Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 - Severly restriced use in normal mode


  • This topic is locked This topic is locked
10 replies to this topic

#1 falcon_98

falcon_98

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:57 PM

Posted 13 October 2013 - 03:43 PM

Hi everyone,

After posting a plea for help here, I am unfortunately little further forward yet.

 

I followed the instructions described in step 6 of this guide, but could not generate any log files.  

This is what I did & what happened:

After downloading the DDS file to the desktop - which I had to do in safe mode, because I cannot access the Internet in normal mode any longer - I switched to normal mode, logged on with a user that has admin rights, and double-clicked the file on the desktop.

I confirmed the two pop-ups that appeared and then started the program (with the checkboxes selected as per the instructions). The program started, but after about 15 seconds and when the progress bar reached 75-85%, it stopped. I left it for an hour or so, but since the pop-up claimed that it should not take more than 3 mins to run, I guessed something was wrong. Pretty much everything on the desktop was now frozen (could not start the Task Manager, could not log off), I shut down the laptop by the only means currently possible: holding down the power button. I tried the same steps again (log on with admin user, double-click icon on desktop etc.), but I got the same result.

 

I am writing this post in safe mode. After the latest attempts to run DDS and the subsequent "hard" shutdowns, I feel like it is taking an increasingly long  time for the Screen to appear on which I can choose the various safe modes or normal boot. Perhaps that is very subjective, however. Once in safe mode, everything seems to be as it should be.

Doing almost anything in normal mode seems to be impossible now: I cannot access the Internet, run anti-spyware/anti-malware programs, or the DDS program.

 

Any further support would be much appreciated - I don't have such a good feeling about all this right now.

Thanks.



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:57 PM

Posted 13 October 2013 - 05:05 PM

Hello falcon_98

I am Seedy21 and I will like to help you with your issues.

Please note I am currently in training so I will be back to you after talking to my Mentor on the best way to fix your Issues.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:57 PM

Posted 14 October 2013 - 02:27 AM

Hello falcon_98

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Step 1

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 falcon_98

falcon_98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:57 PM

Posted 14 October 2013 - 03:26 AM

Hi Seedy21,

Below are the contents of the 2 log files:

============================

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Admin (administrator) on TOSHIBA-PC on 14-10-2013 10:17:11
Running from C:\Users\Admin.Toshiba-PC.002\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [cfFncEnabler.exe] - C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [NDSTray.exe] - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [503808 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [TPCHWMsg] - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1045904 2009-03-23] (Toshiba Europe GmbH)
HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\fwupdate.exe [557056 2010-12-31] (BitLeader)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKCU\...\Run: [DataMgr] - C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\DataMgr\datamgr.exe [168264 2012-10-16] (HTTO Group, Ltd.)
HKCU\...\Run: [Protector] - C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\SDIV 2.0\Prot\prot.vbs [289 2012-09-12] ()
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5706480 2013-10-03] (SUPERAntiSpyware)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKCU\...\Run: [9C8EE3D866EC98AF22A7B1B5937CBE5A4E4A475B._service_run] - C:\Program Files\Google\Chrome\Application\chrome.exe [844752 2013-09-26] (Google Inc.)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [LogonHoursAction] 2
HKU\Frau\...\Run: [Facebook Update] - C:\Users\Frau\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-08-26] (Facebook Inc.)
HKU\Frau\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [ 2013-06-27] (Google)
HKU\Frau\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Frau\...\Policies\system: [LogonHoursAction] 2
HKU\Ian\...\Run: [9C8EE3D866EC98AF22A7B1B5937CBE5A4E4A475B._service_run] - C:\Program Files\Google\Chrome\Application\chrome.exe [ 2013-09-26] (Google Inc.)
HKU\Ian\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [ 2013-06-27] (Google)
HKU\Ian\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [ 2013-10-03] (SUPERAntiSpyware)
HKU\Ian\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Ian\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [ 2012-10-17] (Hewlett-Packard Co.)
HKU\Ian\...\Policies\system: [LogonHoursAction] 2
HKU\Ian\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ian - New\...\Policies\system: [LogonHoursAction] 2
HKU\Ian - New\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Manoeuvre\...\Policies\system: [LogonHoursAction] 2
HKU\Manoeuvre\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll [ 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\Frau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5510 series.lnk -> C:\Program Files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.fbdownloader.com/?channel=sfde203fbdgy21
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0E0BtCyDyDyB0CtDtCtDtBtN0D0Tzu0CyDzzyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=699100151&ir=
SearchScopes: HKLM - {8FC4B5BF-C876-4BA9-9C86-251A800CDA32} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0E0BtCyDyDyB0CtDtCtDtBtN0D0Tzu0CyDzzyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=699100151&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=109868&babsrc=SP_ss&mntrId=80f40102000000000000001e65120654
SearchScopes: HKCU - {8FC4B5BF-C876-4BA9-9C86-251A800CDA32} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.39.131.82 155.56.68.196 194.39.131.83

