Norton Internet Security extrem langsam

kalifrago · 04.10.2013, 19:51

Hallo zusammen,

ich bin neu hier und wurde auf Anraten des Norton Support Forums hierher geschickt. Die meinten, mein Problem basiere auf Trojaner und co.
Kurz zu meinem Problem:

Ich habe Windows 8 Pro 64bit, Norton Internet Security Versionsnr. 21.0.2.1 (Neuestes Upgrade direkt vom Support eingespielt, hat aber am Problem leider nix geändert)

Ich hatte auf meinem Rechner bis vor kurzem Norton 360 und mich dann für die abgespecktere Version entschieden. Dummerweise habe ich die neue Version direkt runtergeladen und installiert, die Installationsroutine hat auch nicht gemeckert.
Ich stelle Norton immer so ein, dass die automatische Programmsteuerung deaktiviert ist, da ich selbst bestimmen möchte, welches Programm sich mit dem Internet verbindet. Das hatte die ganze Zeit auch prima geklappt.
Mit der neuen Version ist es nun so, dass wenn ich ein Programm öffnen möchte, dass sich zum erstem Mal mit dem Internet verbinden möchte, kann das bis zu 10 min dauern, bis sich das Bestätigungsfenster von Norton öffnet, also das Fenster in dem ich zulassen oder blocken kann. In der Zeit kann ich am Rechner fast gar nix machen. Der Firefox kann keine Verbindung zu irgendeiner Seite herstellen und hängt sich sogar manchmal ganz auf.
Ich habe zwischenzeitlich NIS 3 mal de-und wieder installiert, jeweils wie vom Supportforum erklärt, mit dem Removaltool. Sogar die Registry nach Einträgen durchsucht und alte Nortoneinträge gelöscht. Den CCleaner habe ich auch mal drüber laufen lassen und verschiedene Sachen gelöscht. Normalerweise benutze ich den nicht, weil man sich da schon eventuell was zerschiessen kann.

Ich weiss mir keinen Rat mehr und bin dem Vorschlag vom NortonSupportForum gefolgt und hoffe auf Eure Hilfe. Vielleicht ist mein Rechner ja doch verseucht.

Was kann ich tun ? Danke schon mal.

Gruss
Kali

Im Taskmanager sieht man dann das Programm das ich öffnen möchte entweder als Hintergrundprozess oder als inaktiv. Die Datenträgeraktivität durch Norton ist erhöht und auf ca. 50 %.

t'john · 06.10.2013, 09:32

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

kalifrago · 06.10.2013, 12:15

Hallo t'john,

danke für das nette Willkommen

Ich habe gemacht, was du geschrieben hast. Hier meine Logfiles:

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by xxxx (administrator) on xxxx on 06-10-2013 12:56:22
Running from C:\Users\kali_000\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {18bf2f69-58f0-11e2-be68-806e6f6e6963} - "F:\setup.exe" 
MountPoints2: {83a67c9e-5828-11e2-be65-806e6f6e6963} - "F:\setup.exe" 
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073352 2012-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2 - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\info@djzig.com
FF Extension: LavaFox V2-Purple - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\zigboom555@aol.com
FF Extension: Purple Fox - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
FF Extension: FT DeepDark - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: FT GraphiteGlow - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
FF Extension: DownloadHelper - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: firebug - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firegestures - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\firegestures@xuldev.org.xpi
FF Extension: Noia4Options - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\Noia4Options@ArisT2.xpi
FF Extension: No Name - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Docs) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Glow) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0
CHR Extension: (YouTube) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (AdBlock) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Gestures for Google Chrome\u2122) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0
CHR Extension: (Norton Identity Protection) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.5.1.4_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\Exts\Chrome.crx

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-16] (Adobe Systems)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2013-06-21] (Adobe Systems Incorporated)
S4 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe [275696 2013-09-17] (Symantec Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe [2204488 2012-11-23] (UltraVNC)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1500020.001\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R3 cmuda3; C:\Windows\system32\drivers\cmudax3.sys [1155072 2012-01-21] (C-Media Inc)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2012-07-12] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-10-03] (Symantec Corporation)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys [520280 2013-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys [520280 2013-10-03] (Symantec Corporation)
S2 lladrv; C:\Windows\SysWow64\Drivers\lladrv.sys [32544 2004-08-22] (XB0 Group)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\ENG64.SYS [126040 2013-10-04] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\ENG64.SYS [126040 2013-10-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\EX64.SYS [2099288 2013-10-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\EX64.SYS [2099288 2013-10-04] (Symantec Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 RTCore64; C:\Program Files (x86)\RMClock\RTCore64.sys [14352 2013-02-10] ()
S3 RTCore64; C:\Program Files (x86)\RMClock\RTCore64.sys [14352 2013-02-10] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1500020.001\SRTSP64.SYS [854616 2013-07-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1500020.001\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1500020.001\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1500020.001\SYMEFA64.SYS [1147480 2013-08-05] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1500020.001\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1500020.001\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1500020.001\SYMNETS.SYS [590424 2013-09-11] (Symantec Corporation)
S1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
R3 ALSysIO; \??\C:\Users\xxxxxx\AppData\Local\Temp\ALSysIO64.sys [x]
S3 ET5Drv; No ImagePath
U5 GVTDrv; C:\Windows\SysWOW64\Drivers\GVTDrv.sys [24944 2013-02-18] ()
S2 lladrv; System32\Drivers\lladrv.sys [x]
U3 msahci; 
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\WNt500x64\Sandra.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 12:56 - 2013-10-06 12:56 - 00000000 ____D C:\FRST
2013-10-06 12:55 - 2013-10-06 12:55 - 01954124 _____ (Farbar) C:\Users\xxxxxx\Desktop\FRST64.exe
2013-10-05 19:20 - 2013-10-05 19:21 - 00295256 _____ C:\Windows\Minidump\100513-43243-01.dmp
2013-10-05 19:20 - 2013-10-05 19:20 - 670888404 _____ C:\Windows\MEMORY.DMP
2013-10-05 18:49 - 2013-10-05 18:49 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-05 18:49 - 2013-10-05 18:49 - 00000000 ____D C:\Program Files\Java
2013-10-05 11:48 - 2013-10-05 11:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 11:47 - 2013-10-05 11:47 - 01030305 _____ (Thisisu) C:\Users\xxxxxx\Desktop\JRT.exe
2013-10-05 11:18 - 2013-10-05 11:18 - 00001264 _____ C:\Users\xxxxxx\Desktop\Revo Uninstaller.lnk
2013-10-05 11:06 - 2013-10-05 11:06 - 00003130 _____ C:\Windows\System32\Tasks\{E7BBF419-BD05-41EA-A2DF-2BE225A649C7}
2013-10-04 19:58 - 2013-10-04 19:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-04 19:28 - 2013-10-04 19:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-04 19:10 - 2013-10-05 10:17 - 00000000 ____D C:\Users\xxxxxx\AppData\Local\LogMeIn Rescue Applet
2013-10-04 19:10 - 2013-10-04 19:10 - 00002218 _____ C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2013-10-04 19:09 - 2013-10-04 19:09 - 01295200 _____ (LogMeIn, Inc.) C:\Users\xxxxxx\Desktop\Support-LogMeInRescue.exe
2013-10-04 17:24 - 2013-10-04 17:24 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 17:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-03 22:21 - 2013-10-04 19:57 - 00003232 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-03 22:21 - 2013-10-04 19:57 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-03 22:21 - 2013-10-03 22:21 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-03 22:21 - 2013-10-03 22:21 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-03 22:21 - 2013-10-03 22:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-03 22:20 - 2013-10-03 22:21 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-03 22:18 - 2013-10-05 13:31 - 00020810 _____ C:\Windows\PFRO.log
2013-10-03 22:05 - 2013-10-03 22:05 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-03 22:05 - 2013-10-03 22:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-03 21:59 - 2013-05-02 17:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-10-03 13:07 - 2013-10-03 19:51 - 00000000 ____D C:\AdwCleaner
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\QuickScan
2013-09-28 19:40 - 2013-10-04 19:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-09-28 12:58 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:58 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:57 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-09-28 12:57 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-09-28 12:57 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-09-28 12:57 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-09-28 12:57 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-09-28 12:57 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-09-28 12:57 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-09-28 12:57 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:57 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-28 12:57 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-09-28 12:57 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:57 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-28 12:57 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-28 12:57 - 2013-07-31 01:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-28 12:57 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-09-28 12:57 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-09-28 12:57 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2013-09-28 12:57 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-09-28 12:57 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-09-28 12:57 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-09-22 13:12 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-16 17:36 - 2013-09-16 17:36 - 05184040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 12:08 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-13 12:08 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-13 12:08 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-13 12:08 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-13 12:08 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-13 12:08 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-13 12:08 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-13 12:08 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-13 12:08 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-13 12:08 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-13 12:08 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-13 12:07 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 12:07 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 12:07 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 12:07 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 12:07 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 12:07 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 12:07 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 12:07 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 12:07 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-13 12:07 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 12:02 - 2013-09-13 12:02 - 00000000 ____D C:\ProgramData\PCSettings
2013-09-10 10:14 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-10 10:14 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-10 10:14 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-10 10:14 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-10 10:14 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-10 10:14 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-10 10:14 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-10 10:14 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-10 10:14 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-10 10:14 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-10 10:14 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-10 10:14 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-10 10:14 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-10 10:14 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-10 10:14 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-10 10:14 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-10 10:14 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-10 10:14 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-10 10:14 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-10 10:14 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-10 10:14 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-10 10:14 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-10 10:14 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-10 10:14 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-10 10:14 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-10 10:14 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-10 10:14 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-10 10:14 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-10 10:14 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-10 10:14 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-10 10:14 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-10 10:14 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-10 10:14 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-10 10:14 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-10 10:14 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-10 10:14 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-10 10:14 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-10 10:14 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-07 11:51 - 2013-09-07 11:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-09-07 11:50 - 2013-10-06 12:55 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 11:50 - 2013-10-06 12:30 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 11:50 - 2013-09-07 11:50 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 11:50 - 2013-09-07 11:50 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified Files and Folders =======

