13:59 - 02197307 _____ () C:\Users\Elyn\Downloads\MOV_4313.mp4.mov
    2014-04-21 00:40 - 2014-04-21 00:40 - 00007666 _____ () C:\Users\Elyn\Desktop\bury my medicine.odt
    2014-04-20 19:13 - 2014-04-20 19:13 - 00000000 ____D () C:\Users\Elyn\AppData\Local\Skype
    2014-04-20 19:12 - 2014-04-20 19:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-04-20 19:12 - 2014-04-20 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-04-19 10:12 - 2014-04-27 15:05 - 00009755 _____ () C:\Users\Elyn\Desktop\We can do better.odt
    2014-04-18 21:33 - 2014-04-18 21:33 - 00010360 _____ () C:\Users\Elyn\Desktop\Lonely person.odt
    2014-04-18 17:21 - 2014-04-18 17:36 - 00000000 ____D () C:\Users\Elyn\Documents\01 Elyn 2014
    2014-04-18 16:22 - 2014-04-19 13:33 - 00012282 _____ () C:\Users\Elyn\Desktop\Keep thinking.odt
    2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Users\Elyn\Desktop\00 elyn Homepage export Ebenen
    2014-04-18 15:48 - 2014-04-18 15:48 - 00073003 _____ () C:\Users\Elyn\.recently-used.xbel
    2014-04-18 15:28 - 2014-04-18 15:49 - 00000000 ____D () C:\Users\Elyn\Documents\00 Homepage Elyn
    2014-04-18 11:41 - 2014-04-18 11:41 - 00000000 __SHD () C:\Users\Elyn\AppData\Local\EmieUserList
    2014-04-18 11:41 - 2014-04-18 11:41 - 00000000 __SHD () C:\Users\Elyn\AppData\Local\EmieSiteList
    2014-04-14 23:07 - 2014-04-14 23:07 - 03802008 _____ () C:\Users\Elyn\Downloads\Pedro-Lehmann-Presskit.zip
    2014-04-14 10:12 - 2014-04-14 10:12 - 00000000 ____D () C:\Users\Elyn\Desktop\Barcelona Tickets
    2014-04-13 17:56 - 2014-04-13 18:57 - 00000000 ____D () C:\Users\Elyn\Desktop\Sonderwoche Spiele 2014
    2014-04-11 21:48 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-04-11 21:48 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-04-11 21:47 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-11 21:47 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-04-11 21:47 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-11 21:47 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-11 21:47 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-11 21:47 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-04-11 21:47 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-11 21:47 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-04-11 21:47 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-04-11 21:47 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-11 21:47 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-04-11 21:47 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-04-11 21:47 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-11 21:47 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-04-11 21:41 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-11 21:41 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-11 21:41 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-11 21:41 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-11 21:41 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-11 21:41 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-04-11 21:41 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-11 21:41 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-11 21:41 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-11 21:41 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-11 21:41 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-11 21:41 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-11 21:41 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-11 21:41 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-11 21:41 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-11 21:41 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-11 21:41 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-11 21:41 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-11 21:41 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-11 21:41 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-11 21:41 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-11 21:41 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-11 21:40 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-11 21:40 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-11 21:40 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-11 21:40 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-11 21:40 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-11 21:40 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    ==================== One Month Modified Files and Folders =======

