Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having Mysearchdial


  • This topic is locked This topic is locked
21 replies to this topic

#1 clueso

clueso

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 27 May 2014 - 08:31 AM

Hi

 

mysearchdial get shown in the window that opens when I right-click on something, so I became worried.

I do not know where this come from...

 

thanks everyone

 

---

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17041
Run by Bahlmann at 15:24:35 on 2014-05-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3072.1629 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Users\Bahlmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - 
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [GoogleChromeAutoLaunch_47666428D09FA0F2A4ADBC9432DDF5C0] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Spotify Web Helper] "c:\users\bahlmann\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Spotify] "c:\users\bahlmann\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\realpl~1.lnk - c:\program files\real\realplayer\rpds\bin\rpsystray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\bahlmann\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{664EA8EF-8EAB-46E9-87C2-B43BEFB74F69} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9AF672BB-B9CA-465C-B7C4-B3C6281CD76D} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-9 37352]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-11-1 35592]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2013-3-9 430160]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2013-3-9 430160]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-3-9 1039440]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-9 93528]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-6-20 173192]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104264]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-4-3 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2014-4-3 19405768]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2014-4-6 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\real\realplayer\rpds\bin\rpdsvc.exe [2014-5-2 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\real\updateservice\RealPlayerUpdateSvc.exe [2014-4-7 23552]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-4-7 411936]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-4-7 34080]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2012-11-1 35592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-23 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2012-10-31 81960]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2012-10-31 80680]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2012-10-31 309416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-7-30 14848]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 603240]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-7-30 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-7-30 27136]
.
=============== Created Last 30 ================
.
2014-05-27 10:22:31 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{77072ff4-95f6-4f0a-956d-0d61707f0a00}\mpengine.dll
2014-05-26 09:55:29 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-24 14:27:31 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0f68cb49-7c12-49b4-89aa-bab207af2a22}\gapaengine.dll
2014-05-15 01:00:58 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 01:01:57 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-02 18:32:26 -------- d-----w- c:\users\bahlmann\appdata\roaming\RealNetworks
2014-05-02 17:53:30 -------- d-----w- c:\programdata\RealNetworks
2014-05-02 17:53:30 -------- d-----w- c:\program files\RealNetworks
2014-05-02 17:52:40 -------- d-----w- c:\program files\common files\xing shared
2014-05-02 17:50:25 353864 ----a-w- c:\windows\system32\msvcr71.dll
2014-05-02 17:50:24 505416 ----a-w- c:\windows\system32\msvcp71.dll
.
==================== Find3M  ====================
.
2014-05-27 11:34:04 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-13 22:16:36 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 22:16:36 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-15 00:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-02 13:27:17 1081112 ----a-w- c:\windows\system32\nvspcap.dll
2014-03-21 19:43:52 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-03-21 19:43:50 33568 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-03-11 07:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 12:34:44 4348704 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 12:34:44 3044696 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-04 12:34:42 663896 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 12:34:42 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 12:34:42 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 12:34:41 375128 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 11:32:59 599840 ----a-w- c:\windows\system32\nvStreaming.exe
2014-03-04 09:20:11 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-03-04 05:35:48 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-16 20:32:02 3837952 ----a-w- c:\program files\Belkin USB Wireless Adaptor.msi
.
============= FINISH: 15:26:20,83 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:45 AM

Posted 27 May 2014 - 12:30 PM

Hello Clueso-

 

My name is Johnny Computer.  I will be helping you clean up your system.  Please give me some time to look over your log and I will be back with further instructions as soon as possible.   :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#3 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 27 May 2014 - 12:40 PM

thank you very much



#4 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:45 AM

Posted 28 May 2014 - 08:22 AM

Hi again Clueso-
 

Hello and  :welcome:  to BLEEPING COMPUTER
My name is Johnny Computer and I will be helping you with your malware related computer issues today :)  

Before we move on, please read the following points carefully.