FireFox:
========
FF ProfilePath: C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Mozilla\Firefox\Profiles\a95iai5g.default
FF user.js: detected! => C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Mozilla\Firefox\Profiles\a95iai5g.default\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Mozilla\Firefox\Profiles\a95iai5g.default\searchplugins\FBDownloader.xml
FF SearchPlugin: C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Mozilla\Firefox\Profiles\a95iai5g.default\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Mozilla\Firefox\Profiles\a95iai5g.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: om - C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Mozilla\Firefox\Profiles\a95iai5g.default\Extensions\om@offermosquito.com.xpi
FF Extension: Expat Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
CHR RestoreOnStartup:   "urls_to_restore_on_startup": [
CHR Extension: (YouTube) - C:\Users\ADMINT~1.002\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ADMINT~1.002\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (OfferMosquito) - C:\Users\ADMINT~1.002\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ADMINT~1.002\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ADMINT~1.002\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Ian\AppData\Local\mysearchdial_speedial_v9.0.2.crx

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
S4 CLKMSVC10_E92D8507; C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-25] (CyberLink)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S2 ExpatShieldService; C:\Program Files\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
S2 ExpatSrv; C:\Program Files\Expat Shield\HssWPR\hsssrv.exe [363336 2012-01-05] (AnchorFree Inc.)
S3 ExpatTrayService; C:\Program Files\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
S2 ExpatWd; C:\Program Files\Expat Shield\bin\hsswd.exe [329544 2012-01-05] ()
S2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [73528 2009-07-28] (AVM Berlin)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-09-06] (Microsoft Corporation)
S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.)
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH)
S2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation)
S2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation)
S2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-08-25] (Avanquest Software)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-09-06] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-01-11] ()
S1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-15] ()
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-07-25] (Trusteer Ltd.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [21520 2011-07-19] (Trusteer Ltd.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222192 2013-07-25] (Trusteer Ltd.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-14 10:16 - 2013-10-14 10:16 - 00000000 ____D C:\FRST
2013-10-14 10:14 - 2013-10-14 10:14 - 01087213 _____ (Farbar) C:\Users\Admin.Toshiba-PC.002\Desktop\FRST.exe
2013-10-13 21:45 - 2013-10-14 10:07 - 00018504 _____ C:\Windows\setupact.log
2013-10-13 21:45 - 2013-10-13 21:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-13 14:48 - 2013-10-13 14:48 - 00145824 _____ C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-13 14:05 - 2013-10-13 16:34 - 00000000 ____D C:\Program Files\TestProg
2013-10-13 13:43 - 2013-10-13 16:34 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Snz
2013-10-13 13:43 - 2013-10-13 16:34 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\SCheck
2013-10-13 13:43 - 2013-10-13 16:34 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Intermediate
2013-10-13 09:38 - 2013-10-13 09:38 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\FBDownloader
2013-10-13 09:38 - 2013-10-13 09:38 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Common
2013-10-12 21:39 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Skype
2013-10-12 21:39 - 2013-10-12 21:39 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Local\Ahead
2013-10-12 20:54 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\Mozilla
2013-10-12 20:35 - 2013-10-12 20:35 - 00347304 _____ (Microsoft Corporation) C:\Users\Ian - New\Downloads\MicrosoftFixit.wu.LB.33305033733139848.1.1.Run.exe
2013-10-12 20:26 - 2013-10-12 20:26 - 00347304 _____ (Microsoft Corporation) C:\Users\Ian - New\Downloads\MicrosoftFixit.wu.FISC.38305033148133393.1.1.Run.exe
2013-10-12 20:16 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\ICAClient
2013-10-12 20:15 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian - New\AppData\Local\Citrix