    2014-05-10 13:58 - 2014-05-10 13:58 - 00018316 _____ () C:\Users\Elyn\Desktop\FRST.txt
    2014-05-10 13:58 - 2014-05-10 13:58 - 00000000 ____D () C:\FRST
    2014-05-10 13:57 - 2014-05-10 13:56 - 02065408 _____ (Farbar) C:\Users\Elyn\Desktop\FRST64.exe
    2014-05-10 13:54 - 2014-05-10 13:54 - 00000903 _____ () C:\Users\Elyn\Desktop\JRT.txt
    2014-05-10 13:53 - 2014-05-10 13:41 - 00014491 _____ () C:\Users\Elyn\Desktop\AdwCleaner[S0].txt
    2014-05-10 13:43 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-10 13:43 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-10 13:42 - 2014-05-10 13:42 - 00000000 ____D () C:\Windows\ERUNT
    2014-05-10 13:41 - 2014-05-10 13:41 - 01016261 _____ (Thisisu) C:\Users\Elyn\Downloads\JRT.exe
    2014-05-10 13:40 - 2012-07-19 16:05 - 01877813 _____ () C:\Windows\WindowsUpdate.log
    2014-05-10 13:36 - 2012-07-19 16:20 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-10 13:36 - 2012-07-19 16:03 - 00583634 _____ () C:\Windows\PFRO.log
    2014-05-10 13:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-10 13:36 - 2009-07-14 06:51 - 00153949 _____ () C:\Windows\setupact.log
    2014-05-10 13:35 - 2014-04-30 18:10 - 00000000 ____D () C:\AdwCleaner
    2014-05-10 13:35 - 2012-07-29 21:43 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-05-10 13:35 - 2012-07-19 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-05-10 13:27 - 2014-05-10 13:27 - 01316991 _____ () C:\Users\Elyn\Downloads\AdwCleaner.exe
    2014-05-10 13:24 - 2012-07-19 16:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-05-10 13:19 - 2012-07-19 16:49 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B7971FAC-0437-46C7-B377-851F3E603C02}
    2014-05-10 13:17 - 2012-07-19 16:20 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-10 13:15 - 2012-07-29 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-10 13:14 - 2012-07-21 23:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-05-09 21:12 - 2014-04-29 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-09 21:10 - 2014-05-09 21:10 - 00135864 _____ () C:\Users\Elyn\Downloads\Extras.Txt
    2014-05-09 21:08 - 2014-05-09 21:08 - 00117516 _____ () C:\Users\Elyn\Downloads\OTL.Txt
    2014-05-09 20:56 - 2014-05-09 20:56 - 00602112 _____ (OldTimer Tools) C:\Users\Elyn\Downloads\OTL.exe
    2014-05-09 19:12 - 2012-07-19 16:20 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-09 19:12 - 2012-07-19 16:20 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-09 08:07 - 2014-05-09 08:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-05-09 08:07 - 2014-05-09 08:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-05-09 08:07 - 2014-05-09 08:07 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-05-09 08:07 - 2013-12-29 10:58 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-05-09 08:07 - 2013-03-16 18:27 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-05-09 08:07 - 2013-03-16 18:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-05-09 08:07 - 2012-07-19 16:53 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-05-09 08:07 - 2012-07-19 16:53 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-05-09 08:07 - 2012-07-19 16:53 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-05-09 08:07 - 2012-07-19 16:53 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-05-09 08:07 - 2012-07-19 16:53 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-05-06 21:29 - 2014-05-06 21:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-06 19:39 - 2013-06-17 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-05-03 13:28 - 2012-07-19 16:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
    2014-05-03 13:28 - 2012-07-19 16:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
    2014-05-03 13:28 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-05-03 09:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2014-05-03 09:03 - 2013-05-08 17:05 - 00000000 ____D () C:\Users\Elyn\AppData\Roaming\VMware
    2014-05-02 10:10 - 2014-04-27 19:04 - 00016457 _____ () C:\Users\Elyn\Desktop\hope.odt
    2014-05-01 09:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-04-30 21:38 - 2014-04-30 18:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-30 21:11 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-30 21:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