  • First, I would like to inform you that most of us here at Bleeping Computer are volunteers. The logs you will be asked to submit can take time to analyze. Please try to match our commitment to you with your patience toward us.  :)
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • IMPORTANT-----> Post all logfiles as a reply rather than as an attachment. If you can not post all log files in one reply, feel free to use more posts.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop and ask any questions you may have.
  • Please stay with me until I have notified you that your system is All Clean. Absence of symptoms does not necessarily mean your machine is clean. :)
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

=====================================================================================================================

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Thanks :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#5 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 28 May 2014 - 01:15 PM

Hi Johnny

Here is the log

thx

 

---

 

# AdwCleaner v3.211 - Bericht erstellt am 28/05/2014 um 20:08:42
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Bahlmann - BAHLMANN-PC
# Gestartet von : C:\Users\Bahlmann\Downloads\AdwCleaner (1).exe
# Option : Löschen
 
***** [ Dienste ] *****
 
 
***** [ Dateien / Ordner ] *****
 
 
***** [ Verknüpfungen ] *****
 
 
***** [ Registrierungsdatenbank ] *****
 
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v35.0.1916.114
 
[ Datei : C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=90796641-7658-4c81-8be3-3671c08272a8&apn_ptnrs=%5EAGS&apn_sauid=5AB534DE-9123-4B88-B7DD-8B0E7F2B52D0&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_12_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0FtCyC0E0D0AyC0AtD0E0EtBtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0BtD0D0FtD0C0EtG0CtA0CyBtGzytB0FtBtG0BtDtCyDtGyCtDyC0DyD0CyBtAzy0A0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytC0A0F0DyCtBtGzy0EzytAtG0D0A0F0FtG0CyB0CzztGtB0FtCyBtByEtAzyzz0F0D0A2Q&cr=189652469&ir=
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
 
*************************
 
AdwCleaner[R0].txt - [18433 octets] - [22/03/2014 15:09:01]
AdwCleaner[R1].txt - [996 octets] - [23/03/2014 19:40:11]
AdwCleaner[R2].txt - [1116 octets] - [13/04/2014 12:26:44]
AdwCleaner[R3].txt - [3385 octets] - [28/05/2014 20:07:07]
AdwCleaner[S0].txt - [17457 octets] - [22/03/2014 15:12:02]
AdwCleaner[S1].txt - [1056 octets] - [23/03/2014 19:41:51]
AdwCleaner[S2].txt - [1178 octets] - [13/04/2014 12:28:26]
AdwCleaner[S3].txt - [3306 octets] - [28/05/2014 20:08:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3366 octets] ##########


#6 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:45 AM

Posted 28 May 2014 - 08:03 PM

Hello Clueso-

Please do the following:

STEP #1:

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened. Again, this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira or Microsoft Security Essentials 
 
STEP #2:
 
Please let me know how your computer is running now. Is My Search Dial still present in the right click menu?

IN YOUR NEXT POST PLEASE INCLUDE THE FOLLOWING: 
  •  Confirmation on removal of one of your AV's
  • A status update-How is your computer running now?
Thanks :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#7 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 29 May 2014 - 06:38 AM

Hi

 

I want to remove Microsoft Security Essentials, but I can't find the "Unstistall" function for it in the control panel (in the task bar on the windows symbol that is what you mean, right?).

Or shall I just delete it?

 

I found a folder which is called "Microsoft Security Client" but I do not know if this is the same as M. Security Essentials....

 

thx for the help



#8 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:45 AM

Posted 29 May 2014 - 09:18 AM

Hi Clueso-

How is your computer running now? Is My Search Dial still present in the right-click menu?