2013-10-12 20:15 - 2013-10-12 20:24 - 00002170 _____ C:\Users\Ian - New\Desktop\Google Chrome.lnk
2013-10-12 20:03 - 2013-10-12 20:20 - 00000680 __RSH C:\Users\Ian - New\ntuser.pol
2013-10-12 20:03 - 2013-10-12 20:03 - 00001390 _____ C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-12 20:02 - 2013-10-14 10:17 - 00000000 ____D C:\Users\Ian - New
2013-10-12 20:02 - 2013-10-13 22:23 - 00000000 ___RD C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-12 20:02 - 2013-10-13 22:23 - 00000000 ___RD C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-12 20:02 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\Trusteer
2013-10-12 20:02 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2013-10-12 20:02 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian - New\AppData\Local\Trusteer
2013-10-12 20:02 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian - New\AppData\Local\Google
2013-10-12 20:02 - 2013-10-12 20:02 - 00000020 ___SH C:\Users\Ian - New\ntuser.ini
2013-10-12 20:02 - 2010-12-31 18:47 - 00001876 _____ C:\Users\Ian - New\Desktop\LG Burning Tool.lnk
2013-10-12 20:02 - 2010-12-31 11:46 - 00001051 _____ C:\Users\Ian - New\Desktop\Blu-ray Disc Suite.lnk
2013-10-12 19:55 - 2013-10-12 19:55 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Malwarebytes
2013-10-12 19:30 - 2013-10-12 19:30 - 00447792 _____ (Microsoft Corporation) C:\Users\Admin.Toshiba-PC.002\Downloads\FixitCenter_Run.exe
2013-10-12 19:26 - 2013-10-12 19:31 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Google
2013-10-12 14:25 - 2013-10-13 22:19 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\SUPERAntiSpyware.com
2013-10-12 13:35 - 2013-10-12 13:35 - 00000000 _____ C:\Users\Ian\Downloads\EAE8.tmp
2013-10-12 13:21 - 2013-10-12 13:22 - 00517472 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 13:19 - 2013-10-12 13:19 - 00056320 _____ C:\Users\Ian\Downloads\2EB9.tmp
2013-10-09 20:25 - 2013-10-09 20:25 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-28 13:35 - 2013-10-13 22:23 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-24 21:01 - 2013-10-13 22:23 - 00000000 ___SD C:\Users\Ian\Documents\My Data Sources
2013-09-15 13:59 - 2013-10-13 22:22 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-14 10:17 - 2013-10-12 20:02 - 00000000 ____D C:\Users\Ian - New
2013-10-14 10:16 - 2013-10-14 10:16 - 00000000 ____D C:\FRST
2013-10-14 10:14 - 2013-10-14 10:14 - 01087213 _____ (Farbar) C:\Users\Admin.Toshiba-PC.002\Desktop\FRST.exe
2013-10-14 10:07 - 2013-10-13 21:45 - 00018504 _____ C:\Windows\setupact.log
2013-10-14 10:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 22:23 - 2013-10-12 21:39 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Skype
2013-10-13 22:23 - 2013-10-12 20:54 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\Mozilla
2013-10-13 22:23 - 2013-10-12 20:16 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\ICAClient
2013-10-13 22:23 - 2013-10-12 20:15 - 00000000 ____D C:\Users\Ian - New\AppData\Local\Citrix
2013-10-13 22:23 - 2013-10-12 20:02 - 00000000 ___RD C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-13 22:23 - 2013-10-12 20:02 - 00000000 ___RD C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-13 22:23 - 2013-10-12 20:02 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\Trusteer
2013-10-13 22:23 - 2013-10-12 20:02 - 00000000 ____D C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2013-10-13 22:23 - 2013-10-12 20:02 - 00000000 ____D C:\Users\Ian - New\AppData\Local\Trusteer
2013-10-13 22:23 - 2013-10-12 20:02 - 00000000 ____D C:\Users\Ian - New\AppData\Local\Google
2013-10-13 22:23 - 2013-09-28 13:35 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-10-13 22:23 - 2013-09-24 21:01 - 00000000 ___SD C:\Users\Ian\Documents\My Data Sources
2013-10-13 22:23 - 2013-09-03 07:28 - 00000000 ___RD C:\Users\Manoeuvre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-13 22:23 - 2013-09-03 07:28 - 00000000 ___RD C:\Users\Manoeuvre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-13 22:23 - 2013-09-03 07:28 - 00000000 ____D C:\Users\Manoeuvre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2013-10-13 22:23 - 2013-09-03 07:28 - 00000000 ____D C:\Users\Manoeuvre
2013-10-13 22:23 - 2013-06-26 09:23 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Mp3tag
2013-10-13 22:23 - 2013-05-26 12:26 - 00000000 ___RD C:\Users\Frau\Google Drive
2013-10-13 22:23 - 2013-01-20 19:54 - 00000000 ____D C:\Users\Frau
2013-10-13 22:23 - 2012-11-02 21:56 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\DataMgr
2013-10-13 22:23 - 2010-01-12 20:25 - 00000000 ____D C:\Users\Ian\AppData\Roaming\ICAClient
2013-10-13 22:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-13 22:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-10-13 22:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-13 22:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-13 22:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-13 22:22 - 2013-09-15 13:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-13 22:22 - 2013-06-25 21:42 - 00000000 ____D C:\Program Files\QuickTime
2013-10-13 22:22 - 2013-05-30 12:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-13 22:22 - 2013-04-02 21:08 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-13 22:22 - 2013-01-21 22:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-13 22:22 - 2013-01-20 22:18 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 7.7
2013-10-13 22:22 - 2013-01-04 19:41 - 00000000 ____D C:\Program Files\Apple Software Update
2013-10-13 22:22 - 2013-01-02 16:45 - 00000000 ____D C:\Program Files\Handbrake
2013-10-13 22:22 - 2012-06-10 20:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-13 22:22 - 2010-12-31 11:45 - 00000000 ____D C:\Program Files\lg_fwupdate
2013-10-13 22:22 - 2010-11-24 22:01 - 00000000 ____D C:\Program Files\Song List Generator
2013-10-13 22:22 - 2010-10-16 08:52 - 00000000 ____D C:\Program Files\Recuva
2013-10-13 22:22 - 2010-08-01 19:56 - 00000000 ____D C:\Program Files\Speccy
2013-10-13 22:22 - 2010-01-08 20:37 - 00000000 ____D C:\Program Files\Garmin
2013-10-13 22:22 - 2010-01-07 20:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-13 22:22 - 2010-01-06 22:54 - 00000000 ____D C:\Program Files\CCleaner
2013-10-13 22:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-10-13 22:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-13 22:19 - 2013-10-12 14:25 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\SUPERAntiSpyware.com
2013-10-13 22:19 - 2013-09-05 21:56 - 00000000 ____D C:\Users\Ian\AppData\Local\MariusSoft_LLC
2013-10-13 22:19 - 2013-09-03 07:28 - 00000000 ____D C:\Users\Manoeuvre\AppData\Roaming\Trusteer
2013-10-13 22:19 - 2013-09-03 07:28 - 00000000 ____D C:\Users\Manoeuvre\AppData\Local\Trusteer
2013-10-13 22:19 - 2013-08-16 21:55 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools
2013-10-13 22:19 - 2013-08-09 23:40 - 00000000 ____D C:\Users\Ian\AppData\Roaming\mysearchdial
2013-10-13 22:19 - 2013-01-20 13:07 - 00000000 ____D C:\Users\Ian\AppData\Roaming\SUPERAntiSpyware.com
2013-10-13 22:19 - 2012-04-15 10:18 - 00000000 ___RD C:\Users\Frau\Dropbox
2013-10-13 22:19 - 2012-02-04 19:39 - 00000000 ____D C:\Users\Ian\AppData\Local\HP
2013-10-13 22:19 - 2011-12-24 23:06 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Local\Google
2013-10-13 22:19 - 2011-01-04 19:22 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Skype
2013-10-13 22:19 - 2010-09-11 17:00 - 00000000 ____D C:\Users\Ian\Documents\Medical_Stuff
2013-10-13 22:19 - 2010-01-12 20:26 - 00000000 ____D C:\Users\Ian\AppData\Local\Mozilla
2013-10-13 22:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-10-13 22:18 - 2010-01-12 20:06 - 00000000 ____D C:\Users\Ian\Registry_Back_Up
2013-10-13 22:17 - 2013-01-20 21:10 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 22:17 - 2013-01-20 19:54 - 00000000 ____D C:\Users\Ian
2013-10-13 22:17 - 2011-05-02 20:41 - 00000000 ____D C:\Program Files\Samsung
2013-10-13 22:17 - 2009-06-09 11:27 - 00000000 ____D C:\ProgramData\Google
2013-10-13 22:15 - 2013-09-05 21:44 - 00000000 ____D C:\Program Files\MariusSoft
2013-10-13 22:15 - 2013-08-07 20:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-13 22:15 - 2013-02-23 12:49 - 00000000 ____D C:\Program Files\dm
2013-10-13 22:15 - 2012-09-09 20:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-13 22:15 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-13 22:15 - 2009-06-09 11:27 - 00000000 ____D C:\Program Files\Google
2013-10-13 22:15 - 2009-06-09 10:47 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-13 22:14 - 2010-01-07 18:43 - 00000000 ____D C:\GSWIN
2013-10-13 22:12 - 2013-01-20 19:54 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002
2013-10-13 22:00 - 2010-01-09 18:44 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 21:51 - 2013-01-20 20:58 - 01766002 _____ C:\Windows\WindowsUpdate.log
2013-10-13 21:49 - 2013-01-24 23:11 - 00001968 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-13 21:49 - 2013-01-20 19:53 - 00009504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 21:49 - 2013-01-20 19:53 - 00009504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 21:49 - 2012-01-06 10:05 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Dropbox
2013-10-13 21:49 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-13 21:48 - 2013-05-19 18:51 - 00000000 ___RD C:\Users\Ian\Google Drive
2013-10-13 21:48 - 2012-01-06 10:09 - 00000000 ___RD C:\Users\Ian\Dropbox
2013-10-13 21:48 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-10-13 21:45 - 2013-10-13 21:45 - 00000000 _____ C:\Windows\setuperr.log
2013-10-13 16:34 - 2013-10-13 14:05 - 00000000 ____D C:\Program Files\TestProg
2013-10-13 16:34 - 2013-10-13 13:43 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Snz
2013-10-13 16:34 - 2013-10-13 13:43 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\SCheck
2013-10-13 16:34 - 2013-10-13 13:43 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Intermediate
2013-10-13 14:48 - 2013-10-13 14:48 - 00145824 _____ C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-13 14:31 - 2012-07-22 13:38 - 00000000 ____D C:\Users\Ian\AppData\Local\Thunderbird
2013-10-13 09:40 - 2010-01-12 20:34 - 00000000 ____D C:\Windows\pss
2013-10-13 09:38 - 2013-10-13 09:38 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\FBDownloader
2013-10-13 09:38 - 2013-10-13 09:38 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Common
2013-10-13 09:27 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-10-13 00:36 - 2013-04-27 12:12 - 00000000 ____D C:\Users\Ian\Documents\Einbürgerung
2013-10-13 00:33 - 2009-07-14 10:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-12 22:37 - 2010-01-09 18:44 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 22:25 - 2013-06-25 21:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-12 21:44 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-12 21:39 - 2013-10-12 21:39 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Local\Ahead
2013-10-12 20:35 - 2013-10-12 20:35 - 00347304 _____ (Microsoft Corporation) C:\Users\Ian - New\Downloads\MicrosoftFixit.wu.LB.33305033733139848.1.1.Run.exe
2013-10-12 20:26 - 2013-10-12 20:26 - 00347304 _____ (Microsoft Corporation) C:\Users\Ian - New\Downloads\MicrosoftFixit.wu.FISC.38305033148133393.1.1.Run.exe
2013-10-12 20:24 - 2013-10-12 20:15 - 00002170 _____ C:\Users\Ian - New\Desktop\Google Chrome.lnk
2013-10-12 20:20 - 2013-10-12 20:03 - 00000680 __RSH C:\Users\Ian - New\ntuser.pol
2013-10-12 20:03 - 2013-10-12 20:03 - 00001390 _____ C:\Users\Ian - New\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-12 20:02 - 2013-10-12 20:02 - 00000020 ___SH C:\Users\Ian - New\ntuser.ini
2013-10-12 19:55 - 2013-10-12 19:55 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Malwarebytes
2013-10-12 19:31 - 2013-10-12 19:26 - 00000000 ____D C:\Users\Admin.Toshiba-PC.002\AppData\Roaming\Google
2013-10-12 19:30 - 2013-10-12 19:30 - 00447792 _____ (Microsoft Corporation) C:\Users\Admin.Toshiba-PC.002\Downloads\FixitCenter_Run.exe
2013-10-12 18:56 - 2012-04-15 10:15 - 00000000 ____D C:\Users\Frau\AppData\Roaming\Dropbox
2013-10-12 13:35 - 2013-10-12 13:35 - 00000000 _____ C:\Users\Ian\Downloads\EAE8.tmp
2013-10-12 13:22 - 2013-10-12 13:21 - 00517472 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-12 13:19 - 2013-10-12 13:19 - 00056320 _____ C:\Users\Ian\Downloads\2EB9.tmp
2013-10-09 20:25 - 2013-10-09 20:25 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-10-09 19:58 - 2013-02-16 20:44 - 00188416 ___SH C:\Users\Ian\Documents\Thumbs.db
2013-10-06 18:29 - 2013-01-05 10:35 - 00046592 _____ C:\Users\Frau\Documents\Doctors.xls
2013-10-05 13:17 - 2010-01-12 19:55 - 00000000 ____D C:\Users\Ian\AppData\Local\Microsoft Help
2013-09-25 19:56 - 2010-01-12 19:58 - 00000000 ____D C:\Users\Ian\Documents\Admin
2013-09-21 11:13 - 2010-01-12 19:58 - 00000629 _____ C:\Users\Ian\Documents\Verknüpfung mit Kopie von LANDKARTE.lnk
2013-09-21 09:25 - 2012-04-04 06:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-21 09:25 - 2011-05-16 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 21:53 - 2013-08-07 20:38 - 00000000 ____D C:\Users\Ian\Documents\Outlook Files
2013-09-18 20:44 - 2006-11-02 12:23 - 00450793 ____R C:\Windows\system32\Drivers\etc\hosts.20130928-134625.backup
2013-09-18 18:52 - 2010-08-26 21:05 - 00000000 ____D C:\Users\Ian\Documents\DVD Architect Studio 5.0 Projects
2013-09-18 18:40 - 2010-08-24 22:22 - 00000000 ____D C:\Users\Ian\Documents\Vegas Movie Studio HD Platinum 10.0 Projects
2013-09-16 21:03 - 2010-01-12 20:06 - 00000000 ____D C:\Users\Ian\Documents\Temperatures
2013-09-15 22:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources
2013-09-15 11:14 - 2010-01-07 18:16 - 00000000 ____D C:\Users\Frau\Documents\Ruby_Wedding_Invitations
2013-09-14 14:37 - 2013-01-20 19:49 - 00000000 ____D C:\Windows\Panther