2013-10-06 12:56 - 2013-10-06 12:56 - 00000000 ____D C:\FRST
2013-10-06 12:55 - 2013-10-06 12:55 - 01954124 _____ (Farbar) C:\Users\xxxxxx\Desktop\FRST64.exe
2013-10-06 12:55 - 2013-09-07 11:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 12:42 - 2013-04-27 17:32 - 01666116 _____ C:\Windows\WindowsUpdate.log
2013-10-06 12:41 - 2013-01-06 20:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3159973781-736306073-508366286-1001
2013-10-06 12:30 - 2013-09-07 11:50 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 12:30 - 2013-01-06 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-06 12:30 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 19:59 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-10-05 19:21 - 2013-10-05 19:20 - 00295256 _____ C:\Windows\Minidump\100513-43243-01.dmp
2013-10-05 19:20 - 2013-10-05 19:20 - 670888404 _____ C:\Windows\MEMORY.DMP
2013-10-05 19:20 - 2013-01-06 20:24 - 00000000 ____D C:\Windows\Minidump
2013-10-05 19:10 - 2013-05-19 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 19:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-05 18:49 - 2013-10-05 18:49 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-05 18:49 - 2013-10-05 18:49 - 00000000 ____D C:\Program Files\Java
2013-10-05 18:49 - 2013-05-12 16:26 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-05 18:49 - 2013-02-18 17:21 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-05 16:38 - 2013-02-14 17:32 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0038EBA-8BEC-4392-8D4E-908C92E970EC}
2013-10-05 13:32 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-05 13:31 - 2013-10-03 22:18 - 00020810 _____ C:\Windows\PFRO.log
2013-10-05 11:48 - 2013-10-05 11:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 11:47 - 2013-10-05 11:47 - 01030305 _____ (Thisisu) C:\Users\xxxxxx\Desktop\JRT.exe
2013-10-05 11:18 - 2013-10-05 11:18 - 00001264 _____ C:\Users\xxxxxx\Desktop\Revo Uninstaller.lnk
2013-10-05 11:16 - 2013-06-05 13:00 - 00000000 ____D C:\ProgramData\TechSmith
2013-10-05 11:16 - 2013-06-05 13:00 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-10-05 11:16 - 2013-01-06 20:01 - 00000000 ____D C:\Users\xxxxxx
2013-10-05 11:10 - 2013-01-18 11:53 - 00000000 ____D C:\ProgramData\MAGIX
2013-10-05 11:09 - 2013-06-01 17:27 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\IrfanView
2013-10-05 11:09 - 2013-04-06 16:34 - 00000000 ____D C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-10-05 11:09 - 2013-04-06 16:32 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-10-05 11:09 - 2013-02-20 19:36 - 00000000 ____D C:\Users\xxxxxx\AppData\Local\JDownloader 0.9
2013-10-05 11:08 - 2013-02-24 13:09 - 00000000 ____D C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2013-10-05 11:08 - 2013-02-24 13:08 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2013-10-05 11:06 - 2013-10-05 11:06 - 00003130 _____ C:\Windows\System32\Tasks\{E7BBF419-BD05-41EA-A2DF-2BE225A649C7}
2013-10-05 10:17 - 2013-10-04 19:10 - 00000000 ____D C:\Users\xxxxxx\AppData\Local\LogMeIn Rescue Applet
2013-10-05 10:17 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-10-04 20:04 - 2013-01-07 17:46 - 00000000 ____D C:\ProgramData\Norton
2013-10-04 19:58 - 2013-10-04 19:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-04 19:57 - 2013-10-03 22:21 - 00003232 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-04 19:57 - 2013-10-03 22:21 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-04 19:51 - 2013-08-31 12:04 - 00055808 ___SH C:\Users\kali_000\Desktop\Thumbs.db
2013-10-04 19:50 - 2013-09-28 19:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-04 19:29 - 2013-04-27 12:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-04 19:28 - 2013-10-04 19:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-04 19:28 - 2013-04-27 12:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-04 19:28 - 2013-01-15 11:15 - 00000235 _____ C:\Windows\wininit.ini
2013-10-04 19:10 - 2013-10-04 19:10 - 00002218 _____ C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2013-10-04 19:09 - 2013-10-04 19:09 - 01295200 _____ (LogMeIn, Inc.) C:\Users\xxxxxx\Desktop\Support-LogMeInRescue.exe
2013-10-04 17:47 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-04 17:24 - 2013-10-04 17:24 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 17:24 - 2013-04-27 19:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:21 - 2013-10-03 22:21 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-03 22:21 - 2013-10-03 22:21 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-03 22:21 - 2013-10-03 22:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-03 22:21 - 2013-10-03 22:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-03 22:16 - 2013-05-01 14:59 - 00000000 ____D C:\Users\xxxxxx\AppData\Local\CrashDumps
2013-10-03 22:15 - 2013-08-03 18:33 - 00000000 ____D C:\Users\xxxxxx\AppData\Roaming\Sony
2013-10-03 22:15 - 2013-01-19 14:01 - 00000000 ____D C:\Users\xxxxxx\AppData\Roaming\uTorrent
2013-10-03 22:15 - 2013-01-07 19:18 - 00000000 ____D C:\Users\xxxxxx\AppData\Roaming\FileZilla
2013-10-03 22:05 - 2013-10-03 22:05 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-03 22:05 - 2013-10-03 22:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-03 22:05 - 2013-04-27 11:45 - 00000000 ____D C:\Program Files\CCleaner
2013-10-03 21:37 - 2013-01-19 17:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-03 21:37 - 2013-01-19 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-03 21:37 - 2012-07-26 12:29 - 00000000 ____D C:\Windows\ShellNew
2013-10-03 21:35 - 2013-01-19 17:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-03 21:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-03 20:27 - 2013-01-07 17:36 - 00000000 ____D C:\Users\xxxxxx\AppData\Local\Mozilla
2013-10-03 20:24 - 2013-01-07 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-03 20:02 - 2013-01-07 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-03 19:51 - 2013-10-03 13:07 - 00000000 ____D C:\AdwCleaner
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Users\xxxxxx\AppData\Roaming\QuickScan
2013-09-28 13:48 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-28 13:23 - 2013-01-06 20:02 - 00000000 ___RD C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 13:23 - 2013-01-06 20:02 - 00000000 ___RD C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 13:20 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-09-22 17:05 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-09-22 17:05 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-09-22 17:05 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 11:45 - 2013-06-23 11:07 - 00000000 ____D C:\Users\xxxxxx\AppData\Roaming\LG Electronics
2013-09-21 11:45 - 2013-06-23 11:04 - 00000000 ____D C:\Users\xxxxxx\AppData\Local\LG Electronics
2013-09-19 01:26 - 2013-06-20 11:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-06-20 11:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-16 17:36 - 2013-09-16 17:36 - 05184040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 11:42 - 2013-05-19 11:32 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-15 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 19:01 - 2013-07-22 10:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 18:58 - 2013-01-07 21:54 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 12:19 - 2013-02-17 17:01 - 00000000 ____D C:\Users\xxxxxx\Documents\Symantec
2013-09-13 12:02 - 2013-09-13 12:02 - 00000000 ____D C:\ProgramData\PCSettings
2013-09-10 10:35 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-08 16:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-08 15:55 - 2013-05-11 17:11 - 00000000 ____D C:\Users\admin
2013-09-08 15:55 - 2013-03-15 16:13 - 00000000 ____D C:\Users\xxxxxx
2013-09-08 15:55 - 2013-01-27 17:55 - 00000000 ____D C:\Users\xxxxxx
2013-09-07 11:51 - 2013-09-07 11:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-09-07 11:51 - 2013-01-07 17:53 - 00000000 ____D C:\Users\xxxxxx\AppData\Local\Google
2013-09-07 11:51 - 2013-01-07 17:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 11:50 - 2013-09-07 11:50 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 11:50 - 2013-09-07 11:50 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\kali_000\AppData\Local\Temp\IPCameraViewer.exe
C:\Users\kali_000\AppData\Local\Temp\iv_uninstall.exe
C:\Users\kali_000\AppData\Local\Temp\VSUSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 13:01