In regards to the MSE removal please download the tool from this link and run it. That should remove MSE from your system. :)

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

IN YOUR NEXT POST PLEASE INCLUDE THE FOLLOWING: 
  •  Confirmation on removal of MSE
  • A status update-How is your computer running now?
Thanks  :) 

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#9 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 29 May 2014 - 09:58 AM

MSE is removed, only the shortcut is still there with no function

Computer runs fine & Mysearchdial is removed & replaced with google

 

thx 

clueso



#10 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:45 AM

Posted 29 May 2014 - 05:32 PM

Hello Clueso-

Please do the following:
 
You can delete the MSE shortcut

STEP #1:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
STEP #2:

Download and install:

Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
STEP #3:

Please download Secunia Personal Software Inspector, run the program, and apply any updates needed.

http://secunia.com/vulnerability_scanning/personal/


IN YOUR NEXT POST PLEASE INCLUDE THE FOLLOWING: 
  • FRST Log
  • MBAM Log 
  • Let me know how the updates with secunia went
Thanks :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#11 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 29 May 2014 - 07:37 PM

Thanks man
 
Secunia says all programs are okay
 
==========
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-05-2014
Ran by Bahlmann (administrator) on BAHLMANN-PC on 30-05-2014 01:12:21
Running from C:\Users\Bahlmann\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Spotify Ltd) C:\Users\Bahlmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Bahlmann\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-05-02] (RealNetworks, Inc.)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [GoogleChromeAutoLaunch_47666428D09FA0F2A4ADBC9432DDF5C0] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-05-14] (Google Inc.)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [Spotify Web Helper] => C:\Users\Bahlmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [Spotify] => C:\Users\Bahlmann\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\MountPoints2: {772657d1-47b7-11e2-b192-806e6f6e6963} - "F:\Diablo III Setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB8F0E515E7DBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.9.17 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-04]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-02]
FF HKLM\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (RealPlayer Downloader) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-25]
CHR Extension: (Google Wallet) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-09-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Bahlmann\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-02] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35592 2012-11-01] (AnchorFree Inc.)
S3 MicNgBas; C:\Windows\System32\DRIVERS\MicNgBas.sys [81960 2012-10-31] (Micronas GmbH)
S3 MicNgCap; C:\Windows\System32\DRIVERS\MicNgCap.sys [80680 2012-10-31] (Micronas GmbH)
S3 MicNgTun; C:\Windows\System32\DRIVERS\MicNgTun.sys [309416 2012-10-31] (Micronas GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-09] (Avira GmbH)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-11-01] (Anchorfree Inc.)
S1 MpKsl02a5868a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77072FF4-95F6-4F0A-956D-0D61707F0A00}\MpKsl02a5868a.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-30 01:12 - 2014-05-30 01:12 - 12421378 _____ () C:\Users\Bahlmann\Downloads\Nicht bestätigt 591320.crdownload
2014-05-30 01:11 - 2014-05-30 01:11 - 01056256 _____ (Farbar) C:\Users\Bahlmann\Downloads\FRST (1).exe
2014-05-29 16:56 - 2014-05-29 16:56 - 00017816 _____ () C:\FixitRegBackup.reg
2014-05-29 16:54 - 2014-05-29 16:54 - 00899584 _____ () C:\Users\Bahlmann\Downloads\MicrosoftFixit50535.msi
2014-05-29 13:33 - 2014-02-16 12:51 - 00000426 _____ () C:\AVScanner.ini
2014-05-28 20:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-28 20:06 - 2014-05-28 20:06 - 01327971 _____ () C:\Users\Bahlmann\Downloads\AdwCleaner (1).exe
2014-05-27 15:26 - 2014-05-27 15:26 - 00017029 _____ () C:\Users\Bahlmann\Desktop\dds.txt
2014-05-27 15:26 - 2014-05-27 15:26 - 00006237 _____ () C:\Users\Bahlmann\Desktop\attach.txt
2014-05-27 15:23 - 2014-05-27 15:24 - 00688992 ____R (Swearware) C:\Users\Bahlmann\Downloads\dds (2).com
2014-05-27 15:22 - 2014-05-27 15:29 - 00000000 ____D () C:\Users\Bahlmann\Documents\Bleeping Computer
2014-05-27 15:21 - 2014-05-27 15:22 - 00688992 _____ (Swearware) C:\Users\Bahlmann\Downloads\dds (1).com
2014-05-15 03:09 - 2014-05-15 03:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 16:51 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 16:51 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 16:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 16:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:49 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-07 03:01 - 2014-05-15 03:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 20:32 - 2014-05-02 20:32 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\RealNetworks
2014-05-02 19:54 - 2014-05-02 19:54 - 00001102 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-05-02 19:53 - 2014-05-02 19:53 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-05-02 19:53 - 2014-05-02 19:53 - 00000000 ____D () C:\Program Files\RealNetworks
2014-05-02 19:52 - 2014-05-02 19:52 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-05-02 19:52 - 2014-05-02 19:52 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-05-02 19:51 - 2014-05-02 19:51 - 00278600 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2014-05-02 19:50 - 2014-05-02 19:50 - 00505416 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-05-02 19:50 - 2014-05-02 19:50 - 00353864 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
 