    2014-04-30 18:22 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-04-30 18:22 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-30 18:22 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-30 18:16 - 2014-04-30 18:16 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Elyn\Downloads\mbam-setup-2.0.1.1004.exe
    2014-04-30 13:55 - 2014-04-30 13:55 - 00729592 _____ () C:\Users\Elyn\Downloads\FlvPlayerSetup.exe
    2014-04-29 16:01 - 2014-05-02 23:53 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-04-29 15:40 - 2014-05-02 23:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-29 14:48 - 2014-05-02 23:53 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-04-29 14:34 - 2014-05-02 23:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-28 21:08 - 2012-07-21 23:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-04-28 21:08 - 2012-07-21 23:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-28 21:08 - 2012-07-21 23:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-04-27 15:05 - 2014-04-19 10:12 - 00009755 _____ () C:\Users\Elyn\Desktop\We can do better.odt
    2014-04-27 00:42 - 2014-04-27 00:23 - 00000000 ____D () C:\rec
    2014-04-27 00:35 - 2014-04-27 00:34 - 00000000 ____D () C:\Program Files (x86)\testdisk-7.0-WIP
    2014-04-27 00:34 - 2014-04-27 00:34 - 03474302 _____ () C:\Users\Elyn\Downloads\testdisk-7.0-WIP.win.zip
    2014-04-27 00:20 - 2014-04-27 00:19 - 00000000 ____D () C:\Program Files (x86)\testdisk-6.14
    2014-04-27 00:19 - 2014-04-27 00:19 - 01572074 _____ () C:\Users\Elyn\Downloads\testdisk-6.14.win64.zip
    2014-04-26 13:59 - 2014-04-26 13:59 - 02197307 _____ () C:\Users\Elyn\Downloads\MOV_4313.mp4.mov
    2014-04-21 00:40 - 2014-04-21 00:40 - 00007666 _____ () C:\Users\Elyn\Desktop\bury my medicine.odt
    2014-04-21 00:38 - 2012-07-22 18:33 - 00000000 ____D () C:\Users\Elyn\AppData\Roaming\Skype
    2014-04-20 19:13 - 2014-04-20 19:13 - 00000000 ____D () C:\Users\Elyn\AppData\Local\Skype
    2014-04-20 19:12 - 2014-04-20 19:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-04-20 19:12 - 2014-04-20 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-04-20 19:12 - 2012-07-19 16:30 - 00000000 ____D () C:\ProgramData\Skype
    2014-04-19 13:33 - 2014-04-18 16:22 - 00012282 _____ () C:\Users\Elyn\Desktop\Keep thinking.odt
    2014-04-18 21:33 - 2014-04-18 21:33 - 00010360 _____ () C:\Users\Elyn\Desktop\Lonely person.odt
    2014-04-18 17:36 - 2014-04-18 17:21 - 00000000 ____D () C:\Users\Elyn\Documents\01 Elyn 2014
    2014-04-18 15:49 - 2014-04-18 15:49 - 00000000 ____D () C:\Users\Elyn\Desktop\00 elyn Homepage export Ebenen
    2014-04-18 15:49 - 2014-04-18 15:28 - 00000000 ____D () C:\Users\Elyn\Documents\00 Homepage Elyn
    2014-04-18 15:48 - 2014-04-18 15:48 - 00073003 _____ () C:\Users\Elyn\.recently-used.xbel
    2014-04-18 15:48 - 2012-07-23 22:59 - 00000000 ____D () C:\Users\Elyn\AppData\Roaming\gtk-2.0
    2014-04-18 15:48 - 2012-07-23 22:56 - 00000000 ____D () C:\Users\Elyn\.gimp-2.6
    2014-04-18 15:48 - 2012-07-19 16:45 - 00000000 ____D () C:\Users\Elyn
    2014-04-18 12:16 - 2012-08-18 12:46 - 00198044 _____ () C:\test.xml
    2014-04-18 11:41 - 2014-04-18 11:41 - 00000000 __SHD () C:\Users\Elyn\AppData\Local\EmieUserList
    2014-04-18 11:41 - 2014-04-18 11:41 - 00000000 __SHD () C:\Users\Elyn\AppData\Local\EmieSiteList
    2014-04-16 09:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-04-14 23:07 - 2014-04-14 23:07 - 03802008 _____ () C:\Users\Elyn\Downloads\Pedro-Lehmann-Presskit.zip
    2014-04-14 10:12 - 2014-04-14 10:12 - 00000000 ____D () C:\Users\Elyn\Desktop\Barcelona Tickets
    2014-04-14 04:24 - 2014-05-06 18:53 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-04-14 04:19 - 2014-05-06 18:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-04-13 18:57 - 2014-04-13 17:56 - 00000000 ____D () C:\Users\Elyn\Desktop\Sonderwoche Spiele 2014
    2014-04-12 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
    2014-04-12 15:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-04-10 14:10 - 2012-07-22 18:55 - 00000000 ____D () C:\Users\Elyn\AppData\Local\Adobe