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by xxxxxx at 2013-10-06 12:57:11
Running from C:\Users\xxxxxx\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708 (x32)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (x32 Version: 4)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Contribute CS4 (x32 Version: 5.0)
Adobe Creative Suite 4 Web Premium (x32 Version: 4.0)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe CS4 American English Speech Analysis Models (x32 Version: 1)
Adobe CS4 French Speech Analysis Models (x32 Version: 1)
Adobe CS4 German Speech Analysis Models (x32 Version: 1)
Adobe CS4 International English Speech Analysis Models (x32 Version: 1)
Adobe CS4 Italian Speech Analysis Models (x32 Version: 1)
Adobe CS4 Japanese Speech Analysis Models (x32 Version: 1)
Adobe CS4 Korean Speech Analysis Models (x32 Version: 1)
Adobe CS4 Spanish Speech Analysis Models (x32 Version: 1)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Dreamweaver CS4 (x32 Version: 10.0)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Fireworks CS4 (x32 Version: 10.0)
Adobe Flash CS4 (x32 Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0)
Adobe Flash CS4 STI-other (x32 Version: 10.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CS4 (x32 Version: 14.0)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Importer (x32 Version: 1.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Soundbooth CS4 (x32 Version: 2)
Adobe Soundbooth CS4 Codecs (x32 Version: 2)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe Version Cue CS4 Server (x32 Version: 4.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Anime Studio Pro 9.0 (Version: 9.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Artisteer 4 (x32 Version: 4.1)
ASIO4ALL (x32 Version: 2.10)
AutoGroup Editor (x32)
Blender (Version: 2.68)
Brother MFL-Pro Suite DCP-130C (x32 Version: 1.0.3.0)
CamStudio Lossless Codec
Camtasia Studio 8 (x32 Version: 8.1.1.1313)
CCleaner (Version: 4.06)
CINEMA 4D 14.034 (Version: 14.034)
C-Media PCI Audio Device
Connect (x32 Version: 1.0.0.1)
Core Temp 1.0 RC4 (Version: 1.0)
Corel Painter 12 - IPM (Version: 12.3)
Corel Painter 12 (Version: 12.2.0.703)
Cut Out 4.0
DAZ Content Management Service (x32 Version: 4.8.1.7)
DAZ Studio 4.6 (64bit) (x32 Version: 4.6.0.18)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
E-License Manager (Version: 1.3.0.0)
E-License Manager (x32 Version: 1.3.0.0)
Engine 2 (Version: 2.1.0.151)
Engine 2 (x32 Version: 2.1.0.151)
FileZilla Client 3.7.2 (HKCU Version: 3.7.2)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.32.0)
FL Studio 10 (x32)
Genetica 3.6 (Version: 3.6)
Google Chrome (x32 Version: 30.0.1599.69)
Google Earth (x32 Version: 7.1.1.1888)
headus UVLayout v2 Professional (x32 Version: 2.08.00)
IconHandler 64 bit (Version: 2.0)
IL Autogun (x32)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0)
IP Camera (x32)
IP Camera Viewer 1.0 (x32)
Java 7 Update 21 (x32 Version: 7.0.210)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.5)
kuler (x32 Version: 2.0)
LG United Mobile Drivers (x32 Version: 3.10.1.0)
LuxRender 1.2.1 x64 OpenCL (Version: 1.2.1)
MAGIX Burn routines (64-Bit) (Version: 9.0.0.212)
MAGIX Content und Soundpools (x32 Version: 1.0.0.0)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0)
MAGIX Goya burnR (MSI) (x32 Version: 4.3.2.0)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0)
MAGIX Music Maker 2013 (Version: 19.0.1.36)
MAGIX Music Maker 2013 (x32 Version: 19.0.1.36)
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0)
MAGIX Music Maker 2013 Update (Version: 19.0.5.57)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 1) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 2) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 3) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 4) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 5) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 6) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Soundpaket) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Synthesizer und Effekte) (x32 Version: 1.0.0.0)
MAGIX Music Maker MX Production Suite Download-Version (Version: 18.0.3.0)
MAGIX Music Maker MX Production Suite Download-Version (x32 Version: 18.0.3.0)
MAGIX Music Maker MX Production Suite Update (Version: 18.0.4.1)
MAGIX Video deluxe 2013 Plus (Version: 12.0.0.32)
MAGIX Video deluxe 2013 Plus (x32 Version: 12.0.0.32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MiniTool Partition Wizard Home Edition 8.0 (x32)
MotionArtist 1.1 (Version: 1.1)
MotionArtist 4 (x32)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyPhoneExplorer (x32 Version: 1.8.5)
Norton Internet Security (x32 Version: 21.0.2.1)
Notepad++ (x32 Version: 6.3.1)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
P3dO Explorer (remove only) (x32)
Painter 12 - Content (Version: 12.3)
Painter 12 - Core (Version: 12.3)
Painter 12 - Corex64 (Version: 12.3)
Painter 12 - DE (Version: 12.3)
Painter 12 - EN (Version: 12.3)
Painter 12 - FR (Version: 12.3)
Painter 12 - IT (Version: 12.3)
Painter 12 - Setup Files (Version: 12.3)
PDF Settings CS4 (x32 Version: 9.0)
PDF Settings CS6 (x32 Version: 11.0)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (x32 Version: 1.0)
Poser 7.0.2 (x32)
Poser Pro 2012 (Version: 9.0.0)
Poser Pro 2014 (Version: 10.0.0)
PoserContent2012 (Version: 9.0.0)
PoserContent2014 (Version: 10.0.0)
PoserFusion 2012 for Cinema 4D
QuickTime (x32 Version: 7.74.80.86)
reFX Nexus VSTi RTAS v2.2.0 (x32)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Sculptris Alpha 6 (x32 Version: 0.6)
Sequoia 12 (x32 Version: 12.0.2.100)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Silo 2.2 (x32 Version: 2.2)
Suite Shared Configuration CS4 (x32 Version: 1.0)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
UltraVnc (Version: 1.1.8)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update Manager B11.1124.1 (x32 Version: 1.00.0000)
Uvmapper Pro (x32)
VC_CRT_x64 (Version: 1.02.0000)
Vegas Pro 12.0 (64-bit) (Version: 12.0.670)
VirtualCloneDrive (x32)
Wacom Tablett (Version: 6.3.4-3)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

03-10-2013 19:33:53 Removed Microsoft Office Professional Plus 2013
03-10-2013 19:34:12 PROPLUS
05-10-2013 09:12:13 SiSoftware Sandra Personal
05-10-2013 09:13:49 Camtasia Studio 7 wird entfernt
05-10-2013 16:48:50 Installed Java 7 Update 40 (64-bit)

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-06-05 12:58 - 00000961 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activation.cloud.techsmith.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0EF2EE4F-1F00-48F2-8BDD-8706FAE8B59F} - System32\Tasks\Core Temp Autostart xxxxxx => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {3812F440-04A1-4005-8BE5-09691ADC875F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3A36E85E-644D-430F-907D-563970EE2ACC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {6E0BE4E6-F022-44ED-8E19-873CFF707183} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {88D5DD7C-90CC-4461-99B8-8FC1E41DEAE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {A109D0D4-C35F-4DEC-8561-19EE810B67EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15] (Adobe Systems Incorporated)
Task: {ABD16DA1-C535-42AB-AE45-98CE4FB64F00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {CA6EA666-7A1E-41C3-8DEA-4B7CDFE963B7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {EE7DB1AF-F147-4F11-9E00-83169823D14A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\WSCStub.exe [2013-09-17] (Symantec Corporation)
Task: {FCA9AC45-7BEC-493F-88B9-27B8740971F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-20 19:00 - 2012-10-29 09:14 - 01184640 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-08-06 19:43 - 2013-08-06 19:43 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-01-07 17:27 - 2013-08-08 10:06 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-01-07 17:27 - 2013-08-08 10:06 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-01-07 17:27 - 2013-08-08 10:06 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-01-07 17:25 - 2013-10-03 20:02 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:9638A27E
AlternateDataStreams: C:\Users\xxxxxx\AppData\Local\Temp:flf0cU8qFiMqFQTbbidN1e3SD
AlternateDataStreams: C:\Users\xxxxxx\AppData\Local\Temp:sS0UY4tnd6dUK02UZKVjn

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 802.11 b/g-USB-Drahtlosadapter #3
Description: 802.11 b/g-USB-Drahtlosadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Lite-On
Service: netr7364
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2013 06:49:13 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000170,0x00530194,0000000000000000,0,000000EDB3F9DE90,4096,[0]).


Vorgang:
   Schattenkopien abfragen


System errors:
=============
Error: (10/06/2013 00:30:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lladrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/06/2013 00:30:15 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\lladrv.sys

Error: (10/05/2013 07:21:14 PM) (Source: BugCheck) (User: )
Description: 0xc000021a (0xfffff8a01209e5a0, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP100513-43243-01

Error: (10/05/2013 07:20:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lladrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/05/2013 07:20:46 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\lladrv.sys

Error: (10/05/2013 07:20:43 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎10.‎2013 um 19:18:33 unerwartet heruntergefahren.

Error: (10/05/2013 07:18:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/05/2013 07:18:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Heimnetzgruppen-Listener erreicht.

Error: (10/05/2013 07:18:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Audio-Endpunkterstellung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/05/2013 07:18:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Audio-Endpunkterstellung erreicht.


Microsoft Office Sessions:
=========================
Error: (10/05/2013 06:49:13 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000170,0x00530194,0000000000000000,0,000000EDB3F9DE90,4096,[0])

Vorgang:
   Schattenkopien abfragen


CodeIntegrity Errors:
===================================
  Date: 2013-02-13 10:06:10.683
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-13 10:06:10.408
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-13 10:05:59.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-13 10:05:59.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-11 11:15:19.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-11 11:15:19.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:46:29.527
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:46:29.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:44:56.466
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:44:56.190
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 8062.3 MB
Available physical RAM: 6256.15 MB
Total Pagefile: 12062.3 MB
Available Pagefile: 10105.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:304.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (Daten) (Fixed) (Total:465.76 GB) (Free:191.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07E29C0E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

t'john · 06.10.2013, 12:25

Bitte zuerst alles gecrackte Zeug deinstallieren, dann geht es weiter.

http://www.trojaner-board.de/95393-c...-software.html

kalifrago · 06.10.2013, 16:05

Hi t'john,

wie kommst Du darauf, dass da gecrackte Sachen drauf sind ?
Ne Spass beiseite, es waren 3 Sachen, die ich mal zum Test hatte, aber eh nicht benutzt habe. Sorry, Du hast Recht, ich habs deinstalliert. Wollte nochmal ne additon.txt generieren, aber das geht nicht mehr, FRST macht mir nur die FRST.txt.

t'john · 06.10.2013, 18:08

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

dann:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

kalifrago · 06.10.2013, 20:08

Hier die check.txt Datei:

Code:

ATTFilter

Results of screen317's Security Check version 0.99.74  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 	11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (24.0) 
 Mozilla Thunderbird (17.0.8) 
 Google Chrome 29.0.1547.76  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Farbar's Recovery Scan Tool hab ich doch schon aufm Rechner, aber der macht nur noch die FRST.txt Datei, die Addition.txt macht er nicht mehr. Oder soll ich das Tool nochmal downloaden, steh grad aufm Schlauch

Hier die FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Kali (administrator) on FOXI on 06-10-2013 20:55:23
Running from C:\Users\kali_000\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
MountPoints2: {18bf2f69-58f0-11e2-be68-806e6f6e6963} - "F:\setup.exe" 
MountPoints2: {83a67c9e-5828-11e2-be65-806e6f6e6963} - "F:\setup.exe" 
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2 - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\info@djzig.com
FF Extension: LavaFox V2-Purple - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\zigboom555@aol.com
FF Extension: Purple Fox - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
FF Extension: FT DeepDark - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: FT GraphiteGlow - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
FF Extension: DownloadHelper - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: firebug - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firegestures - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\firegestures@xuldev.org.xpi
FF Extension: Noia4Options - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\Noia4Options@ArisT2.xpi
FF Extension: No Name - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn\

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Docs) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Glow) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0
CHR Extension: (YouTube) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (AdBlock) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Gestures for Google Chrome\u2122) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0
CHR Extension: (Norton Identity Protection) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.5.1.4_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\Exts\Chrome.crx

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-16] (Adobe Systems)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2013-06-21] (Adobe Systems Incorporated)
S4 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.0.2.1\NIS.exe [275696 2013-09-17] (Symantec Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe [2204488 2012-11-23] (UltraVNC)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1500020.001\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R3 cmuda3; C:\Windows\system32\drivers\cmudax3.sys [1155072 2012-01-21] (C-Media Inc)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2012-07-12] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-10-03] (Symantec Corporation)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys [520280 2013-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131004.001\IDSvia64.sys [520280 2013-10-03] (Symantec Corporation)
S2 lladrv; C:\Windows\SysWow64\Drivers\lladrv.sys [32544 2004-08-22] (XB0 Group)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\ENG64.SYS [126040 2013-10-04] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\ENG64.SYS [126040 2013-10-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\EX64.SYS [2099288 2013-10-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131005.007\EX64.SYS [2099288 2013-10-04] (Symantec Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 RTCore64; C:\Program Files (x86)\RMClock\RTCore64.sys [14352 2013-02-10] ()
S3 RTCore64; C:\Program Files (x86)\RMClock\RTCore64.sys [14352 2013-02-10] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1500020.001\SRTSP64.SYS [854616 2013-07-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1500020.001\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1500020.001\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1500020.001\SYMEFA64.SYS [1147480 2013-08-05] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1500020.001\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1500020.001\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1500020.001\SYMNETS.SYS [590424 2013-09-11] (Symantec Corporation)
S1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
R3 ALSysIO; \??\C:\Users\kali_000\AppData\Local\Temp\ALSysIO64.sys [x]
S3 ET5Drv; No ImagePath
U5 GVTDrv; C:\Windows\SysWOW64\Drivers\GVTDrv.sys [24944 2013-02-18] ()
S2 lladrv; System32\Drivers\lladrv.sys [x]
U3 msahci; 
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\WNt500x64\Sandra.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 20:37 - 2013-10-06 20:37 - 00000945 _____ C:\Users\kali_000\Desktop\checkup.txt
2013-10-06 20:26 - 2013-10-06 20:26 - 00891167 _____ C:\Users\kali_000\Desktop\SecurityCheck.exe
2013-10-06 16:26 - 2013-10-06 16:26 - 00715800 _____ C:\Users\kali_000\Desktop\InstallLogs.zip
2013-10-06 12:56 - 2013-10-06 12:56 - 00000000 ____D C:\FRST
2013-10-06 12:55 - 2013-10-06 12:55 - 01954124 _____ (Farbar) C:\Users\kali_000\Desktop\FRST64.exe
2013-10-05 19:20 - 2013-10-05 19:21 - 00295256 _____ C:\Windows\Minidump\100513-43243-01.dmp
2013-10-05 19:20 - 2013-10-05 19:20 - 670888404 _____ C:\Windows\MEMORY.DMP
2013-10-05 18:49 - 2013-10-05 18:49 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-05 18:49 - 2013-10-05 18:49 - 00000000 ____D C:\Program Files\Java
2013-10-05 11:48 - 2013-10-05 11:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 11:47 - 2013-10-05 11:47 - 01030305 _____ (Thisisu) C:\Users\kali_000\Desktop\JRT.exe
2013-10-05 11:18 - 2013-10-05 11:18 - 00001264 _____ C:\Users\kali_000\Desktop\Revo Uninstaller.lnk
2013-10-05 11:06 - 2013-10-05 11:06 - 00003130 _____ C:\Windows\System32\Tasks\{E7BBF419-BD05-41EA-A2DF-2BE225A649C7}
2013-10-04 19:58 - 2013-10-04 19:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-04 19:28 - 2013-10-04 19:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-04 19:10 - 2013-10-05 10:17 - 00000000 ____D C:\Users\kali_000\AppData\Local\LogMeIn Rescue Applet
2013-10-04 19:10 - 2013-10-04 19:10 - 00002218 _____ C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2013-10-04 19:09 - 2013-10-04 19:09 - 01295200 _____ (LogMeIn, Inc.) C:\Users\kali_000\Desktop\Support-LogMeInRescue.exe
2013-10-04 17:24 - 2013-10-04 17:24 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 17:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-03 22:21 - 2013-10-04 19:57 - 00003232 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-03 22:21 - 2013-10-04 19:57 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-03 22:21 - 2013-10-03 22:21 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-03 22:21 - 2013-10-03 22:21 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-03 22:21 - 2013-10-03 22:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-03 22:20 - 2013-10-03 22:21 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-03 22:18 - 2013-10-05 13:31 - 00020810 _____ C:\Windows\PFRO.log
2013-10-03 22:05 - 2013-10-03 22:05 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-03 22:05 - 2013-10-03 22:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-03 21:59 - 2013-05-02 17:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-10-03 13:07 - 2013-10-03 19:51 - 00000000 ____D C:\AdwCleaner
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\QuickScan
2013-09-28 19:40 - 2013-10-04 19:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-09-28 12:58 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:58 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:57 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-09-28 12:57 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-09-28 12:57 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-09-28 12:57 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-09-28 12:57 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-09-28 12:57 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-09-28 12:57 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-09-28 12:57 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:57 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-28 12:57 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-09-28 12:57 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:57 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-28 12:57 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-28 12:57 - 2013-07-31 01:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-28 12:57 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-09-28 12:57 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-09-28 12:57 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2013-09-28 12:57 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-09-28 12:57 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-09-28 12:57 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-09-22 13:12 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-16 17:36 - 2013-10-06 20:19 - 05186392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 12:08 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-13 12:08 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-13 12:08 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-13 12:08 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-13 12:08 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-13 12:08 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-13 12:08 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-13 12:08 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-13 12:08 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-13 12:08 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-13 12:08 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-13 12:07 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 12:07 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 12:07 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 12:07 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 12:07 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 12:07 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 12:07 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 12:07 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 12:07 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-13 12:07 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 12:02 - 2013-09-13 12:02 - 00000000 ____D C:\ProgramData\PCSettings
2013-09-10 10:14 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-10 10:14 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-10 10:14 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-10 10:14 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-10 10:14 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-10 10:14 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-10 10:14 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-10 10:14 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-10 10:14 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-10 10:14 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-10 10:14 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-10 10:14 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-10 10:14 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-10 10:14 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-10 10:14 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-10 10:14 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-10 10:14 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-10 10:14 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-10 10:14 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-10 10:14 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-10 10:14 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-10 10:14 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-10 10:14 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-10 10:14 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-10 10:14 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-10 10:14 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-10 10:14 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-10 10:14 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-10 10:14 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-10 10:14 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-10 10:14 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-10 10:14 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-10 10:14 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-10 10:14 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-10 10:14 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-10 10:14 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-10 10:14 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-10 10:14 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-07 11:51 - 2013-09-07 11:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-09-07 11:50 - 2013-10-06 20:55 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 11:50 - 2013-10-06 20:20 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 11:50 - 2013-09-07 11:50 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 11:50 - 2013-09-07 11:50 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified Files and Folders =======

2013-10-06 20:55 - 2013-09-07 11:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 20:44 - 2013-01-06 20:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3159973781-736306073-508366286-1001
2013-10-06 20:37 - 2013-10-06 20:37 - 00000945 _____ C:\Users\kali_000\Desktop\checkup.txt
2013-10-06 20:32 - 2013-03-30 16:10 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Notepad++
2013-10-06 20:32 - 2013-03-30 16:10 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-10-06 20:31 - 2013-04-27 17:32 - 01694459 _____ C:\Windows\WindowsUpdate.log
2013-10-06 20:26 - 2013-10-06 20:26 - 00891167 _____ C:\Users\kali_000\Desktop\SecurityCheck.exe
2013-10-06 20:23 - 2013-02-14 17:32 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0038EBA-8BEC-4392-8D4E-908C92E970EC}
2013-10-06 20:20 - 2013-09-07 11:50 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 20:20 - 2013-01-06 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-06 20:20 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 20:19 - 2013-09-16 17:36 - 05186392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-06 17:05 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-10-06 17:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-06 16:51 - 2013-01-18 11:53 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-10-06 16:48 - 2013-05-01 14:59 - 00000000 ____D C:\Users\kali_000\AppData\Local\CrashDumps
2013-10-06 16:26 - 2013-10-06 16:26 - 00715800 _____ C:\Users\kali_000\Desktop\InstallLogs.zip
2013-10-06 16:19 - 2013-01-18 11:53 - 00000000 ____D C:\ProgramData\MAGIX
2013-10-06 16:10 - 2013-05-19 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 14:20 - 2013-01-15 11:48 - 00000000 ____D C:\Program Files\Adobe
2013-10-06 14:20 - 2013-01-06 20:02 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Adobe
2013-10-06 14:19 - 2013-01-15 11:00 - 00000000 ____D C:\ProgramData\Adobe
2013-10-06 14:19 - 2013-01-15 10:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-06 14:18 - 2013-01-15 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-06 14:11 - 2013-03-30 16:38 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-06 12:56 - 2013-10-06 12:56 - 00000000 ____D C:\FRST
2013-10-06 12:55 - 2013-10-06 12:55 - 01954124 _____ (Farbar) C:\Users\kali_000\Desktop\FRST64.exe
2013-10-05 19:21 - 2013-10-05 19:20 - 00295256 _____ C:\Windows\Minidump\100513-43243-01.dmp
2013-10-05 19:20 - 2013-10-05 19:20 - 670888404 _____ C:\Windows\MEMORY.DMP
2013-10-05 19:20 - 2013-01-06 20:24 - 00000000 ____D C:\Windows\Minidump
2013-10-05 18:49 - 2013-10-05 18:49 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-05 18:49 - 2013-10-05 18:49 - 00000000 ____D C:\Program Files\Java
2013-10-05 18:49 - 2013-05-12 16:26 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-05 18:49 - 2013-02-18 17:21 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-05 13:32 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-05 13:31 - 2013-10-03 22:18 - 00020810 _____ C:\Windows\PFRO.log
2013-10-05 11:48 - 2013-10-05 11:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 11:47 - 2013-10-05 11:47 - 01030305 _____ (Thisisu) C:\Users\kali_000\Desktop\JRT.exe
2013-10-05 11:18 - 2013-10-05 11:18 - 00001264 _____ C:\Users\kali_000\Desktop\Revo Uninstaller.lnk
2013-10-05 11:16 - 2013-06-05 13:00 - 00000000 ____D C:\ProgramData\TechSmith
2013-10-05 11:16 - 2013-06-05 13:00 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-10-05 11:16 - 2013-01-06 20:01 - 00000000 ____D C:\Users\kali_000
2013-10-05 11:09 - 2013-06-01 17:27 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\IrfanView
2013-10-05 11:09 - 2013-04-06 16:34 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-10-05 11:09 - 2013-04-06 16:32 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-10-05 11:09 - 2013-02-20 19:36 - 00000000 ____D C:\Users\kali_000\AppData\Local\JDownloader 0.9
2013-10-05 11:08 - 2013-02-24 13:09 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2013-10-05 11:08 - 2013-02-24 13:08 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2013-10-05 11:06 - 2013-10-05 11:06 - 00003130 _____ C:\Windows\System32\Tasks\{E7BBF419-BD05-41EA-A2DF-2BE225A649C7}
2013-10-05 10:17 - 2013-10-04 19:10 - 00000000 ____D C:\Users\kali_000\AppData\Local\LogMeIn Rescue Applet
2013-10-05 10:17 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-10-04 20:04 - 2013-01-07 17:46 - 00000000 ____D C:\ProgramData\Norton
2013-10-04 19:58 - 2013-10-04 19:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-04 19:57 - 2013-10-03 22:21 - 00003232 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-04 19:57 - 2013-10-03 22:21 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-04 19:51 - 2013-08-31 12:04 - 00055808 ___SH C:\Users\kali_000\Desktop\Thumbs.db
2013-10-04 19:50 - 2013-09-28 19:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-04 19:29 - 2013-04-27 12:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-04 19:28 - 2013-10-04 19:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-04 19:28 - 2013-04-27 12:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-04 19:28 - 2013-01-15 11:15 - 00000235 _____ C:\Windows\wininit.ini
2013-10-04 19:10 - 2013-10-04 19:10 - 00002218 _____ C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2013-10-04 19:09 - 2013-10-04 19:09 - 01295200 _____ (LogMeIn, Inc.) C:\Users\kali_000\Desktop\Support-LogMeInRescue.exe
2013-10-04 17:47 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-04 17:24 - 2013-10-04 17:24 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 17:24 - 2013-04-27 19:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:21 - 2013-10-03 22:21 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-03 22:21 - 2013-10-03 22:21 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-03 22:21 - 2013-10-03 22:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-03 22:21 - 2013-10-03 22:20 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-03 22:15 - 2013-08-03 18:33 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Sony
2013-10-03 22:15 - 2013-01-19 14:01 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\uTorrent
2013-10-03 22:15 - 2013-01-07 19:18 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\FileZilla
2013-10-03 22:05 - 2013-10-03 22:05 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-03 22:05 - 2013-10-03 22:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-03 22:05 - 2013-04-27 11:45 - 00000000 ____D C:\Program Files\CCleaner
2013-10-03 21:37 - 2013-01-19 17:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-03 21:37 - 2013-01-19 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-03 21:37 - 2012-07-26 12:29 - 00000000 ____D C:\Windows\ShellNew
2013-10-03 21:35 - 2013-01-19 17:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-03 21:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-03 20:27 - 2013-01-07 17:36 - 00000000 ____D C:\Users\kali_000\AppData\Local\Mozilla
2013-10-03 20:24 - 2013-01-07 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-03 20:02 - 2013-01-07 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-03 19:51 - 2013-10-03 13:07 - 00000000 ____D C:\AdwCleaner
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\QuickScan
2013-09-28 13:48 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-28 13:23 - 2013-01-06 20:02 - 00000000 ___RD C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 13:23 - 2013-01-06 20:02 - 00000000 ___RD C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 13:20 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-09-22 17:05 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-09-22 17:05 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-09-22 17:05 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 11:45 - 2013-06-23 11:07 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\LG Electronics
2013-09-21 11:45 - 2013-06-23 11:04 - 00000000 ____D C:\Users\kali_000\AppData\Local\LG Electronics
2013-09-19 01:26 - 2013-06-20 11:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-06-20 11:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 11:42 - 2013-05-19 11:32 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-15 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 19:01 - 2013-07-22 10:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 18:58 - 2013-01-07 21:54 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 12:19 - 2013-02-17 17:01 - 00000000 ____D C:\Users\kali_000\Documents\Symantec
2013-09-13 12:02 - 2013-09-13 12:02 - 00000000 ____D C:\ProgramData\PCSettings
2013-09-10 10:35 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-08 16:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-08 15:55 - 2013-05-11 17:11 - 00000000 ____D C:\Users\admin
2013-09-08 15:55 - 2013-03-15 16:13 - 00000000 ____D C:\Users\Foxi
2013-09-08 15:55 - 2013-01-27 17:55 - 00000000 ____D C:\Users\Kali
2013-09-07 11:51 - 2013-09-07 11:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-09-07 11:51 - 2013-01-07 17:53 - 00000000 ____D C:\Users\kali_000\AppData\Local\Google
2013-09-07 11:51 - 2013-01-07 17:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 11:50 - 2013-09-07 11:50 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-07 11:50 - 2013-09-07 11:50 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\kali_000\AppData\Local\Temp\IPCameraViewer.exe
C:\Users\kali_000\AppData\Local\Temp\iv_uninstall.exe
C:\Users\kali_000\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\kali_000\AppData\Local\Temp\VSUSetup.exe
C:\Users\kali_000\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 13:01

==================== End Of Log ============================

--- --- ---

t'john · 06.10.2013, 20:31

Deinstalliere Spybot und alles von Norton.

Loesche FRST, lade es neu runter.
stelle sicher, dass unter Optional Scan auch Additions.txt gewaehlt ist.

kalifrago · 07.10.2013, 16:20

Spybot hab ich schon deinstalliert. Kann ich Norton nach dem Scan mit FRST gleich wieder installieren ?
Oder muss der dann erstmal runter vom System sein, für die nächsten Schritte ?

t'john · 07.10.2013, 18:07

Zitat:

Kann ich Norton nach dem Scan mit FRST gleich wieder installieren ?

Nein, deinstalliert lassen.

kalifrago · 08.10.2013, 17:39

So hier die Ergebnisse:
FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Kali (administrator) on FOXI on 08-10-2013 18:14:39
Running from C:\Users\kali_000\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CmPCIaudio] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
MountPoints2: {18bf2f69-58f0-11e2-be68-806e6f6e6963} - "F:\setup.exe" 
MountPoints2: {83a67c9e-5828-11e2-be65-806e6f6e6963} - "F:\setup.exe" 
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LavaFox V2 - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\info@djzig.com
FF Extension: LavaFox V2-Purple - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\zigboom555@aol.com
FF Extension: Purple Fox - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
FF Extension: FT DeepDark - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: FT GraphiteGlow - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
FF Extension: DownloadHelper - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: amznUWL2 - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: firebug - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firegestures - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\firegestures@xuldev.org.xpi
FF Extension: Noia4Options - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\Noia4Options@ArisT2.xpi
FF Extension: No Name - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\kali_000\AppData\Roaming\Mozilla\Firefox\Profiles\yho5qtlk.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Docs) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Glow) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0
CHR Extension: (YouTube) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (AdBlock) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Gestures for Google Chrome\u2122) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0
CHR Extension: (Norton Identity Protection) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.5.1.4_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\kali_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-16] (Adobe Systems)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2013-06-21] (Adobe Systems Incorporated)
S4 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe [2204488 2012-11-23] (UltraVNC)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R3 cmuda3; C:\Windows\system32\drivers\cmudax3.sys [1155072 2012-01-21] (C-Media Inc)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2012-07-12] (Intel Corporation)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 etdrv; C:\Windows\etdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-19] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-02-19] ()
S2 lladrv; C:\Windows\SysWow64\Drivers\lladrv.sys [32544 2004-08-22] (XB0 Group)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] ()
S3 RTCore64; C:\Program Files (x86)\RMClock\RTCore64.sys [14352 2013-02-10] ()
S3 RTCore64; C:\Program Files (x86)\RMClock\RTCore64.sys [14352 2013-02-10] ()
S1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
R3 ALSysIO; \??\C:\Users\kali_000\AppData\Local\Temp\ALSysIO64.sys [x]
S3 ET5Drv; No ImagePath
U5 GVTDrv; C:\Windows\SysWOW64\Drivers\GVTDrv.sys [24944 2013-02-18] ()
S2 lladrv; System32\Drivers\lladrv.sys [x]
U3 msahci; 
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\WNt500x64\Sandra.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 18:12 - 2013-10-08 18:13 - 00033241 _____ C:\Users\kali_000\Desktop\Addition.txt
2013-10-06 20:26 - 2013-10-06 20:26 - 00891167 _____ C:\Users\kali_000\Desktop\SecurityCheck.exe
2013-10-06 16:26 - 2013-10-06 16:26 - 00715800 _____ C:\Users\kali_000\Desktop\InstallLogs.zip
2013-10-06 12:56 - 2013-10-06 12:56 - 00000000 ____D C:\FRST
2013-10-06 12:55 - 2013-10-06 12:55 - 01954124 _____ (Farbar) C:\Users\kali_000\Desktop\FRST64.exe
2013-10-05 19:20 - 2013-10-05 19:21 - 00295256 _____ C:\Windows\Minidump\100513-43243-01.dmp
2013-10-05 19:20 - 2013-10-05 19:20 - 670888404 _____ C:\Windows\MEMORY.DMP
2013-10-05 18:49 - 2013-10-05 18:49 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-05 18:49 - 2013-10-05 18:49 - 00000000 ____D C:\Program Files\Java
2013-10-05 11:48 - 2013-10-05 11:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 11:47 - 2013-10-05 11:47 - 01030305 _____ (Thisisu) C:\Users\kali_000\Desktop\JRT.exe
2013-10-05 11:18 - 2013-10-05 11:18 - 00001264 _____ C:\Users\kali_000\Desktop\Revo Uninstaller.lnk
2013-10-05 11:06 - 2013-10-05 11:06 - 00003130 _____ C:\Windows\System32\Tasks\{E7BBF419-BD05-41EA-A2DF-2BE225A649C7}
2013-10-04 19:28 - 2013-10-04 19:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-04 19:10 - 2013-10-05 10:17 - 00000000 ____D C:\Users\kali_000\AppData\Local\LogMeIn Rescue Applet
2013-10-04 19:10 - 2013-10-04 19:10 - 00002218 _____ C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2013-10-04 19:09 - 2013-10-04 19:09 - 01295200 _____ (LogMeIn, Inc.) C:\Users\kali_000\Desktop\Support-LogMeInRescue.exe
2013-10-04 17:24 - 2013-10-04 17:24 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 17:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-03 22:18 - 2013-10-08 17:28 - 00903458 _____ C:\Windows\PFRO.log
2013-10-03 22:05 - 2013-10-03 22:05 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-03 22:05 - 2013-10-03 22:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-03 21:59 - 2013-05-02 17:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-10-03 13:07 - 2013-10-03 19:51 - 00000000 ____D C:\AdwCleaner
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\QuickScan
2013-09-28 19:40 - 2013-10-04 19:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-09-28 12:58 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-28 12:58 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-28 12:57 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-09-28 12:57 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-09-28 12:57 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-09-28 12:57 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-09-28 12:57 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-09-28 12:57 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-09-28 12:57 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-09-28 12:57 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-09-28 12:57 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-28 12:57 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-28 12:57 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-09-28 12:57 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-28 12:57 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-28 12:57 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-28 12:57 - 2013-07-31 01:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-28 12:57 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-09-28 12:57 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-09-28 12:57 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2013-09-28 12:57 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2013-09-28 12:57 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-09-28 12:57 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-09-22 13:12 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-16 17:36 - 2013-10-06 20:19 - 05186392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 12:08 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-13 12:08 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-13 12:08 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-13 12:08 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-13 12:08 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-13 12:08 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-13 12:08 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-13 12:08 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-13 12:08 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-13 12:08 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-13 12:08 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-13 12:08 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-13 12:08 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-13 12:07 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 12:07 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 12:07 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 12:07 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 12:07 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 12:07 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 12:07 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 12:07 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 12:07 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 12:07 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 12:07 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-13 12:07 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 12:02 - 2013-09-13 12:02 - 00000000 ____D C:\ProgramData\PCSettings
2013-09-10 10:14 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-10 10:14 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-10 10:14 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-10 10:14 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-10 10:14 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-10 10:14 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-10 10:14 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-10 10:14 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-10 10:14 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-10 10:14 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-10 10:14 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-10 10:14 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-10 10:14 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-10 10:14 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-10 10:14 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-10 10:14 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-10 10:14 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-10 10:14 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-10 10:14 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-10 10:14 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-10 10:14 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-10 10:14 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-10 10:14 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-10 10:14 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-10 10:14 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-10 10:14 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-10 10:14 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-10 10:14 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-10 10:14 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-10 10:14 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-10 10:14 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-10 10:14 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-10 10:14 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-10 10:14 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-10 10:14 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-10 10:14 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-10 10:14 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-10 10:14 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-10 10:14 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

==================== One Month Modified Files and Folders =======

2013-10-08 18:14 - 2013-01-07 17:46 - 00000000 ____D C:\ProgramData\Norton
2013-10-08 18:13 - 2013-10-08 18:12 - 00033241 _____ C:\Users\kali_000\Desktop\Addition.txt
2013-10-08 18:10 - 2013-05-19 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 18:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-08 17:55 - 2013-09-07 11:50 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 17:49 - 2013-04-27 17:32 - 01805088 _____ C:\Windows\WindowsUpdate.log
2013-10-08 17:40 - 2013-01-06 20:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3159973781-736306073-508366286-1001
2013-10-08 17:28 - 2013-10-03 22:18 - 00903458 _____ C:\Windows\PFRO.log
2013-10-08 17:28 - 2013-09-07 11:50 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-08 17:28 - 2013-01-06 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-08 17:28 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 17:27 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-10-08 17:26 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-10-08 17:26 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-10-07 22:48 - 2013-02-14 17:32 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0038EBA-8BEC-4392-8D4E-908C92E970EC}
2013-10-07 20:18 - 2013-01-07 19:18 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\FileZilla
2013-10-07 20:11 - 2013-08-31 12:04 - 00055808 ___SH C:\Users\kali_000\Desktop\Thumbs.db
2013-10-07 20:11 - 2013-01-06 20:02 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Adobe
2013-10-06 20:32 - 2013-03-30 16:10 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Notepad++
2013-10-06 20:32 - 2013-03-30 16:10 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-10-06 20:26 - 2013-10-06 20:26 - 00891167 _____ C:\Users\kali_000\Desktop\SecurityCheck.exe
2013-10-06 20:19 - 2013-09-16 17:36 - 05186392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-06 16:51 - 2013-01-18 11:53 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-10-06 16:48 - 2013-05-01 14:59 - 00000000 ____D C:\Users\kali_000\AppData\Local\CrashDumps
2013-10-06 16:26 - 2013-10-06 16:26 - 00715800 _____ C:\Users\kali_000\Desktop\InstallLogs.zip
2013-10-06 16:19 - 2013-01-18 11:53 - 00000000 ____D C:\ProgramData\MAGIX
2013-10-06 14:20 - 2013-01-15 11:48 - 00000000 ____D C:\Program Files\Adobe
2013-10-06 14:19 - 2013-01-15 11:00 - 00000000 ____D C:\ProgramData\Adobe
2013-10-06 14:19 - 2013-01-15 10:57 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-06 14:18 - 2013-01-15 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-06 14:11 - 2013-03-30 16:38 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-06 12:56 - 2013-10-06 12:56 - 00000000 ____D C:\FRST
2013-10-06 12:55 - 2013-10-06 12:55 - 01954124 _____ (Farbar) C:\Users\kali_000\Desktop\FRST64.exe
2013-10-05 19:21 - 2013-10-05 19:20 - 00295256 _____ C:\Windows\Minidump\100513-43243-01.dmp
2013-10-05 19:20 - 2013-10-05 19:20 - 670888404 _____ C:\Windows\MEMORY.DMP
2013-10-05 19:20 - 2013-01-06 20:24 - 00000000 ____D C:\Windows\Minidump
2013-10-05 18:49 - 2013-10-05 18:49 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-05 18:49 - 2013-10-05 18:49 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-05 18:49 - 2013-10-05 18:49 - 00000000 ____D C:\Program Files\Java
2013-10-05 18:49 - 2013-05-12 16:26 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-10-05 18:49 - 2013-02-18 17:21 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-10-05 11:48 - 2013-10-05 11:48 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 11:47 - 2013-10-05 11:47 - 01030305 _____ (Thisisu) C:\Users\kali_000\Desktop\JRT.exe
2013-10-05 11:18 - 2013-10-05 11:18 - 00001264 _____ C:\Users\kali_000\Desktop\Revo Uninstaller.lnk
2013-10-05 11:16 - 2013-06-05 13:00 - 00000000 ____D C:\ProgramData\TechSmith
2013-10-05 11:16 - 2013-06-05 13:00 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-10-05 11:16 - 2013-01-06 20:01 - 00000000 ____D C:\Users\kali_000
2013-10-05 11:09 - 2013-06-01 17:27 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\IrfanView
2013-10-05 11:09 - 2013-04-06 16:34 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-10-05 11:09 - 2013-04-06 16:32 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-10-05 11:09 - 2013-02-20 19:36 - 00000000 ____D C:\Users\kali_000\AppData\Local\JDownloader 0.9
2013-10-05 11:08 - 2013-02-24 13:09 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2013-10-05 11:08 - 2013-02-24 13:08 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2013-10-05 11:06 - 2013-10-05 11:06 - 00003130 _____ C:\Windows\System32\Tasks\{E7BBF419-BD05-41EA-A2DF-2BE225A649C7}
2013-10-05 10:17 - 2013-10-04 19:10 - 00000000 ____D C:\Users\kali_000\AppData\Local\LogMeIn Rescue Applet
2013-10-04 19:50 - 2013-09-28 19:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-04 19:29 - 2013-04-27 12:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-04 19:28 - 2013-10-04 19:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-04 19:28 - 2013-04-27 12:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-04 19:28 - 2013-01-15 11:15 - 00000235 _____ C:\Windows\wininit.ini
2013-10-04 19:10 - 2013-10-04 19:10 - 00002218 _____ C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2013-10-04 19:09 - 2013-10-04 19:09 - 01295200 _____ (LogMeIn, Inc.) C:\Users\kali_000\Desktop\Support-LogMeInRescue.exe
2013-10-04 17:47 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-04 17:24 - 2013-10-04 17:24 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-04 17:24 - 2013-04-27 19:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:15 - 2013-08-03 18:33 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\Sony
2013-10-03 22:15 - 2013-01-19 14:01 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\uTorrent
2013-10-03 22:05 - 2013-10-03 22:05 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-03 22:05 - 2013-10-03 22:05 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-03 22:05 - 2013-04-27 11:45 - 00000000 ____D C:\Program Files\CCleaner
2013-10-03 21:37 - 2013-01-19 17:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-03 21:37 - 2013-01-19 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-03 21:37 - 2012-07-26 12:29 - 00000000 ____D C:\Windows\ShellNew
2013-10-03 21:35 - 2013-01-19 17:56 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-03 21:34 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-03 20:27 - 2013-01-07 17:36 - 00000000 ____D C:\Users\kali_000\AppData\Local\Mozilla
2013-10-03 20:24 - 2013-01-07 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-03 20:02 - 2013-01-07 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-03 19:51 - 2013-10-03 13:07 - 00000000 ____D C:\AdwCleaner
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\QuickScan
2013-09-28 13:48 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-28 13:23 - 2013-01-06 20:02 - 00000000 ___RD C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-28 13:23 - 2013-01-06 20:02 - 00000000 ___RD C:\Users\kali_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-28 13:20 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-09-22 17:05 - 2012-07-26 12:27 - 00751892 _____ C:\Windows\system32\perfh007.dat
2013-09-22 17:05 - 2012-07-26 12:27 - 00155620 _____ C:\Windows\system32\perfc007.dat
2013-09-22 17:05 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 11:45 - 2013-06-23 11:07 - 00000000 ____D C:\Users\kali_000\AppData\Roaming\LG Electronics
2013-09-21 11:45 - 2013-06-23 11:04 - 00000000 ____D C:\Users\kali_000\AppData\Local\LG Electronics
2013-09-19 01:26 - 2013-06-20 11:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-06-20 11:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 11:42 - 2013-05-19 11:32 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-15 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-14 19:01 - 2013-07-22 10:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 18:58 - 2013-01-07 21:54 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 12:19 - 2013-02-17 17:01 - 00000000 ____D C:\Users\kali_000\Documents\Symantec
2013-09-13 12:02 - 2013-09-13 12:02 - 00000000 ____D C:\ProgramData\PCSettings
2013-09-10 10:35 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-08 16:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-09-08 15:55 - 2013-05-11 17:11 - 00000000 ____D C:\Users\admin
2013-09-08 15:55 - 2013-03-15 16:13 - 00000000 ____D C:\Users\Foxi
2013-09-08 15:55 - 2013-01-27 17:55 - 00000000 ____D C:\Users\Kali

Some content of TEMP:
====================
C:\Users\kali_000\AppData\Local\Temp\IPCameraViewer.exe
C:\Users\kali_000\AppData\Local\Temp\iv_uninstall.exe
C:\Users\kali_000\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\kali_000\AppData\Local\Temp\VSUSetup.exe
C:\Users\kali_000\AppData\Local\Temp\xmlUpdater.exe
C:\Users\kali_000\AppData\Local\Temp\{92622AAD-05E8-4459-B256-765CE1E929FB}_NST_29673.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-29 13:01

==================== End Of Log ============================

--- --- ---

Addition.txt :

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Kali at 2013-10-08 18:15:15
Running from C:\Users\kali_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708 (x32)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (x32 Version: 4)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Contribute CS4 (x32 Version: 5.0)
Adobe Creative Suite 4 Web Premium (x32 Version: 4.0)
Adobe CS4 American English Speech Analysis Models (x32 Version: 1)
Adobe CS4 French Speech Analysis Models (x32 Version: 1)
Adobe CS4 German Speech Analysis Models (x32 Version: 1)
Adobe CS4 International English Speech Analysis Models (x32 Version: 1)
Adobe CS4 Italian Speech Analysis Models (x32 Version: 1)
Adobe CS4 Japanese Speech Analysis Models (x32 Version: 1)
Adobe CS4 Korean Speech Analysis Models (x32 Version: 1)
Adobe CS4 Spanish Speech Analysis Models (x32 Version: 1)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Dreamweaver CS4 (x32 Version: 10.0)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Fireworks CS4 (x32 Version: 10.0)
Adobe Flash CS4 (x32 Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0)
Adobe Flash CS4 STI-other (x32 Version: 10.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CS4 (x32 Version: 14.0)
Adobe InDesign CS2 (x32 Version: 004.000.000)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Importer (x32 Version: 1.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe Soundbooth CS4 (x32 Version: 2)
Adobe Soundbooth CS4 Codecs (x32 Version: 2)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe Version Cue CS4 Server (x32 Version: 4.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Artisteer 4 (x32 Version: 4.1)
ASIO4ALL (x32 Version: 2.10)
AutoGroup Editor (x32)
Blender (Version: 2.68)
Brother MFL-Pro Suite DCP-130C (x32 Version: 1.0.3.0)
CamStudio Lossless Codec
Camtasia Studio 8 (x32 Version: 8.1.1.1313)
CCleaner (Version: 4.06)
C-Media PCI Audio Device
Connect (x32 Version: 1.0.0.1)
Core Temp 1.0 RC4 (Version: 1.0)
Corel Painter 12 - IPM (Version: 12.3)
Corel Painter 12 (Version: 12.2.0.703)
Cut Out 4.0
DAZ Content Management Service (x32 Version: 4.8.1.7)
DAZ Studio 4.6 (64bit) (x32 Version: 4.6.0.18)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
E-License Manager (Version: 1.3.0.0)
E-License Manager (x32 Version: 1.3.0.0)
Engine 2 (Version: 2.1.0.151)
Engine 2 (x32 Version: 2.1.0.151)
FileZilla Client 3.7.2 (HKCU Version: 3.7.2)
FL Studio 10 (x32)
Genetica 3.6 (Version: 3.6)
Google Chrome (x32 Version: 30.0.1599.69)
Google Earth (x32 Version: 7.1.1.1888)
headus UVLayout v2 Professional (x32 Version: 2.08.00)
IconHandler 64 bit (Version: 2.0)
IL Autogun (x32)
Intel(R) Network Connections 18.0.1.0 (Version: 18.0.1.0)
IP Camera (x32)
IP Camera Viewer 1.0 (x32)
Java 7 Update 21 (x32 Version: 7.0.210)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.5)
kuler (x32 Version: 2.0)
LG United Mobile Drivers (x32 Version: 3.10.1.0)
LuxRender 1.2.1 x64 OpenCL (Version: 1.2.1)
MAGIX Content und Soundpools (x32 Version: 1.0.0.0)
MAGIX Low Latency Driver (64-Bit) (Version: 2.10.2011.0)
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0)
MAGIX Music Maker 2013 Update (Version: 19.0.5.57)
MAGIX Video deluxe 2013 Plus (Version: 12.0.0.32)
MAGIX Video deluxe 2013 Plus (x32 Version: 12.0.0.32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MiniTool Partition Wizard Home Edition 8.0 (x32)
MotionArtist 1.1 (Version: 1.1)
MotionArtist 4 (x32)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyPhoneExplorer (x32 Version: 1.8.5)
Notepad++ (x32 Version: 6.4.5)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
P3dO Explorer (remove only) (x32)
Painter 12 - Content (Version: 12.3)
Painter 12 - Core (Version: 12.3)
Painter 12 - Corex64 (Version: 12.3)
Painter 12 - DE (Version: 12.3)
Painter 12 - EN (Version: 12.3)
Painter 12 - FR (Version: 12.3)
Painter 12 - IT (Version: 12.3)
Painter 12 - Setup Files (Version: 12.3)
PDF Settings CS4 (x32 Version: 9.0)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (x32 Version: 1.0)
Poser 7.0.2 (x32)
Poser Pro 2012 (Version: 9.0.0)
Poser Pro 2014 (Version: 10.0.0)
PoserContent2012 (Version: 9.0.0)
PoserContent2014 (Version: 10.0.0)
PoserFusion 2012 for Cinema 4D
QuickTime (x32 Version: 7.74.80.86)
reFX Nexus VSTi RTAS v2.2.0 (x32)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Sculptris Alpha 6 (x32 Version: 0.6)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Silo 2.2 (x32 Version: 2.2)
Suite Shared Configuration CS4 (x32 Version: 1.0)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
UltraVnc (Version: 1.1.8)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update Manager B11.1124.1 (x32 Version: 1.00.0000)
Uvmapper Pro (x32)
VC_CRT_x64 (Version: 1.02.0000)
VirtualCloneDrive (x32)
Wacom Tablett (Version: 6.3.4-3)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

03-10-2013 19:33:53 Removed Microsoft Office Professional Plus 2013
03-10-2013 19:34:12 PROPLUS
05-10-2013 09:12:13 SiSoftware Sandra Personal
05-10-2013 09:13:49 Camtasia Studio 7 wird entfernt
05-10-2013 09:25:33 CINEMA 4D 14.034 (Version: 14.034) wird entfernt
05-10-2013 16:48:50 Installed Java 7 Update 40 (64-bit)
06-10-2013 11:51:12 Removed Vegas Pro 12.0 (64-bit) (Version: 12.0.670)
06-10-2013 12:22:10 Removed MAGIX Burn routines (64-Bit)
06-10-2013 14:26:31 Removed MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 1)
06-10-2013 14:27:15 Removed MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 2)
06-10-2013 14:27:57 Removed MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 3)
06-10-2013 14:29:01 Removed MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 4)
06-10-2013 14:30:05 Removed MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 5)
06-10-2013 14:31:05 Removed MAGIX Music Maker MX Production Suite Download-Version (Instrumenten-Paket 6)
06-10-2013 14:33:00 Removed MAGIX Music Maker MX Production Suite Download-Version (Soundpaket)
06-10-2013 14:33:37 Removed MAGIX Music Maker MX Production Suite Download-Version (Synthesizer und Effekte)
06-10-2013 14:51:56 Removed Firebird SQL Server - MAGIX Edition

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-06-05 12:58 - 00000961 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activation.cloud.techsmith.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0EF2EE4F-1F00-48F2-8BDD-8706FAE8B59F} - System32\Tasks\Core Temp Autostart Kali => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {3812F440-04A1-4005-8BE5-09691ADC875F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3A36E85E-644D-430F-907D-563970EE2ACC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {88D5DD7C-90CC-4461-99B8-8FC1E41DEAE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: {A109D0D4-C35F-4DEC-8561-19EE810B67EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15] (Adobe Systems Incorporated)
Task: {ABD16DA1-C535-42AB-AE45-98CE4FB64F00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {FCA9AC45-7BEC-493F-88B9-27B8740971F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-20 19:00 - 2012-10-29 09:14 - 01184640 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-01-07 17:25 - 2013-10-03 20:02 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-01-07 17:27 - 2013-08-08 10:06 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-01-07 17:27 - 2013-08-08 10:06 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-01-07 17:27 - 2013-08-08 10:06 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:9638A27E
AlternateDataStreams: C:\Users\kali_000\AppData\Local\Temp:flf0cU8qFiMqFQTbbidN1e3SD
AlternateDataStreams: C:\Users\kali_000\AppData\Local\Temp:sS0UY4tnd6dUK02UZKVjn

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 802.11 b/g-USB-Drahtlosadapter #3
Description: 802.11 b/g-USB-Drahtlosadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Lite-On
Service: netr7364
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2013 08:26:46 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/07/2013 08:23:44 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (10/06/2013 04:52:45 PM) (Source: MsiInstaller) (User: Foxi)
Description: Produkt: MAGIX Music Maker 2013 Soundpools -- Fehler 1327. Ungültiges Laufwerk: O:\

Error: (10/06/2013 04:48:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Name des fehlerhaften Moduls: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000cc4f2
ID des fehlerhaften Prozesses: 0xbe4
Startzeit der fehlerhaften Anwendung: 0xmm19_de-DE_setup.exe0
Pfad der fehlerhaften Anwendung: mm19_de-DE_setup.exe1
Pfad des fehlerhaften Moduls: mm19_de-DE_setup.exe2
Berichtskennung: mm19_de-DE_setup.exe3
Vollständiger Name des fehlerhaften Pakets: mm19_de-DE_setup.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mm19_de-DE_setup.exe5

Error: (10/06/2013 04:47:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Name des fehlerhaften Moduls: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000cc4f2
ID des fehlerhaften Prozesses: 0x6b4
Startzeit der fehlerhaften Anwendung: 0xmm19_de-DE_setup.exe0
Pfad der fehlerhaften Anwendung: mm19_de-DE_setup.exe1
Pfad des fehlerhaften Moduls: mm19_de-DE_setup.exe2
Berichtskennung: mm19_de-DE_setup.exe3
Vollständiger Name des fehlerhaften Pakets: mm19_de-DE_setup.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mm19_de-DE_setup.exe5

Error: (10/06/2013 04:34:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Name des fehlerhaften Moduls: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000cc4f2
ID des fehlerhaften Prozesses: 0xa44
Startzeit der fehlerhaften Anwendung: 0xmm19_de-DE_setup.exe0
Pfad der fehlerhaften Anwendung: mm19_de-DE_setup.exe1
Pfad des fehlerhaften Moduls: mm19_de-DE_setup.exe2
Berichtskennung: mm19_de-DE_setup.exe3
Vollständiger Name des fehlerhaften Pakets: mm19_de-DE_setup.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mm19_de-DE_setup.exe5

Error: (10/06/2013 04:26:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Name des fehlerhaften Moduls: mm19_de-DE_setup.exe, Version: 3.3.4395.0, Zeitstempel: 0x4fff025b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000cc4f2
ID des fehlerhaften Prozesses: 0xb70
Startzeit der fehlerhaften Anwendung: 0xmm19_de-DE_setup.exe0
Pfad der fehlerhaften Anwendung: mm19_de-DE_setup.exe1
Pfad des fehlerhaften Moduls: mm19_de-DE_setup.exe2
Berichtskennung: mm19_de-DE_setup.exe3
Vollständiger Name des fehlerhaften Pakets: mm19_de-DE_setup.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mm19_de-DE_setup.exe5