==================== One Month Modified Files and Folders =======
 
2014-05-30 01:13 - 2012-12-16 21:41 - 00000000 ____D () C:\Users\Bahlmann\AppData\Local\Temp
2014-05-30 01:12 - 2014-05-30 01:12 - 12421378 _____ () C:\Users\Bahlmann\Downloads\Nicht bestätigt 591320.crdownload
2014-05-30 01:12 - 2014-03-22 15:28 - 00016924 _____ () C:\Users\Bahlmann\Downloads\FRST.txt
2014-05-30 01:12 - 2014-03-22 15:28 - 00000000 ____D () C:\FRST
2014-05-30 01:11 - 2014-05-30 01:11 - 01056256 _____ (Farbar) C:\Users\Bahlmann\Downloads\FRST (1).exe
2014-05-30 00:24 - 2012-12-26 16:04 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 00:15 - 2012-12-26 16:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 22:15 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Bahlmann\Documents\Sanctuary
2014-05-29 21:26 - 2012-12-16 21:36 - 01683981 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 21:15 - 2014-02-06 22:25 - 00000000 ____D () C:\Users\Bahlmann\AppData\Local\Battle.net
2014-05-29 21:15 - 2014-02-06 22:24 - 00000000 ____D () C:\Program Files\Battle.net
2014-05-29 16:56 - 2014-05-29 16:56 - 00017816 _____ () C:\FixitRegBackup.reg
2014-05-29 16:54 - 2014-05-29 16:54 - 00899584 _____ () C:\Users\Bahlmann\Downloads\MicrosoftFixit50535.msi
2014-05-29 13:25 - 2012-12-26 16:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 02:01 - 2014-02-06 22:28 - 00000000 ____D () C:\Program Files\Hearthstone
2014-05-29 01:07 - 2013-03-08 19:03 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\Spotify
2014-05-28 20:20 - 2009-07-14 06:34 - 00022016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 20:20 - 2009-07-14 06:34 - 00022016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 20:13 - 2014-01-24 19:11 - 00000000 ___RD () C:\Users\Bahlmann\Google Drive
2014-05-28 20:11 - 2013-04-14 03:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 20:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 20:11 - 2009-07-14 06:39 - 00054450 _____ () C:\Windows\setupact.log
2014-05-28 20:10 - 2010-11-20 23:48 - 00079382 _____ () C:\Windows\PFRO.log
2014-05-28 20:08 - 2014-03-22 15:08 - 00000000 ____D () C:\AdwCleaner
2014-05-28 20:06 - 2014-05-28 20:06 - 01327971 _____ () C:\Users\Bahlmann\Downloads\AdwCleaner (1).exe
2014-05-27 21:26 - 2013-03-25 10:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-27 15:29 - 2014-05-27 15:22 - 00000000 ____D () C:\Users\Bahlmann\Documents\Bleeping Computer
2014-05-27 15:26 - 2014-05-27 15:26 - 00017029 _____ () C:\Users\Bahlmann\Desktop\dds.txt
2014-05-27 15:26 - 2014-05-27 15:26 - 00006237 _____ () C:\Users\Bahlmann\Desktop\attach.txt
2014-05-27 15:24 - 2014-05-27 15:23 - 00688992 ____R (Swearware) C:\Users\Bahlmann\Downloads\dds (2).com
2014-05-27 15:22 - 2014-05-27 15:21 - 00688992 _____ (Swearware) C:\Users\Bahlmann\Downloads\dds (1).com
2014-05-27 13:34 - 2013-03-09 20:08 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-27 13:34 - 2013-03-09 20:08 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-23 15:32 - 2010-11-20 23:01 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 22:40 - 2012-12-26 16:06 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 12:04 - 2014-02-13 15:44 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 03:28 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 03:12 - 2012-12-18 16:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:09 - 2014-05-15 03:09 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:09 - 2013-07-30 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:05 - 2012-12-16 22:51 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 11:41 - 2014-03-29 14:04 - 00000000 ____D () C:\Program Files\Diablo III
2014-05-14 00:16 - 2012-12-26 16:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 00:16 - 2012-12-26 16:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 09:06 - 2014-05-14 16:51 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 16:51 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 14:28 - 2014-04-03 20:12 - 00000000 ____D () C:\Users\Bahlmann\Documents\Wow
2014-05-07 02:22 - 2014-01-24 19:08 - 00002000 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-07 02:22 - 2014-01-24 19:08 - 00001998 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-07 02:22 - 2014-01-24 19:08 - 00001988 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-07 02:22 - 2014-01-24 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 05:25 - 2014-05-15 03:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 03:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 03:54 - 2013-04-28 08:25 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\Real
2014-05-02 20:32 - 2014-05-02 20:32 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\RealNetworks
2014-05-02 19:54 - 2014-05-02 19:54 - 00001102 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-05-02 19:54 - 2013-04-28 08:26 - 00000000 ____D () C:\Program Files\Real
2014-05-02 19:53 - 2014-05-02 19:53 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-05-02 19:53 - 2014-05-02 19:53 - 00000000 ____D () C:\Program Files\RealNetworks
2014-05-02 19:52 - 2014-05-02 19:52 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-05-02 19:52 - 2014-05-02 19:52 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-05-02 19:52 - 2013-04-28 08:22 - 00000000 ____D () C:\ProgramData\Real
2014-05-02 19:51 - 2014-05-02 19:51 - 00278600 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2014-05-02 19:50 - 2014-05-02 19:50 - 00505416 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-05-02 19:50 - 2014-05-02 19:50 - 00353864 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
 
Some content of TEMP:
====================
C:\Users\Bahlmann\AppData\Local\Temp\avgnt.exe
C:\Users\Bahlmann\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Bahlmann\AppData\Local\Temp\nvStInst.exe
C:\Users\Bahlmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Bahlmann\AppData\Local\Temp\SCC.dll
C:\Users\Bahlmann\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 16:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 02:35
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-05-2014
Ran by Bahlmann at 2014-05-30 01:13:30
Running from C:\Users\Bahlmann\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin USB Wireless Adaptor (HKLM\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (Version: 1.0.0.10 - Belkin) Hidden
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DriverTuner 3.1.0.0 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
DVDVideoSoftTB DE Toolbar (HKCU\...\CT2625848) (Version: 10.14.0.127 - DVDVideoSoftTB DE)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 2510 series - Grundlegende Software für das Gerät (HKLM\...\{AEE763B1-34D4-494E-920C-12BCD8A9E76B}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Hilfe (HKLM\...\{07B48D2C-E60D-41E6-B546-11D128F633EC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{6C88C4F6-797D-4FDE-9FCE-7C486B78EFBB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
RealDownloader (Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
TERRATEC Cinergy 2400i DT (32 Bit) (HKLM\...\{BE6139F7-2C32-44AA-AE5C-9E42262F46FB}) (Version: 1.1.0.284 - TERRATEC)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - TerraTec  (MicNgBas) Media  (04/21/2009 1.1.0.0284) (HKLM\...\81C8EA38405A23287E042002943A9BB95627F861) (Version: 04/21/2009 1.1.0.0284 - TerraTec )
 
==================== Restore Points  =========================
 
22-05-2014 12:46:13 Windows Update
26-05-2014 09:53:53 Windows Update
29-05-2014 14:55:10 Installed Microsoft Fix it 50535
 
==================== Hosts content: ==========================
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0F3424E8-48F8-4A72-B7EA-E9853E85FD09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {169C0C0D-5756-47A4-BACF-C6ED5DD4A50E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {3D575D18-7FF5-4CB5-961C-87DCC0F0A1A3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {507B42B9-1C63-426E-9404-C390D8ADCCBA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {BA653769-E694-4A85-94F8-28B0A41F1860} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {BD489C96-CAD3-4A15-8FED-3E505B800D91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {F08448B1-AD17-4D74-B589-BC5BFFCA3E59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-14 03:06 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-02 19:50 - 2014-05-02 19:50 - 00859224 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-22 22:39 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-22 22:39 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-22 22:39 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 22:39 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-22 22:39 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-28 20:12 - 2014-05-28 20:12 - 00098816 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32api.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00110080 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\pywintypes27.dll
2014-05-28 20:12 - 2014-05-28 20:12 - 00364544 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\pythoncom27.dll
2014-05-28 20:12 - 2014-05-28 20:12 - 00045568 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\_socket.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 01159680 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\_ssl.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00320512 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32com.shell.shell.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00713216 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\_hashlib.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 01175040 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._core_.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00805888 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._gdi_.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00811008 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._windows_.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 01062400 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._controls_.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00735232 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._misc_.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00128512 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\_elementtree.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00127488 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\pyexpat.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00557056 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\pysqlite2._sqlite.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00087552 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\_ctypes.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00119808 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32file.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00108544 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32security.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00018432 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32event.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00038912 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32inet.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00070656 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._html2.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00167936 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32gui.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00011264 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32crypt.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00027136 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\_multiprocessing.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00122368 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._wizard.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00010240 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\select.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00024064 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32pipe.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00686080 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\unicodedata.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00025600 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32pdh.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00525640 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\windows._lib_cacheinvalidation.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00035840 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32process.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00017408 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32profile.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00022528 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\win32ts.pyd
2014-05-28 20:12 - 2014-05-28 20:12 - 00078336 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI36002\wx._animate.pyd
2014-05-22 22:39 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: MpKsl02a5868a
Description: MpKsl02a5868a
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl02a5868a
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2014 00:48:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/30/2014 00:46:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/30/2014 00:46:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/30/2014 00:28:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/30/2014 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/28/2014 11:48:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/28/2014 11:44:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/28/2014 11:44:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (05/28/2014 08:12:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/28/2014 00:42:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.88, Zeitstempel: 0x511afc59
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0xc4c
Startzeit der fehlerhaften Anwendung: 0xDivXUpdate.exe0
Pfad der fehlerhaften Anwendung: DivXUpdate.exe1
Pfad des fehlerhaften Moduls: DivXUpdate.exe2
Berichtskennung: DivXUpdate.exe3
 
 
System errors:
=============
Error: (05/18/2014 01:13:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 109gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (05/18/2014 01:12:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109
 
Error: (05/16/2014 03:43:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
 
Error: (05/13/2014 03:46:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
 
Error: (04/30/2014 06:57:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎04.‎2014 um 18:55:04 unerwartet heruntergefahren.
 
Error: (04/16/2014 11:54:24 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error: (04/16/2014 11:54:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
 
Error: (04/13/2014 00:48:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
 
Error: (04/08/2014 04:53:50 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
 
Error: (04/08/2014 04:53:50 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
 
 
Microsoft Office Sessions:
=========================
Error: (05/30/2014 00:48:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
 
Error: (05/30/2014 00:46:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe
 
Error: (05/30/2014 00:46:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe
 
Error: (05/30/2014 00:28:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe
 
Error: (05/30/2014 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe
 
Error: (05/28/2014 11:48:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
 
Error: (05/28/2014 11:44:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe
 
Error: (05/28/2014 11:44:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe
 
Error: (05/28/2014 08:12:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/28/2014 00:42:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DivXUpdate.exe1.0.6.88511afc59ole32.dll6.1.7601.175144ce7b96fc000000500039342c4c01cf79e0a42acd9cC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Windows\system32\ole32.dll20948818-e5f0-11e3-8e59-00e052f327cc
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 3071.55 MB
Available physical RAM: 1436.61 MB
Total Pagefile: 6141.4 MB
Available Pagefile: 3694.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.94 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.05 GB) (Free:83.27 GB) NTFS
Drive d: () (Fixed) (Total:149.04 GB) (Free:147.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (D3_2.0.0) (CDROM) (Total:7.69 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CE5D9E5D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 7F9A6D8A)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30.05.2014
Scan Time: 01:20:11
Logfile: 
Administrator: No
 
Version: 2.00.2.1012
Malware Database: v2014.05.29.14
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Bahlmann
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 252314
Time Elapsed: 20 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 4
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct2625848, Quarantined, [ac864f080c6feb4b1d8897e2837f18e8], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3288691, Quarantined, [f9391641374464d215907affb54d9868], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3297265, Quarantined, [1c16183fc3b89a9cecb9a7d2f50db947], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3297861, Quarantined, [c86af463b8c349eda401f188fc060000], 
 
Files: 8
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct2625848\statisticsStub.exe, Quarantined, [81b18acd90eb191d60bb1fe99e63ac54], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3297265\ism.exe, Quarantined, [85adca8dee8d3df989af9689be42817f], 
PUP.Optional.MySearchDial.A, C:\Users\Bahlmann\AppData\Local\Temp\is652283406\mysearchdial.dll, Quarantined, [af836ee959222d096c9d9cb854add62a], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct2625848\ieLogic.exe, Quarantined, [ac864f080c6feb4b1d8897e2837f18e8], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3288691\chromeid.txt, Quarantined, [f9391641374464d215907affb54d9868], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3288691\setup.ini.txt, Quarantined, [f9391641374464d215907affb54d9868], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3297861\chromeid.txt, Quarantined, [c86af463b8c349eda401f188fc060000], 
PUP.Optional.Conduit.A, C:\Users\Bahlmann\AppData\Local\Temp\ct3297861\setup.ini.txt, Quarantined, [c86af463b8c349eda401f188fc060000], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
======================
 


#12 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:45 AM

Posted 31 May 2014 - 08:20 AM

Hi Clueso-
 
Well done!!  These logs are looking a lot better but we still have some work to do.
 
I see signs in your log indicating Microsoft Security Essentials is still present.  Are you sure you deleted Microsoft Security Essentials and didn't just disable it?
 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below into the notepad file and save it as Fixlist.txt
 
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Thanks :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#13 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 May 2014 - 08:59 AM

I had some problems with finding the right folder, but this is what I got

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-05-2014
Ran by Bahlmann at 2014-05-31 15:57:37 Run:2
Running from C:\Users\Bahlmann\Downloads\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
*****************
 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
 
==== End of Fixlog ====
 
 
I also deleted the MSE shortcut

Edited by clueso, 31 May 2014 - 08:59 AM.


#14 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:45 AM

Posted 01 June 2014 - 08:29 AM

Hello Again Clueso-

 

Nice work.  That fix worked to clear up the issue it was meant to.

 

Now let us address the remaining issue with Microsoft Security Essentials.  I understand you used the Bleeping Computer Removal Tool as well as deleted the MSE shortcut but as I mentioned in my previous post there are still signs in your log that MSE remains on your system.  Please follow the instructions in the link below.  If you have any questions or encounter any problems please feel free to ask.   :)

 

http://answers.microsoft.com/en-us/protect/wiki/mse-protect_start/uninstalling-microsoft-security-essentials/316493c2-8885-46b0-afba-28ebd45c0838

 

Thanks   :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#15 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 01 June 2014 - 11:47 AM

I downloaded Fix It Tool & removed MSE (or Microsoft Security Client in this case)

Anything else?

thx very much






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users