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2292202386-3648098501-1748835466-1003\$0c0c2fa319bf1e9d81e83660542616dd

Some content of TEMP:
====================
C:\Users\Ian - New\AppData\Local\Temp\kts0mil0.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-13 09:42

==================== End Of Log ============================

 

 

============================

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Admin at 2013-10-14 10:19:58
Running from C:\Users\Admin.Toshiba-PC.002\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
ALPS Touch Pad Driver (Version: 7.2.302.105)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Assistant 5.05.010 (Version: 5.5.10.0)
avast! Free Antivirus (Version: 8.0.1497.0)
AVM FRITZ!DSL (Version: 2.04.03)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832)
Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832)
Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832)
Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832)
Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832)
Catalyst Control Center Localization All (Version: 2009.0421.2132.36832)
CCC Help Chinese Standard (Version: 2009.0421.2131.36832)
CCC Help Chinese Traditional (Version: 2009.0421.2131.36832)
CCC Help Czech (Version: 2009.0421.2131.36832)
CCC Help Danish (Version: 2009.0421.2131.36832)
CCC Help Dutch (Version: 2009.0421.2131.36832)
CCC Help Finnish (Version: 2009.0421.2131.36832)
CCC Help French (Version: 2009.0421.2131.36832)
CCC Help German (Version: 2009.0421.2131.36832)
CCC Help Greek (Version: 2009.0421.2131.36832)
CCC Help Hungarian (Version: 2009.0421.2131.36832)
CCC Help Italian (Version: 2009.0421.2131.36832)
CCC Help Japanese (Version: 2009.0421.2131.36832)
CCC Help Korean (Version: 2009.0421.2131.36832)
CCC Help Norwegian (Version: 2009.0421.2131.36832)
CCC Help Polish (Version: 2009.0421.2131.36832)
CCC Help Portuguese (Version: 2009.0421.2131.36832)
CCC Help Russian (Version: 2009.0421.2131.36832)
CCC Help Spanish (Version: 2009.0421.2131.36832)
CCC Help Swedish (Version: 2009.0421.2131.36832)
CCC Help Thai (Version: 2009.0421.2131.36832)
CCC Help Turkish (Version: 2009.0421.2131.36832)
ccc-core-static (Version: 2009.0421.2132.36832)
ccc-utility (Version: 2009.0421.2132.36832)
CCleaner (Version: 4.05)
Citrix Authentication Manager (Version: 4.0.0.53726)
Citrix Receiver (DV) (Version: 13.4.0.25)
Citrix Receiver (HDX Flash-Umleitung) (Version: 13.4.0.25)
Citrix Receiver (USB) (Version: 13.4.0.25)
Citrix Receiver (Version: 13.4.0.25)
Citrix Receiver Inside (Version: 3.4.0.29585)
Citrix Receiver Updater (Version: 3.4.0.29577)
Citrix Receiver(Aero) (Version: 13.4.0.25)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink LG Burning Tool (Version: 6.2.4009)
CyberLink PowerDVD 9 (Version: 9.0.2925.52)
CyberLink YouCam (Version: 1.0.3530)
D3DX10 (Version: 15.4.2368.0902)
dm-Fotowelt (Version: 5.0.1)
DVD Architect Studio 5.0 (Version: 5.0.128)
Expat Shield 2.25 (Version: 2.25)
Facebook Video Calling 1.0.0.8953 (Version: 1.0.8953)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileZilla Client 3.7.1 (Version: 3.7.1)
Fotogalerie (Version: 16.4.3505.0912)
FRITZ!Box VPN Connection (Version: 1.0.0)
Garmin Communicator Plugin (Version: 4.0.4)
Garmin Training Center (Version: 3.5.3)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
GeoSetter 3.4.16
Google Chrome (Version: 30.0.1599.66)
Google Drive (Version: 1.11.4865.2530)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
HandBrake 0.9.8 (Version: 0.9.8)
HOLUX ezTour for Logger v2.01 (Version: v2.01)
HOLUX GPS USB DEVICE
HP ePrint (Version: 6.0.12230.783)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photosmart 5510 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Photosmart 5510 series Hilfe (Version: 140.0.2.2)
HP Postscript Converter (Version: 3.1.3591)
HP Unified IO (Version: 2.0.0.404)
HP Update (Version: 5.003.003.001)
HPDiagnosticAlert (Version: 1.00.0000)
Intel® Matrix Storage Manager
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 30 (Version: 6.0.300)
JavaFX 2.1.1 (Version: 2.1.1)
LG Tool Kit (Version: 9.01.1124.01)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MariusSoft File Searcher (Version: 1.0.0)
Medion GoPal Assistant 4.03.006 (Version: 4.3.6.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4535.1511)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MiniTool Partition Wizard Home Edition 7.7
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 23.0.1 (x86 en-GB) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.7 (x86 en-GB) (Version: 17.0.7)
Mp3tag v2.56 (Version: v2.56)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
navigating.de POI-Warner 3 GoPal 5 Edition (Version: 2.5)
Nero 7 Premium (Version: 7.03.1151)
neroxml (Version: 1.0.0)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4535.1004)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1004)
Office 15 Click-to-Run Localization Component (Version: 15.0.4535.1004)
Online Plug-in (Version: 13.4.0.25)
OutlookAddInNet3Setup (Version: 1.0.0)
Paint.NET v3.5.5 (Version: 3.55.0)
PDFCreator (Version: 1.5.1)
Photo Common (Version: 16.4.3505.0912)
Photo Gallery (Version: 16.4.3505.0912)
PlayReady PC runtime (Version: 1)
Primo (Version: 1.00.0000)
QuickTime (Version: 7.74.80.86)
Rapport (Version: 3.5.1302.54)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0004)
Realtek High Definition Audio Driver (Version: 6.0.1.5821)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20132)
Recuva (Version: 1.38)
Runtime (Version: 1.00.0000)
Sage GS-Verein
Samsung AllShare (Version: 2.1.0.12031_10)
Samsung Kies (Version: 2.1.1.11124_17)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
Screenshot Captor 2.93.01
Segoe UI (Version: 15.4.2271.0615)
Self-Service Plug-in (Version: 3.4.0.33684)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (Version: 5.40.29)
Skins (Version: 2009.0421.2132.36832)
Skype™ 6.6 (Version: 6.6.106)
SmartTools Office DDE-Fix (Version: v1.20)
Snap N' Go 2.41.3 (Version: 2.41.3)
Song List Generator (Version: 4.0.8)
Sony Picture Utility (Version: 4.2.14.06030)
Sony Vocal Eraser (Version: 1.00)
Sound Forge Audio Studio 10.0 (Version: 10.0.152)
Speccy (Version: 1.18)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.6.1020)
TOSHIBA Assist (Version: 2.01.10)
TOSHIBA Benutzerhandbücher (Version: 7.40)
TOSHIBA ConfigFree (Version: 7.4.9)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 3.00.1.04-A)
TOSHIBA eco Utility (Version: 1.0.3.0)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.6C)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1)
Toshiba Online Product Information (Version: 2.06.0000)
TOSHIBA PC Health Monitor (Version: 1.3.2.0)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017)
TOSHIBA SD Memory Utilities (Version: 1.8.1.6)
TOSHIBA Service Station (Version: 2.0.26)
TOSHIBA Supervisor Password (Version: 1.63.0.3C)
TOSHIBA Supervisorkennwort (Version: 1.63.0.3C)
Toshiba TEMPRO (Version: 2.0)
TOSHIBA Value Added Package (Version: 1.2.8)
TOSHIBA Web Camera Application (Version: 1.0.1.8)
TRORDCLauncher (Version: 1.0.0.6)
Trusteer Endpunkt-Sicherheit (Version: 3.5.1302.54)
TuneUp Utilities 2013 (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Utility Common Driver (Version: 1.0.50.26C)
Vegas Movie Studio HD Platinum 10.0 (Version: 10.0.179)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.0.7 (Version: 2.0.7)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (Version: 12/06/2010 4.0.0000.00000)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)
WinMerge 2.12.4 (Version: 2.12.4)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