    Some content of TEMP:
    ====================
    C:\Users\Elyn\AppData\Local\Temp\ApnStub.exe
    C:\Users\Elyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjtkts3.dll
    C:\Users\Elyn\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Elyn\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
    C:\Users\Elyn\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
    C:\Users\Elyn\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\Elyn\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
    C:\Users\Elyn\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
    C:\Users\Elyn\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\Elyn\AppData\Local\Temp\NOSEventMessages.dll
    C:\Users\Elyn\AppData\Local\Temp\Quarantine.exe
    C:\Users\Elyn\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Elyn\AppData\Local\Temp\tbVuze.dll
    C:\Users\Elyn\AppData\Local\Temp\vlc-2.0.4-win32.exe
    C:\Users\Elyn\AppData\Local\Temp\vlc-2.1.2-win32.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-05-09 22:35

    ==================== End Of Log ============================


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    Did you not get an Additions log with FRST?

     

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

     

    There is still a sweetpage showing in Chrome but you have to kill that off through Chrome's settings.  My tools can't touch it.

     

    You are running what appears to be an obsolete version of Java.

     

    Clear the Java Cache by following the instructions on
    http://www.java.com/...lugin_cache.xml

    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
     

    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

    If you feel you must have Java:
    Get the latest Java at:
    http://www.java.com/en/

    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.


    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)

     

    If sweetpage comes back it's probably a task which I can't see without the additions log.

     


    • 0

    #8
    nept

    nept

      Member

    • Topic Starter
    • Member
    • PipPip
    • 62 posts

    I'm very sorry, I missed the last line and didn't post the addition log, but it was created. I added it below.

     

    Since I ran AdwCleaner in firefox and IE google now is the start page as expected. Chrome opens a sweetpage window at start altho in the settings the start page is set to google.com. When clicking the home button, chrome goes to google tho. Should I just uninstall chrome to fix this? It's not really needed.

     

    I got to leave right now and will do the next steps from your previous post tomorrow.

     

    Again thank you very much for your help!

     

     

