Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocked internet connection + black screen after Windows login


  • This topic is locked This topic is locked
51 replies to this topic

#1 mrwright

mrwright

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 13 March 2014 - 10:14 AM

Hi,

 

First of all thank you for helping me.

 

My issues are the following:
1. As far as I could observe it, something is blocking my internet connection from 1 AM on until the morning (don't know exactly when). It is definetly a problem of the laptop and not the network.

2. After logging into Windows I just see a black screen and the mouse coursor for 10-30 secs and then the actual desktop appears.

 

Please tell me if you also need the attach.txt as I read that I should only attach it when asked for it.

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Kai at 15:01:00 on 2014-03-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.7934.5595 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Kai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
D:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
D:\Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\PROGRA~2\Nitro\READER~1\NITROP~2.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Spotify Web Helper] "C:\Users\Kai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [PDFPrint] d:\Program Files (x86)\PDF24\pdf24.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Kai\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AutoDect.lnk - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - D:\Office\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - D:\Office\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{B3ADAC35-754D-46C3-B4A5-EE81006DCBD2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB32D37A-DFAB-4A20-9C7E-9E00985CEB24} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{DB32D37A-DFAB-4A20-9C7E-9E00985CEB24}\07869627F65737 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{DB32D37A-DFAB-4A20-9C7E-9E00985CEB24}\35B4959373242433 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DB32D37A-DFAB-4A20-9C7E-9E00985CEB24}\35F6E6E656E63797374756D6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DB32D37A-DFAB-4A20-9C7E-9E00985CEB24}\86F627279687 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{DB32D37A-DFAB-4A20-9C7E-9E00985CEB24}\E45445745414252323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DB32D37A-DFAB-4A20-9C7E-9E00985CEB24}\E45445745414252333 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli ACGina
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office\Office14\URLREDIR.DLL
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BCSSync] "D:\Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default\
FF - prefs.js: network.proxy.http - 81.88.24.221
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-2-23 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-2-23 207904]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2012-7-16 37456]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-2-23 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-2-23 421704]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-9-10 15472]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-10 203264]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-2-23 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-23 50344]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-26 2224976]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-12-7 44024]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-9-10 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-12-7 62456]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-9-10 93032]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-26 377616]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-9-10 148840]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-2 4915040]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-9-10 144232]
R2 TPHKSVC;Anzeige am Bildschirm;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-9-10 64952]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-9-9 475088]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-9-10 161664]
R3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-8-3 106408]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-23 80184]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-16 283200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-2-23 947816]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-10 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-9-10 54824]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-10 35104]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-2 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-2 9096]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\Windows\System32\drivers\HSPADataCardusbmdm.sys [2013-1-15 123648]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\Windows\System32\drivers\HSPADataCardusbnmea.sys [2013-1-15 123648]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\Windows\System32\drivers\HSPADataCardusbser.sys [2013-1-15 123648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2013-1-15 11776]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-9-10 83304]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-7-16 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-7-16 13280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-28 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-10 246376]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-29 1255736]
S4 AntiVirWebService;Avira Browser-Schutz;"C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [?]
.
=============== Created Last 30 ================
.
2014-03-11 12:28:30    10536864    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E95EAD2-B966-4851-B33E-9F27BD94B13C}\mpengine.dll
2014-02-28 23:36:02    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2014-02-26 15:37:06    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2014-02-26 12:54:28    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-02-26 12:54:27    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-02-25 15:04:49    --------    d-----w-    C:\Windows\ERUNT
2014-02-25 14:56:36    --------    d-----w-    C:\AdwCleaner
2014-02-23 16:20:16    --------    d-----w-    C:\Users\Kai\AppData\Roaming\Nitro
2014-02-23 16:20:16    --------    d-----w-    C:\Users\Kai\AppData\Roaming\FileOpen
2014-02-23 16:20:16    --------    d-----w-    C:\ProgramData\FileOpen
2014-02-23 16:19:18    29712    ----a-w-    C:\Windows\System32\nitrolocalmon2.dll
2014-02-23 16:19:18    17936    ----a-w-    C:\Windows\System32\nitrolocalui2.dll
2014-02-23 16:19:05    --------    d-----w-    C:\Program Files\Common Files\Nitro
2014-02-23 16:19:04    --------    d-----w-    C:\ProgramData\Nitro
2014-02-23 16:19:04    --------    d-----w-    C:\Program Files (x86)\Nitro
2014-02-23 16:19:04    --------    d-----w-    C:\Program Files (x86)\Common Files\Nitro
2014-02-23 16:13:55    --------    d-----w-    C:\ProgramData\Oracle
2014-02-23 16:13:33    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-23 15:51:18    --------    d-----w-    C:\Users\Kai\AppData\Roaming\AVAST Software
2014-02-23 15:50:36    80184    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-02-23 15:50:36    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-02-23 15:50:36    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-02-23 15:50:35    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-02-23 15:50:35    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-23 15:50:35    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-02-23 15:50:26    43152    ----a-w-    C:\Windows\avastSS.scr
2014-02-23 15:50:01    --------    d-----w-    C:\Program Files\AVAST Software
2014-02-23 15:49:07    --------    d-----w-    C:\ProgramData\AVAST Software
2014-02-14 12:01:06    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-14 12:01:06    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-13 21:42:16    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-13 21:42:16    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-13 21:42:16    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-13 21:42:16    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M  ====================
.
2014-03-12 14:26:48    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 14:26:48    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-18 06:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:01:31,02 ===============
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 18 March 2014 - 09:44 AM

Greetings mrwright and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. No need to provide the Attach report as we will be running another scan. While I review our situation please run this for me.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MinitoolBox report
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 mrwright

mrwright
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 18 March 2014 - 09:57 AM

Hi Gary,

 

Again many thanks for your help. Much appreciated. You can certainly call me by my first name.

 

FYI: Its weird, I wasn't able to check whether the "1AM connectivity" problem is still a reproducible issue. A few days ago I was working late and the internet connection DID NOT turn off at 1 AM. But I couldn't test it more often as I was never up that late afterwards. The lag in form of a black screen between typing in my password and seeing the actual Desktop still exists.