==================== Restore Points  =========================

07-09-2013 00:32:55 Windows Update
13-09-2013 16:43:08 Windows Update
18-09-2013 16:01:02 Windows Update
22-09-2013 11:20:23 Windows Update
28-09-2013 08:31:39 Windows Update
03-10-2013 10:05:45 Windows Update
12-10-2013 19:54:45 Removed MariusSoft File Searcher
12-10-2013 20:48:41 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2006-11-02 12:23 - 2013-09-28 13:46 - 00450793 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {01E87FB1-F6E0-4ED3-95B9-B4D0535E8DFD} - System32\Tasks\HP Photosmart 5510 series.exe_{DAEC574E-8574-4EA4-8165-87C6FF0002A2} => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HP Photosmart 5510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {13CE17E2-4C47-43C9-A93E-BC0790788CBD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2292202386-3648098501-1748835466-1002Core => C:\Users\Frau\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26] (Facebook Inc.)
Task: {1929480C-0007-4E92-9B02-4A4CCD5B3847} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Toshiba => C:\Program Files\Windows Calendar\WinCal.exe
Task: {1C278DB1-EDD7-4927-A175-136983BC46B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-09] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20042D42-8D51-4AA5-853E-426E4E23B010} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2292202386-3648098501-1748835466-1002UA => C:\Users\Frau\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26] (Facebook Inc.)
Task: {2C913D61-E71C-4E3D-A880-C9315E04C1E2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {3100CE75-FCDA-4E97-92D1-A875D113DA1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-10-12] (Microsoft Corporation)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {56627C33-263B-4313-A6CB-562830E758CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {5E991A81-FAD5-4F42-AFA1-08A0DD2BBEDE} - System32\Tasks\ScanToPCActivationApp.exe_{9AB193AA-F866-4C05-A35D-E2A4FEDAED4E} => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {645ECA84-FE5F-401E-8784-A21CA994142A} - System32\Tasks\{7C3EC769-D5F2-4483-A471-F4B8005B2700} => Firefox.exe http://www.skype.com/go/downloading?source=installer&amp;ver=5.10.0.116&amp;LastError=-9
Task: {7420096B-B6D7-410C-9899-DDB2E81ED5FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {75C73D30-AD9C-4836-B51F-B7060256B752} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {79B23FE6-3DD4-4D3B-9A72-12930DAA7B6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-10-12] (Microsoft Corporation)
Task: {89A2EFF3-4CCE-48BA-91B7-26DB7DEE7A83} - System32\Tasks\HP Photosmart 5510 series.exe_{754180E3-4994-4637-BA44-4D899E496A29} => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HP Photosmart 5510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8E5C54C6-4909-434C-83C1-AC35FA53333E} - System32\Tasks\ScanToPCActivationApp.exe_{1D3096D5-DC98-49C0-8F75-A8E7EBC19691} => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B0AE8806-88CB-4D57-A2FB-1F47935A4C59} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {B586021B-87BD-4493-A11E-2017F28E7B7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-09] (Google Inc.)
Task: {B66E3115-41BD-448A-AD3C-D20CE4F195DD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {B7306FFD-8FAE-4950-B7C4-737854C740DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21] (Adobe Systems Incorporated)
Task: {BDB0FC3A-F197-4C0A-89C8-416CB52C9237} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {CC4B293D-ABC6-43F1-AE7E-6C3FE0B99684} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EC3BD198-A4BC-4116-B136-83BF3EE47233} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F1126127-2268-4E25-BE20-A78CCCF92152} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F3D4CDA4-390C-4879-A380-5F2287984B73} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ian => C:\Program Files\Windows Calendar\WinCal.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2292202386-3648098501-1748835466-1002Core.job => C:\Users\Frau\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2292202386-3648098501-1748835466-1002UA.job => C:\Users\Frau\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-13 18:54 - 2013-09-13 18:54 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-06-18 22:08 - 2013-06-18 22:08 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: avast! Network Shield Support
Description: avast! Network Shield Support
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswTdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2013 10:12:27 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

Error: (10/14/2013 10:12:19 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.

System errors:
=============
Error: (10/14/2013 10:18:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:18:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:18:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:18:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:18:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:18:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:16:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:16:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:16:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (10/14/2013 10:13:44 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Microsoft Office Sessions:
=========================
Error: (10/14/2013 10:12:27 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:26 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:26 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:26 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:20 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

Error: (10/14/2013 10:12:19 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabDie Daten sind unzulässig.