    Here's the addidtion log:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-05-2014
    Ran by Elyn at 2014-05-10 13:58:58
    Running from C:\Users\Elyn\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Acquia Dev Desktop (HKLM-x32\...\Acquia Dev Desktop 7.14.14) (Version: 7.14.14 - Acquia, Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.115 - ArcSoft)
    ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
    ASPCA Reminder by We-Care.com v4.1.17.1 (HKLM-x32\...\{78FADD33-5D93-4FB8-AC29-1D823C0574B8}) (Version: 4.1.17.1 - We-Care.com)
    ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
    Blender (HKLM\...\Blender) (Version: 2.66a - Blender Foundation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center InstallProxy (x32 Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117 - ATI Technologies, Inc.) Hidden
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
    Clavia USB Driver v3.02 (HKLM-x32\...\Clavia USB Driver v3.02) (Version:  - )
    ClocX (1.5b1) (HKLM-x32\...\ClocX) (Version:  - )
    Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Connectify Hotspot (HKLM\...\Connectify) (Version: 3.7.1.25486 - Connectify)
    Designer 2.0 (HKLM-x32\...\bookfactory.ch Designer 2.0_is1) (Version: 7.9.0 - bookfactory.ch)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
    GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
    Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
    ifolor Designer (HKLM-x32\...\ifolor-Designer) (Version: 3.2.2.0 - Ifolor AG)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
    Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
    Internet Everywhere (HKLM-x32\...\Internet Everywhere) (Version: 23.009.09.01.458 - Huawei Technologies Co.,Ltd)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
    Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
    Microsoft Expression Design 4 (HKLM-x32\...\Design_8.0.31217.1) (Version: 8.0.31217.1 - Microsoft Corporation)
    Microsoft Expression Design 4 (x32 Version: 8.0.31217.1 - Microsoft Corporation) Hidden
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
    Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
    Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
    Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
    MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
    MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Nept Calc (HKCU\...\e95eed6834aeb37e) (Version: 1.0.0.7 - Nept Calc)
    Nokia Connectivity Cable Driver (HKLM-x32\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
    Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
    Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
    Nord Sound Manager v6.26 (HKLM-x32\...\Nord Sound Manager v6.26) (Version:  - )
    OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
    PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
    PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.3.00.06040 - Sony Corporation)
    PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.3.00.06110 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.3.00 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.3.00.06180 - Sony Corporation) Hidden
    Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.7.0 - Sony Corporation)
    Quick Web Access (x32 Version: 1.4.7.0 - Sony Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
    Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.0.2.06210 - Sony Corporation)
    Remote Play with PlayStation 3 (x32 Version: 1.0.2.06210 - Sony Corporation) Hidden
    Remote-Tastatur mit PlayStation 3 (HKLM-x32\...\{65B138AE-F636-4D4C-BA5D-A06E21E47C53}) (Version: 1.0.2.06170 - Sony Corporation)
    Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    Steuer 2012 13.0.3 (HKLM-x32\...\1382-8438-0790-3872) (Version: 13.0.3 - Information Factory AG)
    Steuer 2013 14.0.1 (HKLM-x32\...\0166-6433-7072-1489) (Version: 14.0.1 - Information Factory AG)
    Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.53 - NCH Software)
    VAIO - Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.3.0.06230 - Sony Corporation)
    VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
    VAIO - PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.3.00.06180 - Sony Corporation)
    VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.3.00.06110 - Sony Corporation)
    VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.3.00.06180 - Sony Corporation)
    VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
    VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
    VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
    VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
    VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
    VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.2.00.05120 - Sony Corporation)
    VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.0.06080 - Sony Corporation)
    VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.2.0.07020 - Sony Corporation)
    VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
    VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.1.0.18210 - Sony Corporation)
    VAIO Media plus (Version: 2.1.0 - Sony Corporation) Hidden
    VAIO Media plus (x32 Version: 2.1.0.18210 - Sony Corporation) Hidden
    VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 2.1.0.13220 - Sony Corporation)
    VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.3.00.06040 - Sony Corporation)
    VAIO Movie Story Template Data (x32 Version: 2.3.00.06040 - Sony Corporation) Hidden
    VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.3.0.06041 - Sony Corporation)
    VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
    VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
    VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
    VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
    VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
    VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
    VMware View Client (HKLM\...\{6248C52A-5236-4C07-9BD5-393C40A42316}) (Version: 5.2.1.937772 - VMware, Inc.)
    VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
    WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.58 - NCH Software)
    WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
    Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
    Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
    Word Search Construction Kit (HKLM-x32\...\Word Search Construction Kit) (Version: 4.0 - Insight Software Solutions, Inc.)
    Zattoo Live TV (HKCU\...\6d7aa3e3bf931c56) (Version: 1.0.0.41 - Zattoo Europa AG)

    ==================== Restore Points  =========================

    29-04-2014 17:01:50 Windows Update
    30-04-2014 12:06:04 Windows Defender Checkpoint
    02-05-2014 21:53:22 Windows Update
    06-05-2014 16:49:25 Windows Update
    06-05-2014 19:28:55 Windows Update
    09-05-2014 06:06:11 avast! antivirus system restore point

    ==================== Hosts content: ==========================

    2009-07-14 04:34 - 2012-08-14 16:37 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       ElynDrupalTest01