 

Here are the logs:

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Kai (administrator) on 18-03-2014 at 14:50:38
Running from "C:\Users\Kai\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", "http://pac.lrz.de/"
"network.proxy.http", "81.88.24.221"
"network.proxy.http_port", 3128
"network.proxy.share_proxy_settings", true
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter = Drahtlosnetzwerkverbindung (Connected)
Hamachi Network Interface = Hamachi (Connected)
Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 = LAN-Verbindung 2 (Hardware not present)
Realtek PCIe GBE Family Controller = LAN-Verbindung (Media disconnected)
Bluetooth-Gerät (PAN) = Bluetooth-Netzwerkverbindung (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Drahtlosnetzwerkverbindung 2 (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="LAN-Verbindung-QoS Packet Scheduler-0000" nexthop=25.0.0.1 publish=Ja
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Ja
set interface interface="LAN-Verbindung 2" forwarding=enabled advertise=enabled metric=1 nud=enabled
set interface interface="LAN-Verbindung-QoS Packet Scheduler-0000" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : Pluto
   Prim„res DNS-Suffix . . . . . . . :
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : bbk.ac.uk

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physikalische Adresse . . . . . . : D0-DF-9A-10-21-EC
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

   Verbindungsspezifisches DNS-Suffix: bbk.ac.uk
   Beschreibung. . . . . . . . . . . : 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
   Physikalische Adresse . . . . . . : D0-DF-9A-10-21-EC
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::cd12:4ef:8d93:fd61%14(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 10.62.17.27(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.254.0
   Lease erhalten. . . . . . . . . . : Dienstag, 18. M„rz 2014 13:29:00
   Lease l„uft ab. . . . . . . . . . : Dienstag, 18. M„rz 2014 15:46:25
   Standardgateway . . . . . . . . . : 10.62.17.254
   DHCP-Server . . . . . . . . . . . : 193.61.19.2
   DHCPv6-IAID . . . . . . . . . . . : 382787482
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-15-FC-84-90-E8-9A-8F-5E-B3-17
   DNS-Server  . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Bluetooth-Ger„t (PAN)
   Physikalische Adresse . . . . . . : EC-55-F9-F9-A2-39
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter LAN-Verbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physikalische Adresse . . . . . . : E8-9A-8F-5E-B3-17
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter Hamachi:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Hamachi Network Interface
   Physikalische Adresse . . . . . . : 7A-79-19-B1-8E-C7
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2620:9b::19b1:8ec7(Bevorzugt)
   Verbindungslokale IPv6-Adresse  . : fe80::8c18:7c25:87cf:9525%20(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 25.177.142.199(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.0.0.0
   Lease erhalten. . . . . . . . . . : Dienstag, 18. M„rz 2014 13:26:33
   Lease l„uft ab. . . . . . . . . . : Mittwoch, 18. M„rz 2015 13:30:46
   Standardgateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP-Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6-IAID . . . . . . . . . . . : 377125183
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-15-FC-84-90-E8-9A-8F-5E-B3-17
   DNS-Server  . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Tunneladapter LAN-Verbindung* 13:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fd:a7:18cf:f5c1:eee4(Bevorzugt)
   Verbindungslokale IPv6-Adresse  . : fe80::a7:18cf:f5c1:eee4%24(Bevorzugt)
   Standardgateway . . . . . . . . . :
   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter isatap.{572DBE10-5190-45CE-9859-A32E56C90334}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.bbk.ac.uk:

   Verbindungsspezifisches DNS-Suffix: bbk.ac.uk
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::5efe:10.62.17.27%25(Bevorzugt)
   Standardgateway . . . . . . . . . :
   DNS-Server  . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter isatap.{19C6B202-6E87-4F79-8A86-A92637F50F0C}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #3
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{B3ADAC35-754D-46C3-B4A5-EE81006DCBD2}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #4
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{C1EAFE36-659F-4B81-A224-7B013A893CEA}:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #6
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::200:5efe:25.177.142.199%23(Bevorzugt)
   Standardgateway . . . . . . . . . :
   DNS-Server  . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
Server:  resolver1.opendns.com
Address:  208.67.222.222

Name:    google.com.bbk.ac.uk
Address:  67.215.65.132


Ping wird ausgefhrt fr google.com [173.194.34.97] mit 32 Bytes Daten:
Antwort von 173.194.34.97: Bytes=32 Zeit=28ms TTL=55
Antwort von 173.194.34.97: Bytes=32 Zeit=19ms TTL=55

Ping-Statistik fr 173.194.34.97:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 19ms, Maximum = 28ms, Mittelwert = 23ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  208.67.222.222

Name:    yahoo.com.bbk.ac.uk
Address:  67.215.65.132


Ping wird ausgefhrt fr yahoo.com [206.190.36.45] mit 32 Bytes Daten:
Zeitberschreitung der Anforderung.
Antwort von 206.190.36.45: Bytes=32 Zeit=621ms TTL=49

Ping-Statistik fr 206.190.36.45:
    Pakete: Gesendet = 2, Empfangen = 1, Verloren = 1
    (50% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 621ms, Maximum = 621ms, Mittelwert = 621ms

Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik fr 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
 16...d0 df 9a 10 21 ec ......Microsoft Virtual WiFi Miniport Adapter
 14...d0 df 9a 10 21 ec ......1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
 13...ec 55 f9 f9 a2 39 ......Bluetooth-Ger„t (PAN)
 11...e8 9a 8f 5e b3 17 ......Realtek PCIe GBE Family Controller
 20...7a 79 19 b1 8e c7 ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 22...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
 25...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2
 26...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #3
 27...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #4
 23...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #6
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0         25.0.0.1   25.177.142.199   9256
          0.0.0.0          0.0.0.0     10.62.17.254      10.62.17.27     25
       10.62.16.0    255.255.254.0   Auf Verbindung       10.62.17.27    281
      10.62.17.27  255.255.255.255   Auf Verbindung       10.62.17.27    281
     10.62.17.255  255.255.255.255   Auf Verbindung       10.62.17.27    281
         25.0.0.0        255.0.0.0   Auf Verbindung    25.177.142.199   9256
   25.177.142.199  255.255.255.255   Auf Verbindung    25.177.142.199   9256
   25.255.255.255  255.255.255.255   Auf Verbindung    25.177.142.199   9256
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung    25.177.142.199   9256
        224.0.0.0        240.0.0.0   Auf Verbindung       10.62.17.27    281
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung    25.177.142.199   9256
  255.255.255.255  255.255.255.255   Auf Verbindung       10.62.17.27    281
===========================================================================
St„ndige Routen:
  Netzwerkadresse          Netzmaske  Gatewayadresse  Metrik
          0.0.0.0          0.0.0.0         25.0.0.1  Standard
          0.0.0.0          0.0.0.0         25.0.0.1  Standard
===========================================================================

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
 20   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  Auf Verbindung
 24     58 2001::/32                Auf Verbindung
 24    306 2001:0:5ef5:79fd:a7:18cf:f5c1:eee4/128
                                    Auf Verbindung
 20    276 2620:9b::/96             Auf Verbindung
 20    276 2620:9b::19b1:8ec7/128   Auf Verbindung
 20    276 fe80::/64                Auf Verbindung
 14    281 fe80::/64                Auf Verbindung
 24    306 fe80::/64                Auf Verbindung
 25    286 fe80::5efe:10.62.17.27/128
                                    Auf Verbindung
 24    306 fe80::a7:18cf:f5c1:eee4/128
                                    Auf Verbindung
 23    281 fe80::200:5efe:25.177.142.199/128
                                    Auf Verbindung
 20    276 fe80::8c18:7c25:87cf:9525/128
                                    Auf Verbindung
 14    281 fe80::cd12:4ef:8d93:fd61/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
 24    306 ff00::/8                 Auf Verbindung
 20    276 ff00::/8                 Auf Verbindung
 14    281 ff00::/8                 Auf Verbindung
===========================================================================
St„ndige Routen:
 If Metrik Netzwerkziel             Gateway
  0 4294967295 2620:9b::/96             Auf Verbindung
  0   9000 ::/0                     2620:9b::500:1
  0 4294967295 2620:9b::/96             Auf Verbindung
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/18/2014 02:10:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x1480
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:28:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (03/18/2014 01:29:04 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/18/2014 01:27:45 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (03/18/2014 01:27:15 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (03/18/2014 01:26:38 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{eeab04ec-db54-11e0-b5c6-806e6f6e6963}" können nicht gelesen werden.