Error: (10/06/2013 04:22:49 PM) (Source: MsiInstaller) (User: Foxi)
Description: Produkt: MAGIX Music Maker MX Production Suite Update -- Fehler 1327. Ungültiges Laufwerk: O:\

Error: (10/06/2013 04:22:48 PM) (Source: MsiInstaller) (User: Foxi)
Description: Produkt: MAGIX Music Maker MX Production Suite Download-Version (Synthesizer und Effekte) -- Fehler 1327. Ungültiges Laufwerk: O:\

Error: (10/06/2013 04:22:46 PM) (Source: MsiInstaller) (User: Foxi)
Description: Produkt: MAGIX Music Maker MX Production Suite Download-Version (Soundpaket) -- Fehler 1327. Ungültiges Laufwerk: O:\


System errors:
=============
Error: (10/08/2013 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lladrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/08/2013 05:28:19 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\lladrv.sys

Error: (10/08/2013 04:41:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lladrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/08/2013 04:41:25 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\lladrv.sys

Error: (10/07/2013 05:10:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lladrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/07/2013 05:10:34 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\lladrv.sys

Error: (10/06/2013 08:20:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lladrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/06/2013 08:20:02 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\lladrv.sys

Error: (10/06/2013 00:30:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lladrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (10/06/2013 00:30:15 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\lladrv.sys


Microsoft Office Sessions:
=========================
Error: (10/07/2013 08:26:46 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/07/2013 08:23:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/06/2013 04:52:45 PM) (Source: MsiInstaller)(User: Foxi)
Description: Produkt: MAGIX Music Maker 2013 Soundpools -- Fehler 1327. Ungültiges Laufwerk: O:\(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/06/2013 04:48:24 PM) (Source: Application Error)(User: )
Description: mm19_de-DE_setup.exe3.3.4395.04fff025bmm19_de-DE_setup.exe3.3.4395.04fff025bc0000005000cc4f2be401cec2a31ac51ebcC:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exeC:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exe5976aeb9-2e96-11e3-bfc0-00241dc4e1d5

Error: (10/06/2013 04:47:52 PM) (Source: Application Error)(User: )
Description: mm19_de-DE_setup.exe3.3.4395.04fff025bmm19_de-DE_setup.exe3.3.4395.04fff025bc0000005000cc4f26b401cec2a306255cdeC:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exeC:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exe468b3b01-2e96-11e3-bfc0-00241dc4e1d5

Error: (10/06/2013 04:34:35 PM) (Source: Application Error)(User: )
Description: mm19_de-DE_setup.exe3.3.4395.04fff025bmm19_de-DE_setup.exe3.3.4395.04fff025bc0000005000cc4f2a4401cec2a12cba631bC:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exeC:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exe6b424971-2e94-11e3-bfc0-00241dc4e1d5

Error: (10/06/2013 04:26:18 PM) (Source: Application Error)(User: )
Description: mm19_de-DE_setup.exe3.3.4395.04fff025bmm19_de-DE_setup.exe3.3.4395.04fff025bc0000005000cc4f2b7001cec2a00136a4d6C:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exeC:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{3F5C2BC0-B7D7-4114-B273-3B1460B2452B}\mm19_de-DE_setup.exe43791a87-2e93-11e3-bfc0-00241dc4e1d5

Error: (10/06/2013 04:22:49 PM) (Source: MsiInstaller)(User: Foxi)
Description: Produkt: MAGIX Music Maker MX Production Suite Update -- Fehler 1327. Ungültiges Laufwerk: O:\(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/06/2013 04:22:48 PM) (Source: MsiInstaller)(User: Foxi)
Description: Produkt: MAGIX Music Maker MX Production Suite Download-Version (Synthesizer und Effekte) -- Fehler 1327. Ungültiges Laufwerk: O:\(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/06/2013 04:22:46 PM) (Source: MsiInstaller)(User: Foxi)
Description: Produkt: MAGIX Music Maker MX Production Suite Download-Version (Soundpaket) -- Fehler 1327. Ungültiges Laufwerk: O:\(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2013-02-13 10:06:10.683
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-13 10:06:10.408
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-13 10:05:59.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-13 10:05:59.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-11 11:15:19.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-11 11:15:19.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:46:29.527
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:46:29.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:44:56.466
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-10 16:44:56.190
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 8062.3 MB
Available physical RAM: 6406.98 MB
Total Pagefile: 12062.3 MB
Available Pagefile: 10272.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:321.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (Daten) (Fixed) (Total:465.76 GB) (Free:191.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07E29C0E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

t'john · 08.10.2013, 20:00

http://www.trojaner-board.de/142538-...ml#post1169717

Warum ist der ganze Mist immer noch drauf?

Norton ist auch drauf und Spybot auch.

kalifrago · 09.10.2013, 13:41

Hi, t'john,

vielleicht könntest Du einen anderen Ton anschlagen ?
Wo soll der Mist noch drauf sein ? Ich hab alles deinstalliert.
Was meinst Du mit Mist ? Es sind keine gecrackten Programme mehr drauf.
Norton und Spybot habe ich auch deinstalliert. Ich kann in der Systemsteuerung nix mehr finden. Ein Hinweis von Dir, wo Du Norton und Spybot gefunden hast, wäre für mich vll hilfreicher, als mich anzupampen

t'john · 09.10.2013, 14:22

Welcher Ton? Ich sehe nachwievor gecracktes Zeug.

Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.

Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
Danach klick auf Save List To File.
Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.

kalifrago · 09.10.2013, 14:54

Hi t'john,

na mir kam das halt so rüber

Sag mir doch bitte, welches für Dich gecrackte Versionen sind ? Du siehst das oder vermutest Du das nur ? Das würd mich nu mal interessieren.

Aber gut, hier das Scan-Ergebnis:

ckfiles.txt:

Code:

ATTFilter

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud antique.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud bright red.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud dark brown.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud dark grey.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud gold.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud light brown.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud red.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud yellow.mz5
c:\program files\smith micro\poser pro 2012\runtime\libraries\materials\basic materials\stones\cracked dry mud.mz5
c:\program files\smith micro\poser pro 2012\runtime\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\smith micro\poser pro 2014\runtime\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\spiral graphics\genetica 3.6\presets\brick & block\cracked alternating bricks.gtx
c:\program files\spiral graphics\genetica 3.6\presets\floor & wall\cracked plaster.gtx
c:\program files\spiral graphics\genetica 3.6\presets\ground\dry cracked mud.gtx
c:\program files\spiral graphics\genetica 3.6\presets\marble\blue crack marble.gtx
c:\program files\spiral graphics\genetica 3.6\presets\marble\old cracked marble.gtx
c:\program files\spiral graphics\genetica 3.6\presets\plant, groundcover\cracked rock cliff.gtx
c:\program files\spiral graphics\genetica 3.6\presets\stone, bright\cracked orange rock.gtx
c:\program files\spiral graphics\genetica 3.6\presets\stone, bright\cracked pomegranate.gtx
c:\program files\spiral graphics\genetica 3.6\presets\stone, bright\cracked stone.gtx
c:\program files\spiral graphics\genetica 3.6\presets\stone, muted\cracked gray rock.gtx
c:\program files\spiral graphics\genetica 3.6\presets\terrain, rocky\glacial cracking.gtx
c:\program files\spiral graphics\genetica 3.6\presets\terrain, volcanic & gaseous\lava cracks.gtx
c:\program files\spiral graphics\genetica 3.6\presets\wood, board\dry cracked boards.gtx
c:\program files\spiral graphics\genetica 3.6\presets\wood, uncut\cracked purple wood.gtx
c:\program files\spiral graphics\genetica 3.6\texture synthesis presets\concrete\cracked asphalt with moss.tsyn
c:\program files\spiral graphics\genetica 3.6\texture synthesis presets\ground\cracked earth 2.tsyn
c:\program files\spiral graphics\genetica 3.6\texture synthesis presets\ground\cracked earth 3.tsyn
c:\program files\spiral graphics\genetica 3.6\texture synthesis presets\ground\cracked earth.tsyn
c:\program files\spiral graphics\genetica 3.6\texture synthesis presets\ground\dry cracked mud.tsyn
c:\program files\spiral graphics\genetica 3.6\texture synthesis presets\wood\cracked wood grain.tsyn
c:\program files\spiral graphics\genetica 3.6\wgroups\noise types\cracked noise.wtx
c:\program files\spiral graphics\genetica 3.6\wgroups\noise types\cracks.wtx
c:\users\kali_000\documents\3d-coatv3\textures\masks\cracks_prv.tga
c:\users\kali_000\documents\3d-coatv3\textures\masks\skincracks1_prv.tga
c:\users\kali_000\documents\3d-coatv3\textures\masks\skincracks_prv.tga
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud antique.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud bright red.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud dark brown.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud dark grey.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud gold.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud light brown.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud red.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud yellow.mz5
c:\users\public\documents\poser pro 2014 content\runtime\libraries\materials\basic materials\stones\cracked dry mud.mz5
hosts 127.0.0.1 lmlicenses.wip4.adobe.com
hosts 127.0.0.1 lm.licenses.adobe.com
scanner sequence 3.ZZ.11.CXAAE0
 ----- EOF -----

06.10.2013, 12:25	#4
t'john /// Helfer-Team	Norton Internet Security extrem langsam Bitte zuerst alles gecrackte Zeug deinstallieren, dann geht es weiter. http://www.trojaner-board.de/95393-c...-software.html __________________ Mfg, t'john Das TB unterstützen

06.10.2013, 20:31	#8
t'john /// Helfer-Team	Norton Internet Security extrem langsam Deinstalliere Spybot und alles von Norton. Loesche FRST, lade es neu runter. stelle sicher, dass unter Optional Scan auch Additions.txt gewaehlt ist. __________________ Mfg, t'john Das TB unterstützen

08.10.2013, 20:00	#12
t'john /// Helfer-Team	Norton Internet Security extrem langsam http://www.trojaner-board.de/142538-...ml#post1169717 Warum ist der ganze Mist immer noch drauf? Norton ist auch drauf und Spybot auch. __________________ Mfg, t'john Das TB unterstützen

Norton Internet Security extrem langsam

Antiviren-, Firewall- und andere Schutzprogramme: Norton Internet Security extrem langsam