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {07B74F5E-47F6-48CA-A70E-DC15E3833769} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-06-08] (Sony Corporation)
    Task: {0CD83E64-7705-45E0-8C65-60A0F9974BB2} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
    Task: {17EA97E2-79CA-46A7-AC15-DA776AAFFDA5} - System32\Tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3 => C:\Program Files\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe [2010-06-17] (Sony Corporation)
    Task: {4E7F4CAA-CB1B-42CA-AA97-1C196A8D3C73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-09] (AVAST Software)
    Task: {4EFEB6A2-FBD9-4E6F-B15B-5DB12EFE6C17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)
    Task: {5583E6B2-86A1-472B-A4CB-2DF1927CDB05} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
    Task: {5E420DE4-140E-4797-A27E-DEE3CC77246A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {6DD56964-4A13-4255-BB10-043F2BC10C1B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {7E88B0A3-1B43-41D5-9604-3B1CD4B0826F} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
    Task: {81847716-EB8F-414D-9B42-644EFCF977E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.)
    Task: {86D20E96-2E54-4C70-BAF4-367EB6B4BB4E} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-06-08] (Sony Corporation)
    Task: {88748689-B258-42BD-913B-6D67B39136A6} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
    Task: {88AD40B2-784F-4562-B37D-DF71F0FDC736} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
    Task: {A3096870-A6F7-46DC-96B9-485A2BD03431} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
    Task: {C81AE31C-55DA-40E6-9FEF-51D84EA3A374} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
    Task: {CCA73C54-7F30-4081-8DA6-D1D20B7E5EC9} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
    Task: {DD5C8921-DF3C-4BBD-828C-4AFFB2BFED5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
    Task: {E0E86A67-F357-4E0B-BFF1-F3BE5E036841} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
    Task: {ED95C698-4A73-4932-9881-80DD86F528A8} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-03-11 20:28 - 2012-11-09 21:30 - 00065536 _____ () C:\Program Files (x86)\Connectify\ConnectifyService.exe
    2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
    2014-01-16 11:19 - 2012-12-11 11:09 - 00657504 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\ouc.exe
    2012-08-20 11:43 - 2011-02-25 17:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
    2012-08-20 11:43 - 2011-02-25 17:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 00353640 _____ () C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    2014-05-10 13:14 - 2014-05-10 13:14 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051000\algo.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 00090472 _____ () C:\Program Files (x86)\Connectify\NativeLibrary.dll
    2014-01-16 11:19 - 2012-12-11 11:09 - 00011362 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\mingwm10.dll
    2014-01-16 11:19 - 2012-12-11 11:09 - 00043008 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\libgcc_s_dw2-1.dll
    2014-01-16 11:19 - 2012-12-11 11:09 - 02417152 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QtCore4.dll
    2014-01-16 11:19 - 2012-12-11 11:09 - 01148416 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QtNetwork4.dll
    2014-01-16 11:19 - 2012-12-11 11:09 - 00843264 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QueryStrategy.dll
    2014-01-16 11:19 - 2012-12-11 11:09 - 00398336 _____ () C:\ProgramData\Internet Everywhere\OnlineUpdate\QtXml4.dll
    2012-07-19 16:11 - 2010-05-31 19:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
    2012-07-19 16:11 - 2010-05-31 19:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 00035176 _____ () C:\Program Files (x86)\Connectify\DriverLib.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 01068904 _____ () C:\Program Files (x86)\Connectify\ConnectifyNAT.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 00185704 _____ () C:\Program Files (x86)\Connectify\LibDispatch.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 00016232 _____ () C:\Program Files (x86)\Connectify\BuildProps.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 00777064 _____ () C:\Program Files (x86)\Connectify\Vendors.dll
    2013-03-11 20:28 - 2012-11-09 21:30 - 00024936 _____ () C:\Program Files (x86)\Connectify\gma.Windows.Firewall.dll
    2013-12-05 14:43 - 2013-12-05 14:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-15 17:27 - 2014-02-15 17:27 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
    2010-07-12 23:29 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2014-04-29 20:13 - 2014-05-09 21:12 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Elyn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
    MSCONFIG\startupreg: Connectify => C:\Program Files (x86)\Connectify\Connectify.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    ==================== Faulty Device Manager Devices =============