Error: (03/17/2014 09:03:09 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (03/17/2014 08:19:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/17/2014 08:18:03 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (03/17/2014 08:16:46 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{eeab04ec-db54-11e0-b5c6-806e6f6e6963}" können nicht gelesen werden.

Error: (03/17/2014 08:16:41 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?17.?03.?2014 um 20:10:38 unerwartet heruntergefahren.

Error: (03/17/2014 06:00:34 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


Microsoft Office Sessions:
=========================
Error: (03/18/2014 02:10:54 PM) (Source: Application Error)(User: )
Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c7148001cf42ae7806597aC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll1e00e114-aea7-11e3-bbb7-ec55f9f9a239

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (03/18/2014 01:28:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900


========================= Devices: ================================

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


**** End of log ****
 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Kai (administrator) on PLUTO on 18-03-2014 14:53:35
Running from C:\Users\Kai\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Spotify Ltd) C:\Users\Kai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) D:\Office\Office14\OUTLOOK.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nitro PDF) C:\Program Files (x86)\Nitro\Reader 3\NitroPDFReader.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2011-04-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-23] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - D:\Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [PDFPrint] - d:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-23] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\S-1-5-21-3943531647-2972737388-2820282708-1000\...\Run: [Spotify Web Helper] - C:\Users\Kai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-21] (Spotify Ltd)
HKU\S-1-5-21-3943531647-2972737388-2820282708-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kai\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE59638AC8DD0CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2013-10-27]
FF Extension: British English Dictionary - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2013-10-27]
FF Extension: Firebug - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default\Extensions\firebug@software.joehewitt.com.xpi [2013-11-10]
FF Extension: FireFTP - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-05]
FF Extension: MyAthens Toolbar - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default\Extensions\{B22E157D-283C-498f-9554-C3A80E841E91}.xpi [2014-02-04]
FF Extension: Adblock Plus - C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\vmrboihy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-23]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-23] (AVAST Software)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
S3 Microsoft SharePoint Workspace Audit Service; D:\Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-23] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-23] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-16] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-03-14] (Paragon Software Group)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [123648 2010-12-03] (D-Link Incorporated)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 14:53 - 2014-03-18 14:54 - 00015953 _____ () C:\Users\Kai\Downloads\FRST.txt
2014-03-18 14:53 - 2014-03-18 14:53 - 00000000 ____D () C:\FRST
2014-03-18 14:50 - 2014-03-18 14:51 - 00025768 _____ () C:\Users\Kai\Desktop\Result.txt
2014-03-18 14:48 - 2014-03-18 14:50 - 02157056 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2014-03-18 14:48 - 2014-03-18 14:48 - 00982016 _____ (Farbar) C:\Users\Kai\Desktop\MiniToolBox.exe
2014-03-18 14:11 - 2014-03-18 14:11 - 00000000 ____D () C:\Users\Kai\AppData\Local\CrashDumps
2014-03-15 20:51 - 2014-03-15 20:51 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-15 20:39 - 2014-03-15 20:39 - 04110135 _____ () C:\Users\Kai\Downloads\tdsskiller.zip
2014-03-15 20:39 - 2014-03-15 20:39 - 00000000 ____D () C:\Users\Kai\Downloads\tdsskiller
2014-03-14 20:38 - 2014-03-14 20:38 - 00331776 _____ () C:\Users\Kai\Downloads\revison innovation systems.ppt
2014-03-13 15:15 - 2014-03-01 06:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 15:15 - 2014-03-01 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 15:15 - 2014-03-01 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 15:15 - 2014-03-01 04:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 15:15 - 2014-03-01 04:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 15:15 - 2014-03-01 04:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 15:15 - 2014-03-01 04:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 15:15 - 2014-03-01 04:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 15:15 - 2014-03-01 04:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 15:15 - 2014-03-01 04:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 15:15 - 2014-03-01 04:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 15:15 - 2014-03-01 04:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 15:15 - 2014-03-01 04:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 15:15 - 2014-03-01 04:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 15:15 - 2014-03-01 04:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 15:15 - 2014-03-01 04:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 15:15 - 2014-03-01 04:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 15:15 - 2014-03-01 03:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 15:15 - 2014-03-01 03:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 15:15 - 2014-03-01 03:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 15:15 - 2014-03-01 03:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 15:15 - 2014-03-01 03:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 15:15 - 2014-03-01 03:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 15:15 - 2014-03-01 03:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 15:15 - 2014-03-01 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 15:15 - 2014-03-01 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 15:15 - 2014-03-01 03:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 15:15 - 2014-03-01 03:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 15:15 - 2014-03-01 03:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 15:15 - 2014-03-01 03:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 15:15 - 2014-03-01 03:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 15:15 - 2014-03-01 03:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 15:15 - 2014-03-01 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 15:15 - 2014-03-01 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 15:15 - 2014-03-01 02:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 15:15 - 2014-03-01 02:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 15:15 - 2014-03-01 02:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 15:15 - 2014-03-01 02:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 15:15 - 2014-03-01 02:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 15:15 - 2014-03-01 02:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 15:02 - 2014-03-13 15:02 - 00007335 _____ () C:\Users\Kai\Desktop\Attach2.txt
2014-03-13 15:02 - 2014-03-13 15:02 - 00007335 _____ () C:\Users\Kai\Desktop\attach.txt
2014-03-13 15:02 - 2014-03-13 15:01 - 00023110 _____ () C:\Users\Kai\Desktop\dds.txt
2014-03-13 14:59 - 2014-03-13 15:00 - 00688992 ____R (Swearware) C:\Users\Kai\Downloads\dds.com
2014-03-13 14:50 - 2014-02-07 01:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 14:50 - 2014-02-04 02:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 14:50 - 2014-02-04 02:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 14:50 - 2014-01-29 02:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 14:50 - 2014-01-29 02:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 14:45 - 2014-02-04 02:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 14:45 - 2014-02-04 02:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 14:45 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 11:56 - 2014-03-13 11:56 - 00001672 _____ () C:\Users\Kai\Desktop\RKreport[0]_S_03132014_115659.txt
2014-03-13 11:55 - 2014-03-13 11:55 - 00000745 _____ () C:\Users\Kai\Desktop\RKreport[0]_DN_03132014_115522.txt
2014-03-13 11:34 - 2014-03-13 11:34 - 00001639 _____ () C:\Users\Kai\Desktop\RKreport[0]_S_03132014_113430.txt
2014-03-13 11:32 - 2014-03-13 11:32 - 03819008 _____ () C:\Users\Kai\Downloads\RogueKiller(1).exe
2014-03-13 11:31 - 2014-03-13 11:31 - 04413952 _____ () C:\Users\Kai\Downloads\RogueKillerX64.exe
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Kai\Desktop\Moderat - II (2013) [Deluxe]
2014-03-11 16:31 - 2014-03-11 16:31 - 00000000 ____D () C:\Users\Kai\Downloads\Experteer-Analytics
2014-03-11 16:30 - 2014-03-11 16:30 - 00109489 _____ () C:\Users\Kai\Downloads\Experteer-Analytics.zip
2014-03-03 18:41 - 2014-03-03 18:41 - 00274888 _____ () C:\Windows\Minidump\030314-16567-01.dmp
2014-02-28 23:36 - 2014-02-28 23:36 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-26 20:44 - 2014-02-26 20:48 - 00000000 ____D () C:\Users\Kai\Downloads\hwmonitor_1.24
2014-02-26 20:44 - 2014-02-26 20:44 - 01211264 _____ () C:\Users\Kai\Downloads\hwmonitor_1.24.zip
2014-02-26 15:37 - 2014-03-16 15:14 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-02-26 15:37 - 2014-02-26 15:37 - 00001011 _____ () C:\Users\Kai\Desktop\SpeedFan.lnk
2014-02-26 15:37 - 2014-02-26 15:37 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-02-26 15:37 - 2014-02-26 15:37 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-02-26 15:35 - 2014-02-26 15:36 - 02143832 _____ () C:\Users\Kai\Downloads\instsf449.exe
2014-02-26 14:48 - 2014-02-26 14:48 - 00007605 _____ () C:\Users\Kai\AppData\Local\Resmon.ResmonCfg
2014-02-26 12:54 - 2014-01-09 02:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 12:54 - 2014-01-03 22:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-25 16:44 - 2014-03-13 11:34 - 00000000 ____D () C:\Users\Kai\Desktop\RK_Quarantine
2014-02-25 15:04 - 2014-02-25 15:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-25 14:56 - 2014-02-25 14:59 - 00000000 ____D () C:\AdwCleaner
2014-02-25 14:54 - 2014-02-25 15:27 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Kai\Downloads\tdsskiller.exe
2014-02-25 14:53 - 2014-02-25 14:56 - 01037734 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2014-02-25 14:43 - 2014-02-25 14:44 - 03818496 _____ () C:\Users\Kai\Downloads\RogueKiller.exe
2014-02-23 16:20 - 2014-02-23 16:20 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Nitro
2014-02-23 16:20 - 2014-02-23 16:20 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\FileOpen
2014-02-23 16:20 - 2014-02-23 16:20 - 00000000 ____D () C:\ProgramData\FileOpen
2014-02-23 16:19 - 2014-02-23 16:19 - 00000000 ____D () C:\ProgramData\Nitro
2014-02-23 16:19 - 2014-02-23 16:19 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-23 16:19 - 2014-02-23 16:19 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-23 16:19 - 2013-03-26 18:12 - 00029712 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2014-02-23 16:19 - 2013-03-26 18:12 - 00017936 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2014-02-23 16:16 - 2014-02-23 16:16 - 24677393 _____ () C:\Users\Kai\Downloads\vlc-2.1.3-win32.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-23 16:13 - 2014-02-23 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 16:13 - 2014-02-23 16:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-23 16:12 - 2014-02-23 16:13 - 33488656 _____ (Foxit Corporation ) C:\Users\Kai\Downloads\FoxitReader614.0217_enu_Setup.exe
2014-02-23 16:11 - 2014-02-23 16:11 - 29141928 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-i586.exe
2014-02-23 16:11 - 2014-02-23 16:11 - 29141928 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-i586(1).exe
2014-02-23 15:51 - 2014-02-23 15:51 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\AVAST Software
2014-02-23 15:50 - 2014-03-18 13:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-23 15:50 - 2014-02-23 15:50 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-23 15:50 - 2014-02-23 15:50 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-23 15:50 - 2014-02-23 15:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-23 15:49 - 2014-02-23 15:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-23 15:47 - 2014-02-23 15:48 - 90578216 _____ (AVAST Software) C:\Users\Kai\Downloads\avast_free_antivirus_setup.exe
2014-02-23 15:47 - 2014-02-23 15:48 - 90578216 _____ (AVAST Software) C:\Users\Kai\Downloads\avast_free_antivirus_setup(1).exe

==================== One Month Modified Files and Folders =======

2014-03-18 14:54 - 2014-03-18 14:53 - 00015953 _____ () C:\Users\Kai\Downloads\FRST.txt
2014-03-18 14:53 - 2014-03-18 14:53 - 00000000 ____D () C:\FRST
2014-03-18 14:51 - 2014-03-18 14:50 - 00025768 _____ () C:\Users\Kai\Desktop\Result.txt
2014-03-18 14:50 - 2014-03-18 14:48 - 02157056 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2014-03-18 14:48 - 2014-03-18 14:48 - 00982016 _____ (Farbar) C:\Users\Kai\Desktop\MiniToolBox.exe
2014-03-18 14:25 - 2013-12-25 12:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 14:17 - 2011-10-02 20:48 - 00000000 ____D () C:\Users\Kai\Documents\Outlook-Dateien
2014-03-18 14:11 - 2014-03-18 14:11 - 00000000 ____D () C:\Users\Kai\AppData\Local\CrashDumps
2014-03-18 13:50 - 2011-09-10 02:34 - 01419123 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 13:38 - 2009-07-14 04:45 - 00022208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 13:38 - 2009-07-14 04:45 - 00022208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 13:35 - 2011-04-12 07:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-18 13:35 - 2011-04-12 07:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-18 13:35 - 2009-07-14 05:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 13:31 - 2014-01-10 14:37 - 00000000 ____D () C:\Users\Kai\AppData\Local\DA535790-72F6-46C4-8FAB-A3133B9689EB.aplzod
2014-03-18 13:31 - 2013-03-31 18:38 - 00000000 ____D () C:\Users\Kai\AppData\Local\LogMeIn Hamachi
2014-03-18 13:31 - 2011-09-11 22:05 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Dropbox
2014-03-18 13:29 - 2014-02-23 15:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-18 13:26 - 2012-07-16 09:24 - 00029563 _____ () C:\Windows\setupact.log
2014-03-18 13:26 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 23:28 - 2011-09-11 06:43 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Skype
2014-03-17 18:15 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 21:16 - 2011-12-06 17:28 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\vlc
2014-03-16 15:14 - 2014-02-26 15:37 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-03-15 23:42 - 2013-02-25 23:35 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Spotify
2014-03-15 20:51 - 2014-03-15 20:51 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-15 20:39 - 2014-03-15 20:39 - 04110135 _____ () C:\Users\Kai\Downloads\tdsskiller.zip
2014-03-15 20:39 - 2014-03-15 20:39 - 00000000 ____D () C:\Users\Kai\Downloads\tdsskiller
2014-03-14 20:38 - 2014-03-14 20:38 - 00331776 _____ () C:\Users\Kai\Downloads\revison innovation systems.ppt
2014-03-14 11:03 - 2009-07-14 04:45 - 00417024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 11:02 - 2012-05-12 16:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:02 - 2012-05-12 16:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 01:18 - 2011-09-28 19:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 15:02 - 2014-03-13 15:02 - 00007335 _____ () C:\Users\Kai\Desktop\Attach2.txt
2014-03-13 15:02 - 2014-03-13 15:02 - 00007335 _____ () C:\Users\Kai\Desktop\attach.txt
2014-03-13 15:01 - 2014-03-13 15:02 - 00023110 _____ () C:\Users\Kai\Desktop\dds.txt
2014-03-13 15:00 - 2014-03-13 14:59 - 00688992 ____R (Swearware) C:\Users\Kai\Downloads\dds.com
2014-03-13 11:56 - 2014-03-13 11:56 - 00001672 _____ () C:\Users\Kai\Desktop\RKreport[0]_S_03132014_115659.txt
2014-03-13 11:55 - 2014-03-13 11:55 - 00000745 _____ () C:\Users\Kai\Desktop\RKreport[0]_DN_03132014_115522.txt
2014-03-13 11:34 - 2014-03-13 11:34 - 00001639 _____ () C:\Users\Kai\Desktop\RKreport[0]_S_03132014_113430.txt
2014-03-13 11:34 - 2014-02-25 16:44 - 00000000 ____D () C:\Users\Kai\Desktop\RK_Quarantine
2014-03-13 11:32 - 2014-03-13 11:32 - 03819008 _____ () C:\Users\Kai\Downloads\RogueKiller(1).exe
2014-03-13 11:31 - 2014-03-13 11:31 - 04413952 _____ () C:\Users\Kai\Downloads\RogueKillerX64.exe
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Kai\Desktop\Moderat - II (2013) [Deluxe]
2014-03-12 14:26 - 2013-12-25 12:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 14:26 - 2013-04-01 22:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 14:26 - 2011-09-10 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 16:55 - 2013-02-25 23:35 - 00000000 ____D () C:\Users\Kai\AppData\Local\Spotify
2014-03-11 16:31 - 2014-03-11 16:31 - 00000000 ____D () C:\Users\Kai\Downloads\Experteer-Analytics
2014-03-11 16:30 - 2014-03-11 16:30 - 00109489 _____ () C:\Users\Kai\Downloads\Experteer-Analytics.zip
2014-03-03 18:41 - 2014-03-03 18:41 - 00274888 _____ () C:\Windows\Minidump\030314-16567-01.dmp
2014-03-03 18:41 - 2012-08-16 16:32 - 00000000 ____D () C:\Windows\Minidump
2014-03-01 19:37 - 2013-01-12 16:23 - 00000000 ____D () C:\Windows\rescache
2014-03-01 06:05 - 2014-03-13 15:15 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:17 - 2014-03-13 15:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 05:16 - 2014-03-13 15:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 - 2014-03-13 15:15 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 04:52 - 2014-03-13 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 04:51 - 2014-03-13 15:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 04:42 - 2014-03-13 15:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 04:40 - 2014-03-13 15:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 04:37 - 2014-03-13 15:15 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 04:33 - 2014-03-13 15:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 04:33 - 2014-03-13 15:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 04:32 - 2014-03-13 15:15 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 04:30 - 2014-03-13 15:15 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 04:23 - 2014-03-13 15:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 - 2014-03-13 15:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:11 - 2014-03-13 15:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 04:02 - 2014-03-13 15:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 03:54 - 2014-03-13 15:15 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 03:52 - 2014-03-13 15:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 03:51 - 2014-03-13 15:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 03:47 - 2014-03-13 15:15 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 03:43 - 2014-03-13 15:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 03:43 - 2014-03-13 15:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 03:42 - 2014-03-13 15:15 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 03:40 - 2014-03-13 15:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 03:38 - 2014-03-13 15:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 03:37 - 2014-03-13 15:15 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 03:35 - 2014-03-13 15:15 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 03:18 - 2014-03-13 15:15 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 03:16 - 2014-03-13 15:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 03:14 - 2014-03-13 15:15 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 03:10 - 2014-03-13 15:15 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 03:03 - 2014-03-13 15:15 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:00 - 2014-03-13 15:15 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 02:57 - 2014-03-13 15:15 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 02:38 - 2014-03-13 15:15 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 02:32 - 2014-03-13 15:15 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 02:27 - 2014-03-13 15:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 02:25 - 2014-03-13 15:15 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 02:25 - 2014-03-13 15:15 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 23:36 - 2014-02-28 23:36 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-26 20:48 - 2014-02-26 20:44 - 00000000 ____D () C:\Users\Kai\Downloads\hwmonitor_1.24
2014-02-26 20:44 - 2014-02-26 20:44 - 01211264 _____ () C:\Users\Kai\Downloads\hwmonitor_1.24.zip
2014-02-26 15:37 - 2014-02-26 15:37 - 00001011 _____ () C:\Users\Kai\Desktop\SpeedFan.lnk
2014-02-26 15:37 - 2014-02-26 15:37 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-02-26 15:37 - 2014-02-26 15:37 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-02-26 15:36 - 2014-02-26 15:35 - 02143832 _____ () C:\Users\Kai\Downloads\instsf449.exe
2014-02-26 14:48 - 2014-02-26 14:48 - 00007605 _____ () C:\Users\Kai\AppData\Local\Resmon.ResmonCfg
2014-02-25 21:28 - 2012-04-07 16:55 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-25 15:27 - 2014-02-25 14:54 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Kai\Downloads\tdsskiller.exe
2014-02-25 15:04 - 2014-02-25 15:04 - 00000000 ____D () C:\Windows\ERUNT
2014-02-25 14:59 - 2014-02-25 14:56 - 00000000 ____D () C:\AdwCleaner
2014-02-25 14:56 - 2014-02-25 14:53 - 01037734 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2014-02-25 14:44 - 2014-02-25 14:43 - 03818496 _____ () C:\Users\Kai\Downloads\RogueKiller.exe
2014-02-23 16:20 - 2014-02-23 16:20 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Nitro
2014-02-23 16:20 - 2014-02-23 16:20 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\FileOpen
2014-02-23 16:20 - 2014-02-23 16:20 - 00000000 ____D () C:\ProgramData\FileOpen
2014-02-23 16:19 - 2014-02-23 16:19 - 00000000 ____D () C:\ProgramData\Nitro
2014-02-23 16:19 - 2014-02-23 16:19 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-23 16:19 - 2014-02-23 16:19 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-23 16:17 - 2012-03-28 19:18 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\Downloaded Installations
2014-02-23 16:16 - 2014-02-23 16:16 - 24677393 _____ () C:\Users\Kai\Downloads\vlc-2.1.3-win32.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-23 16:13 - 2014-02-23 16:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-23 16:13 - 2014-02-23 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 16:13 - 2014-02-23 16:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-23 16:13 - 2014-02-23 16:12 - 33488656 _____ (Foxit Corporation ) C:\Users\Kai\Downloads\FoxitReader614.0217_enu_Setup.exe
2014-02-23 16:11 - 2014-02-23 16:11 - 29141928 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-i586.exe
2014-02-23 16:11 - 2014-02-23 16:11 - 29141928 _____ (Oracle Corporation) C:\Users\Kai\Downloads\jre-7u51-windows-i586(1).exe
2014-02-23 16:11 - 2013-09-26 16:31 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-23 15:55 - 2010-11-21 03:47 - 00329134 _____ () C:\Windows\PFRO.log
2014-02-23 15:54 - 2013-08-15 09:44 - 00000000 ____D () C:\ProgramData\Avira
2014-02-23 15:51 - 2014-02-23 15:51 - 00000000 ____D () C:\Users\Kai\AppData\Roaming\AVAST Software
2014-02-23 15:50 - 2014-02-23 15:50 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-23 15:50 - 2014-02-23 15:50 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-23 15:50 - 2014-02-23 15:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-23 15:50 - 2014-02-23 15:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-23 15:49 - 2014-02-23 15:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-23 15:48 - 2014-02-23 15:47 - 90578216 _____ (AVAST Software) C:\Users\Kai\Downloads\avast_free_antivirus_setup.exe
2014-02-23 15:48 - 2014-02-23 15:47 - 90578216 _____ (AVAST Software) C:\Users\Kai\Downloads\avast_free_antivirus_setup(1).exe
2014-02-20 16:51 - 2011-09-10 20:39 - 00000000 ____D () C:\Users\Kai
2014-02-19 00:30 - 2013-08-28 16:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-19 00:28 - 2011-09-10 20:58 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Kai\AppData\Local\Temp\avgnt.exe
C:\Users\Kai\AppData\Local\Temp\install_helper.exe
C:\Users\Kai\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Kai\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Kai\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Kai\AppData\Local\Temp\Quarantine.exe
C:\Users\Kai\AppData\Local\Temp\setEAPCred.exe
C:\Users\Kai\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Kai\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Kai\AppData\Local\Temp\sfextra.dll
C:\Users\Kai\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Kai\AppData\Local\Temp\wlan_test.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 23:16

==================== End Of Log ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Kai at 2014-03-18 14:55:09
Running from C:\Users\Kai\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III (HKLM-x32\...\{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.0 - Microsoft Games)
Age of Empires III (x32 Version: 1.0 - Microsoft Games) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8F11D874-2ABB-ECC8-4AE4-2558ABFBB754}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.753-100706m-102586C-Lenovo - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0706.2128.36662 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0706.2128.36662 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0706.2128.36662 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help English (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help French (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help German (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0706.2127.36662 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0706.2128.36662 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0706.2128.36662 - ATI) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.4235 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.4235 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant CX20582 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.126.0.64 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
D-Link Connection Manager (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - Global Digital)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EASEUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.0.0.8086p - Landesfinanzdirektion Thüringen)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.0.1.8 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.8 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.8.601 - Chicony Electronics Co.,Ltd.)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.03.0005 - Lenovo)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Drive Copy 5.0 (HKLM-x32\...\{6C52571D-4A38-4F3B-9D7B-A8D95169852F}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2 - )
PageBreeze Free HTML Editor (HKLM-x32\...\PageBreeze Free HTML Editor) (Version:  - )
Paragon Drive Copy™ 11 Professional Demo (HKLM-x32\...\{24371D30-7CFF-11DE-B053-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.1 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.83 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Restore Points  =========================

17-03-2014 20:53:52 Geplanter Prüfpunkt
18-03-2014 13:47:54 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {152EF158-C5C3-486C-8B73-A73BD04BA6AC} - System32\Tasks\{7A1FEF5A-734D-49AE-927F-DB050B8B239B} => E:\SETUP95\SETUP.EXE
Task: {1AB2F848-CA10-4B69-B00D-02109172D0A7} - System32\Tasks\{A40D130E-B1F8-4187-BB77-749C55E3D372} => D:\Ra2.exe
Task: {2B30EBAD-063D-464B-83E4-00CEB02BB721} - System32\Tasks\{75D0EB53-2364-42F2-9033-82A1F8AEF264} => E:\SETUP.EXE
Task: {3CCF4D71-6AF0-4CE4-AF10-FF6D05F0C5F9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-23] (AVAST Software)
Task: {4768046F-DBC6-4F77-A3C4-37E6E11762F8} - System32\Tasks\{9D5B5BC3-CA81-4778-9087-B464F16246D7} => E:\SETUP.EXE
Task: {551231A2-CA32-4E9A-96E0-6B554CFE1296} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] ()
Task: {67C5770F-428B-48BA-867D-8C90FA7C973A} - System32\Tasks\{FD85CDCF-02BC-445E-8F34-2F8224406595} => D:\Diablo II\Diablo II.exe [2012-04-21] (Blizzard North)
Task: {71039A70-A482-4EAB-888A-DD298B88CEBA} - System32\Tasks\{6293268D-AA91-4A4C-B1A8-B268B38A224B} => E:\SETUP.EXE
Task: {742A83EE-BA1B-48DC-A5A2-4540647659D3} - System32\Tasks\{8C4B34CB-AC08-4F13-B79C-608A44DA4B6E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {76B1BB22-D08B-4835-98A1-603AAEF51ADB} - System32\Tasks\{A42217A8-117E-4E56-9FFD-6A530CBA69E3} => E:\SETUP.EXE
Task: {77573354-B8F6-49AD-ABA0-D9A837736E9F} - System32\Tasks\{6F77FE6F-F2AD-442A-A6DE-55820381517B} => E:\SETUP.EXE
Task: {943B29EB-F06E-4AE3-8FB7-78BC2A051483} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {BA54F095-A4A3-4923-88A4-D85AFD33E8D1} - System32\Tasks\{1933EA16-AF1E-4E7B-902E-F070E6DB4FCE} => D:\Stronghold Crusader\Stronghold Crusader.exe [2009-09-23] ( )
Task: {BF4CE635-A0B5-4B72-8F62-CF7A986A7024} - System32\Tasks\{062AE421-9C4B-4A80-A0F3-BB1C97A6421B} => D:\Ra2.exe
Task: {C9E218C8-CBE0-4645-B79E-22EC59B2F219} - System32\Tasks\{BD5D8040-CE21-4A05-9D6E-C64F7F138A0A} => E:\SETUP.EXE
Task: {E8B85E58-7507-4F54-A03F-403E58B673BF} - System32\Tasks\{7491CFB8-F2D3-4276-99E2-E5AAE409A631} => E:\SETUP.EXE
Task: {FE1F0D07-64C0-46D7-87F5-C17BBA53251E} - System32\Tasks\{6A70ECDB-5B70-48B2-8C81-9668446DBAEA} => E:\SETUP95\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-08-28 15:49 - 2012-09-18 13:27 - 00192512 _____ () C:\Windows\System32\ZLhp1020.DLL
2013-08-28 15:49 - 2012-09-18 13:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-09-10 22:02 - 2011-07-04 01:02 - 00055296 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-06-13 17:37 - 2011-06-13 17:37 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2012-06-18 15:24 - 2012-06-18 15:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-15 18:47 - 2010-12-03 19:24 - 00128288 _____ () C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-15 02:36 - 2013-02-15 02:36 - 01554496 _____ () D:\Office\Office14\ADDINS\UmOutlookAddin.dll
2009-05-15 13:01 - 2009-05-15 13:01 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-06 19:26 - 2010-07-06 19:26 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-17 20:23 - 2014-03-17 19:34 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031701\algo.dll
2014-03-18 13:32 - 2014-03-18 11:03 - 02188800 _____ () C:\Program Files\AVAST Software\Avast\defs\14031801\algo.dll
2011-04-14 10:15 - 2011-04-14 10:15 - 00086016 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\Kai\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-23 15:50 - 2014-02-23 15:50 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-14 13:07 - 2014-02-14 13:07 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56958799.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56958799.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "D:\Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: PDFPrint => d:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Kai\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Kai\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 02:10:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x1480
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/18/2014 01:28:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (03/18/2014 01:29:04 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/18/2014 01:27:45 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (03/18/2014 01:27:15 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (03/18/2014 01:26:38 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{eeab04ec-db54-11e0-b5c6-806e6f6e6963}" können nicht gelesen werden.

Error: (03/17/2014 09:03:09 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (03/17/2014 08:19:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (03/17/2014 08:18:03 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst vpnagent erreicht.

Error: (03/17/2014 08:16:46 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{eeab04ec-db54-11e0-b5c6-806e6f6e6963}" können nicht gelesen werden.

Error: (03/17/2014 08:16:41 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎17.‎03.‎2014 um 20:10:38 unerwartet heruntergefahren.

Error: (03/17/2014 06:00:34 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


Microsoft Office Sessions:
=========================
Error: (03/18/2014 02:10:54 PM) (Source: Application Error)(User: )
Description: firefox.exe27.0.1.515652fc0faaxul.dll27.0.1.515652fc0f79c0000005001560c7148001cf42ae7806597aC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll1e00e114-aea7-11e3-bbb7-ec55f9f9a239

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (03/18/2014 01:44:08 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900

Error: (03/18/2014 01:29:34 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path17900

Error: (03/18/2014 01:28:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900

Error: (03/17/2014 10:01:10 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 7934.16 MB
Available physical RAM: 5615.16 MB
Total Pagefile: 15866.51 MB
Available Pagefile: 13442.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:102.09 GB) (Free:12.67 GB) NTFS
Drive d: () (Fixed) (Total:99.67 GB) (Free:33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8AC89A73)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Again, many thanks for investigating my problem.

 

Cheers,

Kai



#4 mrwright

mrwright
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 18 March 2014 - 10:01 AM

NB: As you can see I tried some cleaning up on my own (TDSKiller/RougeKiller). RougeKiller found some Issues in the DNS tab and I let the program resolve it. But that didn't change anything with respect to connectivity and "black screen". I hope I didn't mess up by trying to solve the problem on my own.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 18 March 2014 - 11:52 AM

Greetings Kai,

Thanks for the detailed informations. So far I don't think anything you have done has hampered us in any way.

I know you have not been able to replicate the 1:00 AM connection issue but are you currently experiencing any other connection issues?

Also, do these files look familiar to you?
 

setEAPCred.exe
E:\SETUP95\SETUP.EXE
D:\Ra2.exe
E:\SETUP.EXE


Please consider and complete the following.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Please download and run Microsoft Fix it 50688 to fix a non-malware related technical issue with Windows.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Did the Microsoft fix work properly with no error notifications?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 mrwright

mrwright
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 18 March 2014 - 12:19 PM

Hey Gary,

 

Thanks for your prompt reply.

 

I could install the Microsoft Fix without any problem.

 

About the files:
setEAPCred.exe

-> No idea.
E:\SETUP95\SETUP.EXE

-> I didn't even know that I have a E: drive - strange..
D:\Ra2.exe

-> Could be C&C Red Alert 2 but not sure at all.
E:\SETUP.EXE

-> I didn't even know that I have a E: drive - strange..

 

No connection issues so far. Sometimes I get kicked out of "eduroam" (I don't know if you know it, its a world wide university WiFi network), but I don't see any link to my computer as this happens to some peers as well. I also observed the traffic via the task manager. Looks good to me. No strange sparks.

 

Cheers,

Kai



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 18 March 2014 - 12:31 PM

Thanks Kai,

I want to deal with these file issues first then we will look at the boot delay.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Task: {152EF158-C5C3-486C-8B73-A73BD04BA6AC} - System32\Tasks\{7A1FEF5A-734D-49AE-927F-DB050B8B239B} => E:\SETUP95\SETUP.EXE
Task: {1AB2F848-CA10-4B69-B00D-02109172D0A7} - System32\Tasks\{A40D130E-B1F8-4187-BB77-749C55E3D372} => D:\Ra2.exe
Task: {2B30EBAD-063D-464B-83E4-00CEB02BB721} - System32\Tasks\{75D0EB53-2364-42F2-9033-82A1F8AEF264} => E:\SETUP.EXE
Task: {4768046F-DBC6-4F77-A3C4-37E6E11762F8} - System32\Tasks\{9D5B5BC3-CA81-4778-9087-B464F16246D7} => E:\SETUP.EXE
Task: {71039A70-A482-4EAB-888A-DD298B88CEBA} - System32\Tasks\{6293268D-AA91-4A4C-B1A8-B268B38A224B} => E:\SETUP.EXE
Task: {76B1BB22-D08B-4835-98A1-603AAEF51ADB} - System32\Tasks\{A42217A8-117E-4E56-9FFD-6A530CBA69E3} => E:\SETUP.EXE
Task: {77573354-B8F6-49AD-ABA0-D9A837736E9F} - System32\Tasks\{6F77FE6F-F2AD-442A-A6DE-55820381517B} => E:\SETUP.EXE
Task: {BF4CE635-A0B5-4B72-8F62-CF7A986A7024} - System32\Tasks\{062AE421-9C4B-4A80-A0F3-BB1C97A6421B} => D:\Ra2.exe
Task: {C9E218C8-CBE0-4645-B79E-22EC59B2F219} - System32\Tasks\{BD5D8040-CE21-4A05-9D6E-C64F7F138A0A} => E:\SETUP.EXE
Task: {E8B85E58-7507-4F54-A03F-403E58B673BF} - System32\Tasks\{7491CFB8-F2D3-4276-99E2-E5AAE409A631} => E:\SETUP.EXE
Task: {FE1F0D07-64C0-46D7-87F5-C17BBA53251E} - System32\Tasks\{6A70ECDB-5B70-48B2-8C81-9668446DBAEA} => E:\SETUP95\SETUP.EXE
D:\Ra2.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer a couple of times to see if there is any difference
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer booting now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 mrwright

mrwright
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 20 March 2014 - 09:05 AM

Dear Gary,

 

Sorry for the delayed response. I have been super busy the last days and I still am until the weekend. I will do all the stuff you mentioned in your last post latest on Saturday. I hope that is okay.

 

Just one thing I want to share with you in the meantime: Yesterday I experienced the following: Suddenly my browser (Firefox) said that it is not connected to the internet. Also Dropbox went offline, but I still could send emails. I verified that by sending one to a friend who confirmed the receipt. After a restart, Firefox and Dropbox work again. Very strange to me..

 

Cheers,

Kai



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 20 March 2014 - 01:20 PM

Thanks for touching base Kai. Of course Saturday is fine. Let's run the fix first then we will decide our next step. I do not anticipate the fix is going to resolve your connection problem but one step at a time.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 mrwright

mrwright
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 23 March 2014 - 10:20 AM

Dear Gary,

 

I did the Fix; Log below. I can't see any difference in the booting process (speed, etc.).

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Kai at 2014-03-23 15:10:55 Run:1
Running from C:\Users\Kai\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {152EF158-C5C3-486C-8B73-A73BD04BA6AC} - System32\Tasks\{7A1FEF5A-734D-49AE-927F-DB050B8B239B} => E:\SETUP95\SETUP.EXE
Task: {1AB2F848-CA10-4B69-B00D-02109172D0A7} - System32\Tasks\{A40D130E-B1F8-4187-BB77-749C55E3D372} => D:\Ra2.exe
Task: {2B30EBAD-063D-464B-83E4-00CEB02BB721} - System32\Tasks\{75D0EB53-2364-42F2-9033-82A1F8AEF264} => E:\SETUP.EXE
Task: {4768046F-DBC6-4F77-A3C4-37E6E11762F8} - System32\Tasks\{9D5B5BC3-CA81-4778-9087-B464F16246D7} => E:\SETUP.EXE
Task: {71039A70-A482-4EAB-888A-DD298B88CEBA} - System32\Tasks\{6293268D-AA91-4A4C-B1A8-B268B38A224B} => E:\SETUP.EXE
Task: {76B1BB22-D08B-4835-98A1-603AAEF51ADB} - System32\Tasks\{A42217A8-117E-4E56-9FFD-6A530CBA69E3} => E:\SETUP.EXE
Task: {77573354-B8F6-49AD-ABA0-D9A837736E9F} - System32\Tasks\{6F77FE6F-F2AD-442A-A6DE-55820381517B} => E:\SETUP.EXE
Task: {BF4CE635-A0B5-4B72-8F62-CF7A986A7024} - System32\Tasks\{062AE421-9C4B-4A80-A0F3-BB1C97A6421B} => D:\Ra2.exe
Task: {C9E218C8-CBE0-4645-B79E-22EC59B2F219} - System32\Tasks\{BD5D8040-CE21-4A05-9D6E-C64F7F138A0A} => E:\SETUP.EXE
Task: {E8B85E58-7507-4F54-A03F-403E58B673BF} - System32\Tasks\{7491CFB8-F2D3-4276-99E2-E5AAE409A631} => E:\SETUP.EXE
Task: {FE1F0D07-64C0-46D7-87F5-C17BBA53251E} - System32\Tasks\{6A70ECDB-5B70-48B2-8C81-9668446DBAEA} => E:\SETUP95\SETUP.EXE
D:\Ra2.exe
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{152EF158-C5C3-486C-8B73-A73BD04BA6AC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{152EF158-C5C3-486C-8B73-A73BD04BA6AC} => Key deleted successfully.
C:\Windows\System32\Tasks\{7A1FEF5A-734D-49AE-927F-DB050B8B239B} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A1FEF5A-734D-49AE-927F-DB050B8B239B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AB2F848-CA10-4B69-B00D-02109172D0A7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AB2F848-CA10-4B69-B00D-02109172D0A7} => Key deleted successfully.
C:\Windows\System32\Tasks\{A40D130E-B1F8-4187-BB77-749C55E3D372} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A40D130E-B1F8-4187-BB77-749C55E3D372} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B30EBAD-063D-464B-83E4-00CEB02BB721} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B30EBAD-063D-464B-83E4-00CEB02BB721} => Key deleted successfully.
C:\Windows\System32\Tasks\{75D0EB53-2364-42F2-9033-82A1F8AEF264} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75D0EB53-2364-42F2-9033-82A1F8AEF264} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4768046F-DBC6-4F77-A3C4-37E6E11762F8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4768046F-DBC6-4F77-A3C4-37E6E11762F8} => Key deleted successfully.
C:\Windows\System32\Tasks\{9D5B5BC3-CA81-4778-9087-B464F16246D7} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D5B5BC3-CA81-4778-9087-B464F16246D7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71039A70-A482-4EAB-888A-DD298B88CEBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71039A70-A482-4EAB-888A-DD298B88CEBA} => Key deleted successfully.
C:\Windows\System32\Tasks\{6293268D-AA91-4A4C-B1A8-B268B38A224B} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6293268D-AA91-4A4C-B1A8-B268B38A224B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76B1BB22-D08B-4835-98A1-603AAEF51ADB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76B1BB22-D08B-4835-98A1-603AAEF51ADB} => Key deleted successfully.
C:\Windows\System32\Tasks\{A42217A8-117E-4E56-9FFD-6A530CBA69E3} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A42217A8-117E-4E56-9FFD-6A530CBA69E3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77573354-B8F6-49AD-ABA0-D9A837736E9F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77573354-B8F6-49AD-ABA0-D9A837736E9F} => Key deleted successfully.
C:\Windows\System32\Tasks\{6F77FE6F-F2AD-442A-A6DE-55820381517B} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6F77FE6F-F2AD-442A-A6DE-55820381517B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF4CE635-A0B5-4B72-8F62-CF7A986A7024} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF4CE635-A0B5-4B72-8F62-CF7A986A7024} => Key deleted successfully.
C:\Windows\System32\Tasks\{062AE421-9C4B-4A80-A0F3-BB1C97A6421B} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{062AE421-9C4B-4A80-A0F3-BB1C97A6421B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E218C8-CBE0-4645-B79E-22EC59B2F219} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E218C8-CBE0-4645-B79E-22EC59B2F219} => Key deleted successfully.
C:\Windows\System32\Tasks\{BD5D8040-CE21-4A05-9D6E-C64F7F138A0A} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD5D8040-CE21-4A05-9D6E-C64F7F138A0A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8B85E58-7507-4F54-A03F-403E58B673BF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8B85E58-7507-4F54-A03F-403E58B673BF} => Key deleted successfully.
C:\Windows\System32\Tasks\{7491CFB8-F2D3-4276-99E2-E5AAE409A631} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7491CFB8-F2D3-4276-99E2-E5AAE409A631} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE1F0D07-64C0-46D7-87F5-C17BBA53251E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE1F0D07-64C0-46D7-87F5-C17BBA53251E} => Key deleted successfully.
C:\Windows\System32\Tasks\{6A70ECDB-5B70-48B2-8C81-9668446DBAEA} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A70ECDB-5B70-48B2-8C81-9668446DBAEA} => Key deleted successfully.
"D:\Ra2.exe" => File/Directory not found.

==== End of Fixlog ====

Cheers,
Kai



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 23 March 2014 - 03:53 PM

Hi Kai and welcome back!

Can you tell me if your computer will boot into Safe Mode within a reasonable amount of time (normally)?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 mrwright

mrwright
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 23 March 2014 - 05:45 PM

Hi Gary,

 

It took me about 40sec to boot in Safe Mode, which is comparable to a boot in Normal Mode.

 

Cheers,
Kai



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 23 March 2014 - 09:40 PM

Thanks Kai,

Let's do this next.

===================================================

Clean Boot
--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer startup performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 mrwright

mrwright
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 23 March 2014 - 10:47 PM

Hi Gary,

 

Startup/Booting takes more or less the same time, but the computer seems to be less "laggy".

 

Cheers,

Kai



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 PM

Posted 24 March 2014 - 02:36 PM

Hi Kai,

Reverse the Clean Boot steps then please run these programs for me.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • MiniToolBox log
  • How is your boot time?
  • How is your internet?

Edited by Oh My, 24 March 2014 - 02:37 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users