CodeIntegrity Errors:
===================================
  Date: 2013-01-20 16:57:13.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:13.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:13.236
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:12.896
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:12.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:12.176
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:11.826
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:11.476
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:11.136
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-20 16:57:10.786
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 3036.88 MB
Available physical RAM: 2223.75 MB
Total Pagefile: 6072.04 MB
Available Pagefile: 5308.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.11 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.52 GB) (Free:31.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.62 GB) (Free:155.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 373 GB) (Disk ID: 961E5B7F)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=187 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:57 PM

Posted 14 October 2013 - 04:22 PM

Hi Falcon_98

Warning Rootkit Detected


One or more of the identified infections is a Zero Access Infection.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I suggest a reformat of the system, but the decision is entirely up to you. Please let me know how you wish to continue in your next post.

Please boot up in Safe mode with Networking and complete Step 1


Step 1


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2

Please try and log into your computer in Normal mode and test the connection to the internet and performance speed.

Attached Files


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 falcon_98

falcon_98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:57 PM

Posted 15 October 2013 - 01:32 AM

Hi Seedy21,

Thanks very much for your analysis. I feared it would be something that could not be fixed easily :-(

 

Given that the only safe option sounds to be formatting the system, that is what I will do. Before I tackle that, I have two questions:

 

1) After the problems started, I copied the entire contents of the user folders (i.e. 'my documents') of the two main users on the laptop to an external HDD. Will it be okay to transfer back these files after I have a clean system again? I thought that virus-induced problems would be restricted to the OS and other Windows files, but I would like to double check this point.

 

2) How exactly do I go about (re-)formatting the system? When I bought the laptop, it came with Windows Vista installed and a recovery disc. After getting it home back then, the PC store recommended I create a recovery image and burn it to a DVD. I did that, and so have such a DVD...somewhere. When I later upgraded to Windows 7 with an upgrade DVD, I don't recall creating any kind of recovery image. Does this mean that I should first go back to Vista and then upgrade again or can I start with the Windows 7 upgrade DVD? Or do I even have to do something else before that? I would be grateful for any advice you could provide.

 

Thanks again.



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:57 PM

Posted 15 October 2013 - 02:35 PM

Hi Falcon_98
 

1) After the problems started, I copied the entire contents of the user folders (i.e. 'my documents') of the two main users on the laptop to an external HDD. Will it be okay to transfer back these files after I have a clean system again? I thought that virus-induced problems would be restricted to the OS and other Windows files, but I would like to double check this point.


Yes some types of Malware will copy themselves onto external devices like USB Flash Drives and External Hard Drive. Once you have re-formatted your Machine, run all of your updates, install an Anti Virus Scanner and Malwarebytes and scan with both of them on your External Drive. Then you can remove the threats if any was copied across.

Please can you tell me what folders you are backing up? I will need the File Path too.
One of the threats that I can see in your Logs are in this folder:-

C:\Users\Ian - New\AppData

So if you back up:-

C:\Users\Ian - New\

you would be backing up this threat and moving it onto your clean OS.


 

2) How exactly do I go about (re-)formatting the system? When I bought the laptop, it came with Windows Vista installed and a recovery disc. After getting it home back then, the PC store recommended I create a recovery image and burn it to a DVD. I did that, and so have such a DVD...somewhere. When I later upgraded to Windows 7 with an upgrade DVD, I don't recall creating any kind of recovery image. Does this mean that I should first go back to Vista and then upgrade again or can I start with the Windows 7 upgrade DVD? Or do I even have to do something else before that? I would be grateful for any advice you could provide.


As far as am aware you will need to run the VISTA CD and then use the Windows 7 DVD to upgrade it to Windows 7.

Here is an Article on how to re-install Windows VISTA. http://howtoformatacomputer.com/format-windows-vista

If you have any more problems with re-formating your machine I would recommend openning a new topic at http://www.bleepingcomputer.com/forums/f/72/windows-vista/

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 falcon_98

falcon_98
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:57 PM

Posted 15 October 2013 - 03:21 PM

Hi Seedy21,
1. The folders I backed up are not in the Ian - New user. I created that one only in the hope of rescuing things.
The folders I backed up are as follows:
C:\Users\Ian\
Application Data
AVM_Driver
Citrix
Desktop
Downloads
Dropbox
Eigene Bilder
Eigene Dokumente
Eigene Musik
Favoriten
Registry_Back_Up

C:\Users\Frau\
Application Data
Back-Ups
Desktop
Downloads
Dropbox
Eigene Dokumente
Favoriten
Kontakte

And this one:
C:\GSWIN\

2. Thanks for the links. I'll get on to that tomorrow.

#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:57 PM

Posted 15 October 2013 - 04:06 PM

Hi Falcon_98

It is possible that the threat could be on the other accounts.

After you have completed the copying process. Please verify that this file is not in the Application Data folder for BOTH USERS

\Local\Temp\kts0mil0.dll

If it is in your back up, delete the file before you re-format your machine.

Good luck with formatting your machine.

You know where we are if you have any more issues :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:57 AM

Posted 01 March 2014 - 02:01 PM


As the OP no longer needs assistance, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:57 AM

Posted 01 March 2014 - 02:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users