    Name: avast! Firewall NDIS Filter Miniport
    Description: avast! Firewall NDIS Filter Miniport
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: ALWIL Software
    Service: aswNdis
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 44%
    Total physical RAM: 3950.1 MB
    Available physical RAM: 2181.56 MB
    Total Pagefile: 7898.38 MB
    Available Pagefile: 5819.98 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:452.34 GB) (Free:288.32 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BAACABC)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    Edited by nept, 10 May 2014 - 09:19 AM.

    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    OK.  Make sure you uninstall Java 7 Update 25.  If you want to keep Java it must be Java 7 Update 55.

     

     

     

    Some people object to the voice notification of updates in Avast.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)

     
    They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.
     
    If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
     
     
    If you had let Avast do a boot-time scan while you slept it probably would have fixed the problem itself:
     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:

    • 0

    #10
    nept

    nept

      Member

    • Topic Starter
    • Member
    • PipPip
    • 62 posts
    Ok I dumped java for now. I'll see if my gf complains. I think I ran two boot time scans with avast (99% sure).
     
     In your last post you're starting a sentence (" Then change...") but don't finish it. Do I have to do anything else than run an avast boot time scan with heuristic sensitivity set to high?

    Edited by nept, 11 May 2014 - 09:41 PM.

    • 0

    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    Did you mean:

     

    Then change When a threat is found ... to:  Move to Chest. 

     

    I suppose it could use some more punctuation:

     

    Then change: "When a threat is found ..." to:  "Move to Chest.

     

    If you don't do that and it finds something then it will stop and ask you what you want it to do which defeats the purpose of letting it run while you sleep.

     

    Chrome you could have fixed by going into the settings (3 horizontal bars at top right) and then  Settings then Manage Search Engine then find Sweetpage and click on its x on the far right.  Once we killed off the "Browser Protection" that should work normally.

     

    Guess we are done so I will give you my goodbye speech now:

     

     

     Unless you see other problems I think we are done and can clean up
     
    Copy the following:
     
     
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
     
    
    Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
     
    That will get the last of the malware off the system.
     
     
     
    You can uninstall or delete any tools we had you download and their logs. 
     
     
     
    OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
     
    To hide hidden files again:
     
    Vista or Win7
     
    # Open the Control Panel menu and click Folder Options.
    # After the new window appears select the View tab.
    # Remove the check in the  checkbox labeled Display the contents of system folders.
    # Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
    # Check the checkbox labeled Hide protected operating system files.
    # Press the Apply button and then the OK button and exit My Computer. 
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
    Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
    (You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
    If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
     Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
     
    You can also try Secunia PSI http://secunia.com/v...l/download_psi/  Same kind of info.  You don't need both.
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while.
     
     
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
    Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)
     
    Ron

    • 0

    #12
    nept

    nept

      Member

    • Topic Starter
    • Member
    • PipPip
    • 62 posts

    Hi Ron

     

    Had avast running all night long and the log looks clean:

     

    05/12/2014 06:05

    Prüfung aller lokalen Laufwerke

    Datei C:\Users\Elyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPE80KQY\getUpdateZip4.1.25[1].zip|>WCUpgradeScript.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
    Anzahl durchsuchter Ordner: 46876
    Anzahl der geprüften Dateien: 776625
    Anzahl infizierter Dateien: 0
     

     

     

    I just worked through your last post. Everything works just fine now. Thanks for showing me cryptoprevent, didn't know it existed and was scared ever since cryptlocker was in the news.

     

     

    Thank you very very very much for your help! I appreciate this a lot.

    All the best wishes

    Nept


    Edited by nept, 12 May 2014 - 09:17 AM.

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    The last thing that Avast shows is a bad archive from a download.  You can delete it or just ignore it:

     

    C:\Users\Elyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPE80KQY\getUpdateZip4.1.25[1].zip

     

    Glad I could help.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP