Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pop up adds yieldmanager

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

pop up adds yieldmanager

Unread postby RunningVirus » October 15th, 2012, 6:01 am

Hello Malware removal users,

Some time ago i started getting these popups in the lower left & right corner of my screen, with all sorts of advertisments, from yieldmanager. You can close them, but they always return, from the moment you open a new page, the popup is there. I looked up some possible solutions on the net, but nothing seems to work. And since yesterday sometimes i get redirected to another site, possibly by the same malware. I downloaded Malwarebytes in the hope this would find or change anything. It found cookies, but when i remove them and rescan my pc, everything seems ok, then i access my IE, popups are there in 1 minute. I scan again and other infected cookies are there. So because I'm sick of these popups I turn to you guys in the hope you can help me. I already found another simular case on the forum, which was solved by Malwareremoval & now I am hoping to get the same help.

Underneath you can find my dds & attach logs.

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Christoph at 11:46:41 on 2012-10-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4078.2532 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.aldi.com
mURLSearchHooks: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BittorrentBar_NL Toolbar: {2D8D9ACC-F6D7-4362-8876-A275CA929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: BittorrentBar_NL Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-op ... jordan.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static ... .134.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/stati ... 0.80.2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 195.130.131.133 195.130.130.5
TCP: Interfaces\{297A5260-0356-4169-BDAD-15B4B094A063} : DHCPNameServer = 195.130.131.133 195.130.130.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [JAVA] C:\Windows\java.vbs
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [snp2std] C:\Windows\vsnp2std.exe
x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christoph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2012-08-18 10:58; ALone-live@ya.ru; C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru
FF - ExtSQL: 2012-08-18 11:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tc45o6yv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-11 17:50; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R1 appdrv01;Application Driver (01);C:\Windows\System32\drivers\appdrv01.sys [2011-4-24 2715824]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-11 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-11 359464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-11 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-20 13336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2010-12-20 164008]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-2 254528]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2010-12-20 315568]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-13 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-12-29 155752]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\Windows\System32\appdrvrem01.exe svc --> C:\Windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-30 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-30 136176]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2010-12-20 43416]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2010-12-20 51096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2010-12-20 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2010-12-20 42192]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-18 113120]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-9 333928]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-15 06:05:03 -------- d-----w- C:\Users\Christoph\AppData\Local\{F519E736-1689-4871-8AAF-607A70292379}
2012-10-14 16:47:20 -------- d-----w- C:\Users\Christoph\AppData\Local\{59A1898C-8297-46B4-A703-8A1D4C20CBFE}
2012-10-13 11:26:04 -------- d-----w- C:\Users\Christoph\AppData\Roaming\Malwarebytes
2012-10-13 11:25:48 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-13 11:25:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-13 11:25:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-13 08:29:48 -------- d-----w- C:\Users\Christoph\AppData\Local\{36599C86-C090-45B5-A2CD-C31B4021006B}
2012-10-12 13:37:36 -------- d-----w- C:\Users\Christoph\AppData\Local\{CB12BB76-C551-47B8-B759-20344EB8BE00}
2012-10-11 16:20:21 110080 ----a-r- C:\Users\Christoph\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-10-11 16:20:21 110080 ----a-r- C:\Users\Christoph\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-10-11 16:20:20 110080 ----a-r- C:\Users\Christoph\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-10-11 16:20:20 -------- d-----w- C:\sh4ldr
2012-10-11 16:20:20 -------- d-----w- C:\Program Files\Enigma Software Group
2012-10-11 16:18:05 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-10-11 16:18:02 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-10-11 15:51:01 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-11 15:51:00 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-11 15:50:58 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-11 15:50:27 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-11 14:52:52 -------- d-----w- C:\Users\Christoph\AppData\Local\{F614BB45-DE9A-4066-A930-5F53DA4F95F2}
2012-10-10 18:30:23 -------- d-----w- C:\Users\Christoph\AppData\Local\{AE40DAD8-C22B-44A6-8E1A-598ADC9ABF8E}
2012-10-10 03:20:39 -------- d-----w- C:\Users\Christoph\AppData\Local\{EEA4DB2E-E8DE-4280-BA36-C07E55898F0A}
2012-10-09 11:02:57 -------- d-----w- C:\Users\Christoph\AppData\Local\{B8B69BC6-FA82-489B-B77B-70E2DE142F79}
2012-10-09 05:07:25 -------- d-----w- C:\Users\Christoph\AppData\Local\{683CEE7A-8B06-42D1-8E6B-3ADFB6BB9241}
2012-10-08 08:57:47 -------- d-----w- C:\Users\Christoph\AppData\Local\{3BD8B58E-49C1-40A4-A2BD-808556E69CEE}
2012-10-07 14:05:13 -------- d-----w- C:\Users\Christoph\AppData\Local\{E5237C69-705D-4BA5-B8E8-08650DE99F54}
2012-10-06 16:48:49 -------- d-----w- C:\Users\Christoph\AppData\Local\{6CADC59E-D21B-4F52-8E64-40BC2A96FDA6}
2012-10-05 16:02:34 -------- d-----w- C:\Users\Christoph\AppData\Local\{55B93F30-C986-40D8-BF9B-4EDC41075130}
2012-10-04 08:58:42 -------- d-----w- C:\Users\Christoph\AppData\Local\{72DA5E6D-623C-45CA-8761-F141070FA859}
2012-10-03 20:58:16 -------- d-----w- C:\Users\Christoph\AppData\Local\{61519E94-8482-4261-A031-04F8167BBC14}
2012-10-03 07:13:39 -------- d-----w- C:\Users\Christoph\AppData\Local\{0DC33576-1F38-4C6C-8041-023A9AC62270}
2012-10-02 05:08:11 -------- d-----w- C:\Users\Christoph\AppData\Local\{85969ECA-5674-4600-A536-561606D11D20}
2012-10-01 09:39:25 -------- d-----w- C:\Users\Christoph\AppData\Local\{2E3394BF-CA9D-40BD-88CF-64A1356D59DC}
2012-09-30 09:05:10 -------- d-----w- C:\Users\Christoph\AppData\Local\{A008D7C2-099E-4FED-94F3-3E58F67F2ED3}
2012-09-29 12:52:35 -------- d-----w- C:\Users\Christoph\AppData\Local\{DBB83FDE-E3A3-41EB-94C4-FEAD49B6C481}
2012-09-28 20:56:44 -------- d-----w- C:\Users\Christoph\AppData\Local\{FA4A4F97-6955-47F2-9AFA-36835D8288B4}
2012-09-28 06:23:58 -------- d-----w- C:\Users\Christoph\AppData\Local\{2D2AFFC6-3639-46C7-9FF4-E17FADF80814}
2012-09-27 05:03:45 -------- d-----w- C:\Users\Christoph\AppData\Local\{100D7149-C397-4F4B-A220-9ED2C7E8E697}
2012-09-26 10:14:59 -------- d-----w- C:\Users\Christoph\AppData\Local\{543CC102-789B-4CB6-94CD-B5F7D4505B08}
2012-09-25 10:23:13 -------- d-----w- C:\Users\Christoph\AppData\Local\{529ED884-68ED-4AEF-864A-1B8270FFB5FE}
2012-09-24 09:56:46 -------- d-----w- C:\Users\Christoph\AppData\Local\{C3CCB5FC-BD4A-4069-8411-1C7536551692}
2012-09-23 06:56:15 -------- d-----w- C:\Users\Christoph\AppData\Local\{BCB88792-7380-4866-A56E-5546BEEC1C11}
2012-09-22 09:27:46 -------- d-----w- C:\Users\Christoph\AppData\Local\{749E4A21-0A9B-4EE2-96B4-9A63B4249107}
2012-09-21 05:40:57 -------- d-----w- C:\Users\Christoph\AppData\Local\{A330C7C5-1709-430C-A02F-653C1E39768B}
2012-09-20 07:32:18 -------- d-----w- C:\Users\Christoph\AppData\Local\{8C65EB38-E881-4177-897A-A68B1825F5CE}
2012-09-19 07:32:22 -------- d-----w- C:\Users\Christoph\AppData\Local\{CEDD8210-319D-41FE-8684-F71C6EA3F770}
2012-09-18 18:02:46 -------- d-----w- C:\Users\Christoph\AppData\Local\{6872FD3B-D988-4222-AC0F-09638095428F}
2012-09-18 04:47:31 -------- d-----w- C:\Users\Christoph\AppData\Local\{0DB1D789-8EE3-440F-AC63-9517ED3D1F6F}
2012-09-17 05:23:29 -------- d-----w- C:\Users\Christoph\AppData\Local\{1ED77B72-DD5D-4B2C-9D50-46EF71695184}
2012-09-16 08:32:18 -------- d-----w- C:\Users\Christoph\AppData\Local\{6814A591-721F-4E17-801A-3570EB620925}
.
==================== Find3M ====================
.
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:48:06,91 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/03/2011 17:00:39
System Uptime: 15/10/2012 10:10:08 (1 hours ago)
.
Motherboard: MEDIONPC | | MS-7707
Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz | CPU 1 | 2380/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1832 GiB total, 1729,159 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 10,238 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP865: 22/09/2012 20:26:15 - avast! Free Antivirus Setup
RP866: 22/09/2012 20:41:40 - avast! Free Antivirus Setup
RP867: 9/10/2012 13:29:54 - Taalpakket verwijderen
RP868: 9/10/2012 13:29:57 - Gepland controlepunt
RP869: 11/10/2012 17:49:52 - avast! Free Antivirus Setup
RP870: 11/10/2012 18:18:10 - Installed SpyHunter
RP871: 13/10/2012 13:33:39 - Windows Back-up
.
==== Hosts File Hijack ======================
.
Hosts: 78.46.61.26 www.google-analytics.com.
Hosts: 78.46.61.26 ad-emea.doubleclick.net.
Hosts: 78.46.61.26 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1) MUI
Adobe Shockwave Player 11.5
ANNO 2070 DEMO
Ashampoo Burning Studio
Ashampoo Photo Commander
Ashampoo Photo Optimizer
Ashampoo Snap
avast! EasyPass
avast! Free Antivirus
Battlefield Play4Free
BitTorrent
BittorrentBar_NL Toolbar
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Conduit Engine
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Corel Shell Extension - 64Bit
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content
CorelDRAW Essentials 4 - Draw
CorelDRAW Essentials 4 - Filters
CorelDRAW Essentials 4 - ICA
CorelDRAW Essentials 4 - IPM - No VBA
CorelDRAW Essentials 4 - Lang BR
CorelDRAW Essentials 4 - Lang DE
CorelDRAW Essentials 4 - Lang EN
CorelDRAW Essentials 4 - Lang ES
CorelDRAW Essentials 4 - Lang FR
CorelDRAW Essentials 4 - Lang IT
CorelDRAW Essentials 4 - Lang NL
CorelDRAW Essentials 4 - PHOTO-PAINT
CorelDRAW Essentials 4 - Windows Shell Extension
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD Copy
D3DX10
DAEMON Tools Lite
Driver Reviver
Football Manager 2012
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GameCenter 1.3.0.5
GameSpy Arcade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Network Connections 15.8.75.0
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22 (64-bit)
Java(TM) 6 Update 26
Junk Mail filter update
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Malwarebytes Anti-Malware versie 1.65.0.1400
Medion Home Cinema
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mozilla Firefox 14.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Display Control Panel
NVIDIA Graphics Driver 263.13
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
PlayReady PC Runtime amd64
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Pro Cycling Manager - Seizoen 2010 - 1.0.0.0
PunkBuster Services
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.9
Spelling Dictionaries Support For Adobe Reader X
SpyHunter
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Trust Webcam 15007
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotograf Galerisi
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinZip 16.5
.
==== End Of File ===========================

Best regards,
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am
Advertisement
Register to Remove

Re: pop up adds yieldmanager

Unread postby Gary R » October 17th, 2012, 1:49 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby Gary R » October 17th, 2012, 1:56 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Running Virus

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's a few things in your logs need attention, but before we deal with them I'd like to run a couple of extra scans.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 17th, 2012, 10:03 am

Hi Gary R,

Already thanks for trying to help me. Let's hope everything turns out ok.

Here is my OTL.txt -log

OTL logfile created on: 10/17/2012 3:44:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3.98 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.25% Memory free
7.96 Gb Paging File | 6.16 Gb Available in Paging File | 77.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 1728.41 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.24 Gb Free Space | 34.13% Space Free | Partition Type: NTFS
Drive E: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 15:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
PRC - [2012/10/11 17:51:15 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/20 11:24:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/11/17 19:53:00 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/26 10:41:24 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7e3076316dc186d8b655a35a08e827ab\System.Web.ni.dll
MOD - [2012/06/07 18:17:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/26 22:30:28 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d59182e98ef565ae60ca79643f38c798\IAStorUtil.ni.dll
MOD - [2012/05/26 22:30:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1308b3b2c033226ddd613752a37e3272\IAStorCommon.ni.dll
MOD - [2012/05/26 22:11:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/26 22:11:14 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/26 22:11:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/26 22:10:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/26 22:10:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/26 22:10:44 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/26 22:10:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2010/05/12 11:03:32 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/12 11:03:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 15:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/04/24 00:25:03 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2010/10/25 18:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/20 11:24:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/24 00:25:03 | 002,715,824 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2011/04/02 20:39:39 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/12/17 11:57:03 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/17 11:55:56 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2010/12/17 11:55:55 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2010/12/17 11:55:50 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV:64bit: - [2010/12/17 11:55:50 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:64bit: - [2010/11/25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/19 20:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 20:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/09 11:37:18 | 012,342,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/09 11:38:06 | 012,039,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{3CEE1BB4-457A-4348-A4F6-B13E9DAB4674}: "URL" =
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{66A44EED-1664-40C1-A6C7-053A424CA26D}: "URL" = http://search.avg.com/route/?d=4e36f1a5 ... =chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={CAC54072-91EC-4B3F-89AD-EBE500D590C2}&mid=d90f3ea89aef47d1a476bd2b2b0999b7-a9f47d62a881e3340d10a4e4e95d59a39e89090b&lang=nl&ds=AVG&pr=pr&d=2012-08-07 19:27:32&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{9ACBE53E-8ACC-4F25-BAB2-5513E6A54357}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christoph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/11 17:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/18 10:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/18 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012/10/16 17:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions
[2012/10/16 16:47:55 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2012/08/18 10:58:04 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru
[2012/10/16 17:07:25 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\firefox@ghostery.com
[2012/08/18 11:17:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\tc45o6yv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/18 10:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:37:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:37:45 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/07/14 02:37:45 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/07/14 02:37:45 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012/08/02 12:26:50 | 000,001,392 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 78.46.61.26 www.google-analytics.com.
O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.
O1 - Hosts: 78.46.61.26 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (BittorrentBar_NL Toolbar) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (BittorrentBar_NL Toolbar) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (BittorrentBar_NL Toolbar) - {2D8D9ACC-F6D7-4362-8876-A275CA929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [JAVA] C:\Windows\java.vbs ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9:64bit: - Extra Button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9:64bit: - Extra Button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : avast! EasyPass Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9 - Extra Button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : avast! EasyPass Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://photoservice.fujicolor.eu/ips-op ... jordan.cab (JordanUploader Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static ... .134.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/stati ... 0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.133 195.130.131.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297A5260-0356-4169-BDAD-15B4B094A063}: DhcpNameServer = 195.130.130.133 195.130.131.133
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/30 12:46:43 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0493efca-5b20-11e0-a631-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0493efca-5b20-11e0-a631-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2010/05/28 11:13:27 | 000,304,472 | R--- | M] (Cyanide)
O33 - MountPoints2\{6a659444-5b83-11e0-874e-6c626ded7044}\Shell - "" = AutoRun
O33 - MountPoints2\{6a659444-5b83-11e0-874e-6c626ded7044}\Shell\AutoRun\command - "" = I:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/17 15:42:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012/10/17 14:22:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{5B2B3013-A96A-4554-B129-CC91AD010BB8}
[2012/10/16 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/16 14:47:11 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/10/16 14:47:11 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/16 14:46:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/16 14:46:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/16 14:46:55 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/16 11:26:25 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{A28C5496-62AB-4639-9E05-7E0F22EBAC4C}
[2012/10/16 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{ED35836E-C0A5-490C-8241-B12266789E13}
[2012/10/16 06:44:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{94C4EE08-1472-4958-8185-66AE98E3052E}
[2012/10/15 18:14:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Macromedia
[2012/10/15 18:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/15 18:13:10 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/15 18:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/15 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\logs
[2012/10/15 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Reizen
[2012/10/15 08:05:03 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{F519E736-1689-4871-8AAF-607A70292379}
[2012/10/14 18:47:20 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{59A1898C-8297-46B4-A703-8A1D4C20CBFE}
[2012/10/13 13:26:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2012/10/13 13:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 13:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 13:25:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 13:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/13 10:29:48 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{36599C86-C090-45B5-A2CD-C31B4021006B}
[2012/10/12 15:37:36 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{CB12BB76-C551-47B8-B759-20344EB8BE00}
[2012/10/11 18:20:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/10/11 18:20:20 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/10/11 18:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/10/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/10/11 17:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/11 17:51:04 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/11 17:51:04 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/11 17:51:01 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/11 17:51:01 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/11 17:51:00 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/11 17:50:58 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/11 17:50:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/11 17:50:27 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/11 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{F614BB45-DE9A-4066-A930-5F53DA4F95F2}
[2012/10/10 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{AE40DAD8-C22B-44A6-8E1A-598ADC9ABF8E}
[2012/10/10 05:20:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{EEA4DB2E-E8DE-4280-BA36-C07E55898F0A}
[2012/10/09 13:02:57 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{B8B69BC6-FA82-489B-B77B-70E2DE142F79}
[2012/10/09 07:07:25 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{683CEE7A-8B06-42D1-8E6B-3ADFB6BB9241}
[2012/10/08 10:57:47 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{3BD8B58E-49C1-40A4-A2BD-808556E69CEE}
[2012/10/07 16:05:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{E5237C69-705D-4BA5-B8E8-08650DE99F54}
[2012/10/06 18:48:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{6CADC59E-D21B-4F52-8E64-40BC2A96FDA6}
[2012/10/05 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{55B93F30-C986-40D8-BF9B-4EDC41075130}
[2012/10/04 10:58:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{72DA5E6D-623C-45CA-8761-F141070FA859}
[2012/10/03 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{61519E94-8482-4261-A031-04F8167BBC14}
[2012/10/03 09:13:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{0DC33576-1F38-4C6C-8041-023A9AC62270}
[2012/10/02 07:08:11 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{85969ECA-5674-4600-A536-561606D11D20}
[2012/10/01 11:39:25 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{2E3394BF-CA9D-40BD-88CF-64A1356D59DC}
[2012/09/30 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{A008D7C2-099E-4FED-94F3-3E58F67F2ED3}
[2012/09/29 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{DBB83FDE-E3A3-41EB-94C4-FEAD49B6C481}
[2012/09/28 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{FA4A4F97-6955-47F2-9AFA-36835D8288B4}
[2012/09/28 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{2D2AFFC6-3639-46C7-9FF4-E17FADF80814}
[2012/09/27 07:03:45 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{100D7149-C397-4F4B-A220-9ED2C7E8E697}
[2012/09/26 12:14:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{543CC102-789B-4CB6-94CD-B5F7D4505B08}
[2012/09/25 12:23:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{529ED884-68ED-4AEF-864A-1B8270FFB5FE}
[2012/09/24 11:56:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{C3CCB5FC-BD4A-4069-8411-1C7536551692}
[2012/09/23 08:56:15 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{BCB88792-7380-4866-A56E-5546BEEC1C11}
[2012/09/22 11:27:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{749E4A21-0A9B-4EE2-96B4-9A63B4249107}
[2012/09/21 07:40:57 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{A330C7C5-1709-430C-A02F-653C1E39768B}
[2012/09/20 09:32:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{8C65EB38-E881-4177-897A-A68B1825F5CE}
[2012/09/19 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{CEDD8210-319D-41FE-8684-F71C6EA3F770}
[2012/09/18 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{6872FD3B-D988-4222-AC0F-09638095428F}
[2012/09/18 06:47:31 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{0DB1D789-8EE3-440F-AC63-9517ED3D1F6F}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/17 15:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012/10/17 15:06:13 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 14:28:26 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 14:28:26 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 14:19:40 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 14:18:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/17 14:18:40 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/16 16:42:38 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/10/16 14:46:50 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/16 14:46:47 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/10/16 14:46:47 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/16 14:46:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/16 14:46:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/16 14:46:46 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/10/16 11:27:45 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/16 11:27:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/16 11:24:55 | 326,639,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/15 18:13:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/15 18:13:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/13 13:36:11 | 006,278,228 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/13 13:36:11 | 000,702,000 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/10/13 13:36:11 | 000,694,906 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/10/13 13:36:11 | 000,693,930 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/10/13 13:36:11 | 000,690,202 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012/10/13 13:36:11 | 000,689,584 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/10/13 13:36:11 | 000,632,656 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/10/13 13:36:11 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/13 13:36:11 | 000,552,246 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/10/13 13:36:11 | 000,148,528 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/10/13 13:36:11 | 000,137,280 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/10/13 13:36:11 | 000,135,058 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012/10/13 13:36:11 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/10/13 13:36:11 | 000,130,358 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/10/13 13:36:11 | 000,127,362 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/10/13 13:36:11 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/13 13:36:11 | 000,089,654 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/10/13 13:36:11 | 000,008,922 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/10/13 13:36:11 | 000,008,652 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012/10/13 13:36:11 | 000,006,500 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012/10/13 13:36:11 | 000,006,494 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/10/13 13:25:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 18:20:21 | 000,002,266 | ---- | M] () -- C:\Users\Christoph\Desktop\SpyHunter.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/16 16:42:38 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/10/16 16:42:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/10/13 13:25:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 18:20:21 | 000,002,266 | ---- | C] () -- C:\Users\Christoph\Desktop\SpyHunter.lnk
[2012/10/11 17:51:05 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/07 16:18:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2012/08/07 16:18:49 | 012,039,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2012/08/07 16:18:49 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2012/08/07 16:18:41 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2012/05/31 13:16:37 | 000,007,609 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg
[2012/01/28 15:24:41 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/28 15:24:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/24 21:25:47 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/04/09 13:45:12 | 006,368,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 18:14:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/12/03 21:07:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/03 20:59:01 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 11:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/24 13:12:18 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Asumut
[2011/12/08 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Audacity
[2011/07/06 13:26:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AVG
[2012/01/19 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\BitTorrent
[2011/04/02 20:39:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2011/03/31 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Pro
[2012/05/24 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Huakil
[2012/05/24 18:01:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Iwdi
[2012/07/10 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Koip
[2012/07/10 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Kyvie
[2011/09/10 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Leadertech
[2012/03/22 13:33:42 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Pro Cycling Manager 2010
[2011/10/14 15:56:36 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Research In Motion
[2011/11/12 12:19:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Reviversoft
[2012/08/23 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\RoboForm
[2012/10/16 20:17:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client
[2011/03/31 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Software Inspection Library
[2011/11/01 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Sports Interactive
[2012/07/30 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TP
[2011/12/10 11:51:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Ubisoft
[2012/05/24 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Udliwe
[2012/05/24 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Unuba
[2012/05/24 13:12:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Uvyx
[2011/05/23 12:56:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Windows Live Writer
[2012/07/10 16:06:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Yhkuo

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 17th, 2012, 10:06 am

Here is the extras.txt -log,

OTL Extras logfile created on: 10/17/2012 3:44:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3.98 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.25% Memory free
7.96 Gb Paging File | 6.16 Gb Available in Paging File | 77.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 1728.41 Gb Free Space | 94.35% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.24 Gb Free Space | 34.13% Space Free | Partition Type: NTFS
Drive E: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{13333799-6E8A-4107-B0AA-AD021A62B539}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2789088D-7842-4B9A-A3C4-65AE7A4310B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A64A4E1-EE62-431D-B3F3-6C63A16BED6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D24C90E-616A-47BF-854F-53B1B08BA094}" = rport=138 | protocol=17 | dir=out | app=system |
"{593631EF-AFA0-4E5F-8F8D-85AECDCA2507}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6D166B27-5327-4C16-B227-B931E2E20CF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{72D976E8-89F4-4AE7-BDEE-63963DE96FCE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73D9FDDF-73E1-4607-8668-AE6717FF5A5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85E082F5-3AC5-4DFC-B2E6-DFE5C4BBFC6E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96DA72EF-C62E-4921-8B67-67C2538D9038}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD889F2-931B-4A4C-AE7C-EC06BDBB4C64}" = lport=138 | protocol=17 | dir=in | app=system |
"{A65215C3-7BCE-42AE-911F-76202B722287}" = lport=137 | protocol=17 | dir=in | app=system |
"{A684D37A-9067-4750-B965-2EA7F02DEEE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4965AA8-9A86-4A3E-A8B1-F6E780D24056}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B65C0704-0853-4D1D-A487-FDF8CE922713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7E1C7D1-AFFC-4EFF-870F-5370C3DAE909}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA5C5A8D-D92D-4E32-B900-3293B50E4C0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D123739B-A428-408D-8043-5D2E2972E284}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3961CC0-A02A-41E0-BD5D-CE508C128D79}" = rport=139 | protocol=6 | dir=out | app=system |
"{E4D3BAC4-798F-4DA9-9E07-09DA5C387C96}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EDC6D0FD-C0F3-4696-A4CC-3FB43E47CEA4}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059B72F6-3353-49C5-A056-F5FAC4F2ADF3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe |
"{06CA521F-9B55-422C-912C-2529FA350B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1111A996-06AC-49E9-95A7-45137915B576}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12090661-6CF5-44C0-B516-09AB4393A0D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1C004E6D-D41D-452C-A941-CC0739922B67}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{1D0963EC-C7AF-4AFD-B400-856B382FB802}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{240B3B90-1E2D-4E9E-A56C-FFE27183227E}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\autorun\exe\autorun.exe |
"{24AD259B-897C-40EF-86EF-87D7DA1D7D66}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{24B526E3-6105-41B1-9941-A0261DC6AA2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28CDC1BB-49D1-44A3-A155-DBA66F759ED2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{2F293679-D474-4F54-84A7-2DF4B59C1D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe |
"{3AD81CD0-9D3C-40EF-945F-515C37961603}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"{3B1186AD-EEDB-43D9-B393-1FBB0A5735ED}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"{3BBFDE76-CBE9-4245-9B50-FA4604E5ADD9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3BC1CECA-5115-4A22-97DE-F236F5B32448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41E00E81-AF2F-457C-B7A7-595D7A9FE23E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{4423D98C-0F4B-4302-B36F-DF4D762103E7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4B014B60-A08D-4E4E-B4BB-449C4F4BCE49}" = protocol=58 | dir=in | app=system |
"{4D74D01F-E1F6-494A-A700-7485D11AFE44}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{57FF658C-A206-40AD-98E4-0B97A079E923}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{58FFEC58-180E-4CE2-8E76-435282885CE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B2C065F-2079-42CE-AECD-8D49FFA95CB6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{68B6E42B-2B91-415F-A19B-6814E0F985E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{716981DB-10B9-49B4-8FC9-DDE3C94A2998}" = protocol=6 | dir=out | app=system |
"{77819DC7-28E5-421D-8F86-90CC256A357A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BF6D439-4C74-44E4-8D79-5CE1108C775E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7FA23AF4-6765-4A71-AE1B-23FFB345C4CB}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"{821ACC17-4031-447B-9611-FA837D137F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"{87572096-CD89-464F-85ED-7B49C521EA03}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011 russian\fm.exe |
"{8AEAAD12-0A7F-435E-AE1A-073505B1019F}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\autorun\exe\autorun.exe |
"{8B775321-B7D2-4B2E-A926-9FDD5474056B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{909FC2ED-BC44-4EE8-A48D-EA2549D38229}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{911D464B-3656-45B4-8B4F-9BB22DD06506}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94358C4C-9B0E-4AF8-BD39-AAC2E9AAA028}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9628B568-7FE9-436F-A783-D87F66642974}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011 russian\fm.exe |
"{96830BC3-29D7-4C32-BE43-B3DD3FA5E8C4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{992AF406-D25F-45D5-A27D-0BBA97EE0642}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B110035-B6C8-43BE-A8D7-C7FADA6672BB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A5448D27-D1EA-449B-BF6F-CD62A8A564F5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{A8B7114C-EDB5-44F4-AC63-8691EFC4E43F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B374ECBE-DD4C-4B27-919E-EB2DC855F884}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{B55B913C-AE94-427A-8695-C2EF313B75C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA849309-E9E0-4C19-9165-91F7E31217EC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C0D263A7-0B4D-482D-9A3E-4D0D77796E10}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C4D72445-F6BC-48A6-840C-8C1E13A179D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6B779ED-9575-4930-A5FC-CC250883C197}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA0BD0B1-E0D6-4567-8E15-DC8FCC6AB409}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB0CD4B1-AE13-42F6-B729-43EF71044625}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBE4EF56-BB51-4F87-B7EA-022F7A868F67}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{DC977040-1BC7-4038-859D-D5E5CFB41D63}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD3CDBEC-CA21-491D-9E9B-6B9F2E635FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DECF38C3-D733-486C-8022-1AE4120F8B94}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{E9BC5719-366A-47AD-89CF-06B5EBF91A06}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EC2EAD73-DE7F-431F-8856-C543995C41C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{F7A2CA9D-612F-4840-BD06-44239B9EBD02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9002F2D-0B92-4B0D-8094-36FA0115196E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE0C5CB1-8DB9-47FE-83BC-D6A14D80B4AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FE290346-43A5-42BD-9B76-C1DC23B59753}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"TCP Query User{784686DD-91ED-45EC-B914-754DAC7891CD}C:\users\christoph\appdata\roaming\unuba\uqyf.exe" = protocol=6 | dir=in | app=c:\users\christoph\appdata\roaming\unuba\uqyf.exe |
"TCP Query User{83E234F7-2FD2-4815-B3A2-EB097CB81035}C:\users\christoph\appdata\roaming\huakil\omgy.exe" = protocol=6 | dir=in | app=c:\users\christoph\appdata\roaming\huakil\omgy.exe |
"TCP Query User{9A3CD020-0BE5-4D38-A4BC-A371B749A999}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{9BADCBCA-1834-4472-B306-85398A02B528}D:\fifa2011\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa2011\game\fifa.exe |
"TCP Query User{A4EE33AF-67AC-46CE-A692-F2D9224CAE3B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{A9D07A02-DDC7-489F-86BB-BADF8AEBBB2A}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{E0716B10-5432-4C17-8DF8-B22030F495E9}C:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"UDP Query User{0A4410D9-941E-47B2-B387-80161D14EE02}C:\users\christoph\appdata\roaming\unuba\uqyf.exe" = protocol=17 | dir=in | app=c:\users\christoph\appdata\roaming\unuba\uqyf.exe |
"UDP Query User{0D2F71CF-FB38-4541-9CDA-9E250E776194}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{0FD1B2BE-B7DE-4846-B3AA-E195573CFFA4}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{5B36B4DE-327C-4D6D-9B94-5BFFCF9ED657}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{63371008-0005-4E73-AB41-ED200001F485}C:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"UDP Query User{93CEEDD9-B1A5-4187-9CA9-05B48C28CC59}D:\fifa2011\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa2011\game\fifa.exe |
"UDP Query User{BF9EDB4A-B271-45CF-B1F0-6A593C687085}C:\users\christoph\appdata\roaming\huakil\omgy.exe" = protocol=17 | dir=in | app=c:\users\christoph\appdata\roaming\huakil\omgy.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{21927AF8-8738-455F-AB98-7FF8FBFC6282}" = Intel(R) Network Connections 15.8.75.0
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}" = SpyHunter
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0413-1000-0000000FF1CE}" = Microsoft Office Klik-en-Klaar 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 263.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel(R) Network Connections 15.8.75.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Trust Webcam 15007
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0413-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Nederlands
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9170B2A2-FC44-4ec2-AEB6-9052626B2A2E}_is1" = Driver Reviver
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI - Nederlands
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = avast! EasyPass
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BittorrentBar_NL Toolbar" = BittorrentBar_NL Toolbar
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Football Manager 2012_is1" = Football Manager 2012
"GameCenter_is1" = GameCenter 1.3.0.5
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.0.1400
"Mozilla Firefox 14.0.1 (x86 nl)" = Mozilla Firefox 14.0.1 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klik-en-Klaar 2010
"Pro Cycling Manager 2010_is1" = Pro Cycling Manager - Seizoen 2010 - 1.0.0.0
"PunkBusterSvc" = PunkBuster Services
"VLC media player" = VLC media player 1.1.10
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2012 1:01:14 PM | Computer Name = Christoph-PC | Source = Windows Backup | ID = 4103
Description =

Error - 10/15/2012 2:03:44 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/15/2012 4:10:58 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/16/2012 12:42:47 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/16/2012 12:57:50 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/16/2012 5:12:31 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/16/2012 5:25:31 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/16/2012 5:52:17 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/16/2012 8:28:43 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/17/2012 8:19:31 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

[ System Events ]
Error - 10/16/2012 12:58:54 AM | Computer Name = Christoph-PC | Source = DCOM | ID = 10005
Description =

Error - 10/16/2012 12:58:54 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Windows Search.

Error - 10/16/2012 12:58:54 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = De Windows Search-service kan vanwege de volgende fout niet worden
gestart: %%1053

Error - 10/16/2012 5:25:03 AM | Computer Name = Christoph-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/17/2012 8:21:26 AM | Computer Name = Christoph-PC | Source = DCOM | ID = 10005
Description =

Error - 10/17/2012 8:21:26 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Windows Search.

Error - 10/17/2012 8:21:26 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = De Windows Search-service kan vanwege de volgende fout niet worden
gestart: %%1053

Error - 10/17/2012 8:21:56 AM | Computer Name = Christoph-PC | Source = DCOM | ID = 10005
Description =

Error - 10/17/2012 8:21:56 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Windows Search.

Error - 10/17/2012 8:21:56 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = De Windows Search-service kan vanwege de volgende fout niet worden
gestart: %%1053


< End of report >
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 17th, 2012, 10:19 am

TDSS-log

16:12:09.0035 4864 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:12:09.0191 4864 ============================================================
16:12:09.0191 4864 Current date / time: 2012/10/17 16:12:09.0191
16:12:09.0191 4864 SystemInfo:
16:12:09.0191 4864
16:12:09.0191 4864 OS Version: 6.1.7600 ServicePack: 0.0
16:12:09.0191 4864 Product type: Workstation
16:12:09.0191 4864 ComputerName: CHRISTOPH-PC
16:12:09.0191 4864 UserName: Christoph
16:12:09.0191 4864 Windows directory: C:\Windows
16:12:09.0191 4864 System windows directory: C:\Windows
16:12:09.0191 4864 Running under WOW64
16:12:09.0191 4864 Processor architecture: Intel x64
16:12:09.0191 4864 Number of processors: 4
16:12:09.0191 4864 Page size: 0x1000
16:12:09.0191 4864 Boot type: Normal boot
16:12:09.0191 4864 ============================================================
16:12:11.0031 4864 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:12:11.0047 4864 ============================================================
16:12:11.0047 4864 \Device\Harddisk0\DR0:
16:12:11.0063 4864 MBR partitions:
16:12:11.0063 4864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:12:11.0063 4864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE4FD5800
16:12:11.0063 4864 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE5008000, BlocksNum 0x3C00000
16:12:11.0063 4864 ============================================================
16:12:11.0172 4864 C: <-> \Device\Harddisk0\DR0\Partition2
16:12:11.0359 4864 D: <-> \Device\Harddisk0\DR0\Partition3
16:12:11.0359 4864 ============================================================
16:12:11.0359 4864 Initialize success
16:12:11.0359 4864 ============================================================
16:12:50.0343 4944 Deinitialize success


16:13:09.0269 0956 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:13:09.0363 0956 ============================================================
16:13:09.0363 0956 Current date / time: 2012/10/17 16:13:09.0363
16:13:09.0363 0956 SystemInfo:
16:13:09.0363 0956
16:13:09.0363 0956 OS Version: 6.1.7600 ServicePack: 0.0
16:13:09.0363 0956 Product type: Workstation
16:13:09.0363 0956 ComputerName: CHRISTOPH-PC
16:13:09.0363 0956 UserName: Christoph
16:13:09.0363 0956 Windows directory: C:\Windows
16:13:09.0363 0956 System windows directory: C:\Windows
16:13:09.0363 0956 Running under WOW64
16:13:09.0363 0956 Processor architecture: Intel x64
16:13:09.0363 0956 Number of processors: 4
16:13:09.0363 0956 Page size: 0x1000
16:13:09.0363 0956 Boot type: Normal boot
16:13:09.0363 0956 ============================================================
16:13:09.0893 0956 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:09.0909 0956 ============================================================
16:13:09.0909 0956 \Device\Harddisk0\DR0:
16:13:09.0909 0956 MBR partitions:
16:13:09.0909 0956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:13:09.0909 0956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE4FD5800
16:13:09.0909 0956 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE5008000, BlocksNum 0x3C00000
16:13:09.0909 0956 ============================================================
16:13:09.0987 0956 C: <-> \Device\Harddisk0\DR0\Partition2
16:13:10.0143 0956 D: <-> \Device\Harddisk0\DR0\Partition3
16:13:10.0143 0956 ============================================================
16:13:10.0143 0956 Initialize success
16:13:10.0143 0956 ============================================================
16:13:12.0373 5172 ============================================================
16:13:12.0373 5172 Scan started
16:13:12.0373 5172 Mode: Manual;
16:13:12.0373 5172 ============================================================
16:13:13.0169 5172 ================ Scan system memory ========================
16:13:13.0169 5172 System memory - ok
16:13:13.0169 5172 ================ Scan services =============================
16:13:13.0715 5172 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:13:13.0762 5172 1394ohci - ok
16:13:13.0824 5172 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:13:13.0824 5172 ACPI - ok
16:13:13.0840 5172 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:13:13.0840 5172 AcpiPmi - ok
16:13:14.0074 5172 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:13:14.0074 5172 AdobeARMservice - ok
16:13:14.0183 5172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:13:14.0214 5172 adp94xx - ok
16:13:14.0292 5172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:13:14.0308 5172 adpahci - ok
16:13:14.0355 5172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:13:14.0370 5172 adpu320 - ok
16:13:14.0401 5172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:13:14.0401 5172 AeLookupSvc - ok
16:13:14.0448 5172 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
16:13:14.0464 5172 AFD - ok
16:13:14.0526 5172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:13:14.0526 5172 agp440 - ok
16:13:14.0573 5172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:13:14.0573 5172 ALG - ok
16:13:14.0635 5172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:13:14.0635 5172 aliide - ok
16:13:14.0776 5172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:13:14.0776 5172 amdide - ok
16:13:14.0838 5172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:13:14.0838 5172 AmdK8 - ok
16:13:14.0869 5172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:13:14.0869 5172 AmdPPM - ok
16:13:14.0979 5172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:13:14.0979 5172 amdsbs - ok
16:13:15.0088 5172 [ 8F1E8ACB9620FAC891FAF5577C0AC662 ] appdrv01 C:\Windows\system32\Drivers\appdrv01.sys
16:13:15.0181 5172 appdrv01 - ok
16:13:15.0228 5172 appdrvrem01 - ok
16:13:15.0259 5172 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:13:15.0259 5172 AppID - ok
16:13:15.0291 5172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:13:15.0291 5172 AppIDSvc - ok
16:13:15.0337 5172 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
16:13:15.0337 5172 Appinfo - ok
16:13:15.0369 5172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:13:15.0369 5172 arc - ok
16:13:15.0384 5172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:13:15.0400 5172 arcsas - ok
16:13:15.0431 5172 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:13:15.0447 5172 aswFsBlk - ok
16:13:15.0493 5172 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:13:15.0493 5172 aswMonFlt - ok
16:13:15.0509 5172 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:13:15.0525 5172 aswRdr - ok
16:13:15.0571 5172 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:13:15.0587 5172 aswSnx - ok
16:13:15.0618 5172 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:13:15.0618 5172 aswSP - ok
16:13:15.0634 5172 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:13:15.0634 5172 aswTdi - ok
16:13:15.0665 5172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:15.0665 5172 AsyncMac - ok
16:13:15.0696 5172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:13:15.0696 5172 atapi - ok
16:13:15.0759 5172 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:13:15.0774 5172 AudioEndpointBuilder - ok
16:13:15.0790 5172 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:13:15.0790 5172 AudioSrv - ok
16:13:15.0993 5172 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:13:15.0993 5172 avast! Antivirus - ok
16:13:16.0071 5172 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:13:16.0086 5172 AxInstSV - ok
16:13:16.0149 5172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:13:16.0164 5172 b06bdrv - ok
16:13:16.0211 5172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:16.0242 5172 b57nd60a - ok
16:13:16.0258 5172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:13:16.0258 5172 BDESVC - ok
16:13:16.0273 5172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:13:16.0273 5172 Beep - ok
16:13:16.0320 5172 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
16:13:16.0336 5172 BFE - ok
16:13:16.0367 5172 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
16:13:16.0383 5172 BITS - ok
16:13:16.0429 5172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:13:16.0429 5172 blbdrive - ok
16:13:16.0492 5172 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:13:16.0492 5172 bowser - ok
16:13:16.0523 5172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:13:16.0523 5172 BrFiltLo - ok
16:13:16.0554 5172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:13:16.0570 5172 BrFiltUp - ok
16:13:16.0617 5172 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
16:13:16.0617 5172 Browser - ok
16:13:16.0632 5172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:13:16.0648 5172 Brserid - ok
16:13:16.0663 5172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:16.0663 5172 BrSerWdm - ok
16:13:16.0695 5172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:16.0695 5172 BrUsbMdm - ok
16:13:16.0695 5172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:16.0695 5172 BrUsbSer - ok
16:13:16.0710 5172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:13:16.0710 5172 BTHMODEM - ok
16:13:16.0741 5172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:13:16.0741 5172 bthserv - ok
16:13:16.0757 5172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:13:16.0757 5172 cdfs - ok
16:13:16.0773 5172 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:13:16.0773 5172 cdrom - ok
16:13:16.0788 5172 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
16:13:16.0788 5172 CertPropSvc - ok
16:13:16.0804 5172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:13:16.0804 5172 circlass - ok
16:13:16.0835 5172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:13:16.0835 5172 CLFS - ok
16:13:16.0882 5172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:16.0882 5172 clr_optimization_v2.0.50727_32 - ok
16:13:16.0913 5172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:13:16.0913 5172 clr_optimization_v2.0.50727_64 - ok
16:13:17.0038 5172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:17.0038 5172 clr_optimization_v4.0.30319_32 - ok
16:13:17.0147 5172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:13:17.0147 5172 clr_optimization_v4.0.30319_64 - ok
16:13:17.0194 5172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:17.0209 5172 CmBatt - ok
16:13:17.0272 5172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:13:17.0272 5172 cmdide - ok
16:13:17.0428 5172 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
16:13:17.0443 5172 CNG - ok
16:13:17.0553 5172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:13:17.0553 5172 Compbatt - ok
16:13:17.0646 5172 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:13:17.0646 5172 CompositeBus - ok
16:13:17.0646 5172 COMSysApp - ok
16:13:17.0677 5172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:13:17.0677 5172 crcdisk - ok
16:13:17.0755 5172 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:13:17.0771 5172 CryptSvc - ok
16:13:17.0896 5172 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:13:17.0927 5172 cvhsvc - ok
16:13:17.0974 5172 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:13:17.0989 5172 DcomLaunch - ok
16:13:18.0052 5172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:13:18.0052 5172 defragsvc - ok
16:13:18.0099 5172 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:13:18.0099 5172 DfsC - ok
16:13:18.0145 5172 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
16:13:18.0145 5172 Dhcp - ok
16:13:18.0208 5172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:13:18.0208 5172 discache - ok
16:13:18.0270 5172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:13:18.0270 5172 Disk - ok
16:13:18.0301 5172 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:13:18.0301 5172 Dnscache - ok
16:13:18.0364 5172 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
16:13:18.0364 5172 dot3svc - ok
16:13:18.0426 5172 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
16:13:18.0426 5172 DPS - ok
16:13:18.0504 5172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:13:18.0504 5172 drmkaud - ok
16:13:18.0567 5172 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:13:18.0567 5172 dtsoftbus01 - ok
16:13:18.0613 5172 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:13:18.0629 5172 DXGKrnl - ok
16:13:18.0676 5172 [ 60633132A929C09FE78FAB16541F9E71 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
16:13:18.0676 5172 e1cexpress - ok
16:13:18.0738 5172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:13:18.0738 5172 EapHost - ok
16:13:18.0816 5172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:13:18.0910 5172 ebdrv - ok
16:13:18.0972 5172 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
16:13:18.0972 5172 EFS - ok
16:13:19.0066 5172 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:13:19.0081 5172 ehRecvr - ok
16:13:19.0097 5172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:13:19.0097 5172 ehSched - ok
16:13:19.0159 5172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:13:19.0175 5172 elxstor - ok
16:13:19.0175 5172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:13:19.0191 5172 ErrDev - ok
16:13:19.0300 5172 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
16:13:19.0300 5172 esgiguard - ok
16:13:19.0315 5172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:13:19.0315 5172 EventSystem - ok
16:13:19.0347 5172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:13:19.0347 5172 exfat - ok
16:13:19.0347 5172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:13:19.0362 5172 fastfat - ok
16:13:19.0378 5172 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
16:13:19.0393 5172 Fax - ok
16:13:19.0409 5172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:13:19.0409 5172 fdc - ok
16:13:19.0425 5172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:13:19.0425 5172 fdPHost - ok
16:13:19.0440 5172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:13:19.0456 5172 FDResPub - ok
16:13:19.0471 5172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:13:19.0471 5172 FileInfo - ok
16:13:19.0518 5172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:13:19.0518 5172 Filetrace - ok
16:13:19.0534 5172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:19.0534 5172 flpydisk - ok
16:13:19.0565 5172 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:13:19.0565 5172 FltMgr - ok
16:13:19.0659 5172 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
16:13:19.0705 5172 FontCache - ok
16:13:19.0768 5172 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:13:19.0768 5172 FontCache3.0.0.0 - ok
16:13:19.0768 5172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:13:19.0783 5172 FsDepends - ok
16:13:19.0815 5172 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:13:19.0815 5172 Fs_Rec - ok
16:13:19.0861 5172 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:13:19.0861 5172 fvevol - ok
16:13:19.0939 5172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:13:19.0939 5172 gagp30kx - ok
16:13:20.0064 5172 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
16:13:20.0064 5172 gpsvc - ok
16:13:20.0158 5172 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:13:20.0158 5172 gupdate - ok
16:13:20.0205 5172 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:13:20.0205 5172 gupdatem - ok
16:13:20.0236 5172 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:13:20.0236 5172 gusvc - ok
16:13:20.0251 5172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:13:20.0251 5172 hcw85cir - ok
16:13:20.0314 5172 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:13:20.0314 5172 HdAudAddService - ok
16:13:20.0361 5172 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:13:20.0361 5172 HDAudBus - ok
16:13:20.0376 5172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:13:20.0376 5172 HidBatt - ok
16:13:20.0392 5172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:13:20.0392 5172 HidBth - ok
16:13:20.0407 5172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:13:20.0407 5172 HidIr - ok
16:13:20.0439 5172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:13:20.0439 5172 hidserv - ok
16:13:20.0485 5172 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:13:20.0485 5172 HidUsb - ok
16:13:20.0485 5172 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:13:20.0501 5172 hkmsvc - ok
16:13:20.0517 5172 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:13:20.0517 5172 HomeGroupListener - ok
16:13:20.0548 5172 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:13:20.0563 5172 HomeGroupProvider - ok
16:13:20.0610 5172 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:13:20.0610 5172 HpSAMD - ok
16:13:20.0673 5172 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:13:20.0673 5172 HTTP - ok
16:13:20.0688 5172 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:13:20.0688 5172 hwpolicy - ok
16:13:20.0704 5172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:13:20.0704 5172 i8042prt - ok
16:13:20.0751 5172 [ 87A72502C8AC5E89B5A46FF6E874F5C5 ] IAMTVE C:\Windows\system32\DRIVERS\IAMTVE.sys
16:13:20.0751 5172 IAMTVE - ok
16:13:20.0797 5172 [ 5516F8E518A2F6A8755498F3E73957CF ] IAMTXPE C:\Windows\system32\DRIVERS\IAMTXPE.sys
16:13:20.0797 5172 IAMTXPE - ok
16:13:20.0813 5172 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:13:20.0813 5172 iaStor - ok
16:13:20.0891 5172 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:13:20.0891 5172 IAStorDataMgrSvc - ok
16:13:21.0078 5172 [ 513DC087CFED7D2BB82F005385D3531F ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
16:13:21.0094 5172 iaStorV - ok
16:13:21.0312 5172 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:13:21.0343 5172 idsvc - ok
16:13:21.0406 5172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:13:21.0406 5172 iirsp - ok
16:13:21.0453 5172 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
16:13:21.0468 5172 IKEEXT - ok
16:13:21.0624 5172 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:13:21.0718 5172 IntcAzAudAddService - ok
16:13:21.0812 5172 [ A1E1304444BC82C827A09AEB393C0450 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
16:13:21.0812 5172 Intel(R) PROSet Monitoring Service - ok
16:13:21.0874 5172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:13:21.0890 5172 intelide - ok
16:13:21.0936 5172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:13:21.0936 5172 intelppm - ok
16:13:21.0999 5172 [ E45575812630B049CE0F679D87561A4D ] ioatdma1 C:\Windows\System32\Drivers\qd162x64.sys
16:13:22.0014 5172 ioatdma1 - ok
16:13:22.0030 5172 [ 2C23820DD9E81199E60F553EB50BC449 ] ioatdma2 C:\Windows\System32\Drivers\qd262x64.sys
16:13:22.0030 5172 ioatdma2 - ok
16:13:22.0061 5172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:13:22.0061 5172 IPBusEnum - ok
16:13:22.0092 5172 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:22.0092 5172 IpFilterDriver - ok
16:13:22.0155 5172 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:13:22.0155 5172 iphlpsvc - ok
16:13:22.0186 5172 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:13:22.0186 5172 IPMIDRV - ok
16:13:22.0202 5172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:13:22.0202 5172 IPNAT - ok
16:13:22.0217 5172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:13:22.0217 5172 IRENUM - ok
16:13:22.0233 5172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:13:22.0233 5172 isapnp - ok
16:13:22.0264 5172 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:13:22.0264 5172 iScsiPrt - ok
16:13:22.0295 5172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:22.0295 5172 kbdclass - ok
16:13:22.0326 5172 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:13:22.0326 5172 kbdhid - ok
16:13:22.0389 5172 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
16:13:22.0389 5172 KeyIso - ok
16:13:22.0420 5172 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:13:22.0420 5172 KSecDD - ok
16:13:22.0436 5172 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:13:22.0436 5172 KSecPkg - ok
16:13:22.0436 5172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:13:22.0451 5172 ksthunk - ok
16:13:22.0498 5172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:13:22.0498 5172 KtmRm - ok
16:13:22.0592 5172 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:13:22.0592 5172 LanmanServer - ok
16:13:22.0607 5172 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:13:22.0623 5172 LanmanWorkstation - ok
16:13:22.0670 5172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:13:22.0670 5172 lltdio - ok
16:13:22.0685 5172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:13:22.0701 5172 lltdsvc - ok
16:13:22.0716 5172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:13:22.0716 5172 lmhosts - ok
16:13:22.0763 5172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:13:22.0763 5172 LSI_FC - ok
16:13:22.0794 5172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:13:22.0810 5172 LSI_SAS - ok
16:13:22.0841 5172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:13:22.0857 5172 LSI_SAS2 - ok
16:13:22.0888 5172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:13:22.0888 5172 LSI_SCSI - ok
16:13:22.0904 5172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:13:22.0904 5172 luafv - ok
16:13:22.0966 5172 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:13:22.0966 5172 MBAMProtector - ok
16:13:23.0028 5172 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:13:23.0028 5172 MBAMScheduler - ok
16:13:23.0075 5172 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:13:23.0091 5172 MBAMService - ok
16:13:23.0106 5172 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:13:23.0106 5172 Mcx2Svc - ok
16:13:23.0138 5172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:13:23.0138 5172 megasas - ok
16:13:23.0169 5172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:13:23.0169 5172 MegaSR - ok
16:13:23.0216 5172 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:13:23.0216 5172 MEIx64 - ok
16:13:23.0231 5172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:13:23.0247 5172 MMCSS - ok
16:13:23.0247 5172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:13:23.0247 5172 Modem - ok
16:13:23.0262 5172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:13:23.0262 5172 monitor - ok
16:13:23.0262 5172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:13:23.0278 5172 mouclass - ok
16:13:23.0294 5172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:13:23.0294 5172 mouhid - ok
16:13:23.0325 5172 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:13:23.0340 5172 mountmgr - ok
16:13:23.0403 5172 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:13:23.0403 5172 MozillaMaintenance - ok
16:13:23.0450 5172 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:13:23.0450 5172 mpio - ok
16:13:23.0465 5172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:13:23.0465 5172 mpsdrv - ok
16:13:23.0496 5172 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:13:23.0512 5172 MpsSvc - ok
16:13:23.0528 5172 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:13:23.0528 5172 MRxDAV - ok
16:13:23.0559 5172 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:23.0559 5172 mrxsmb - ok
16:13:23.0590 5172 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:23.0590 5172 mrxsmb10 - ok
16:13:23.0637 5172 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:23.0652 5172 mrxsmb20 - ok
16:13:23.0652 5172 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:13:23.0652 5172 msahci - ok
16:13:23.0684 5172 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:13:23.0699 5172 msdsm - ok
16:13:23.0762 5172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:13:23.0762 5172 MSDTC - ok
16:13:23.0793 5172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:13:23.0808 5172 Msfs - ok
16:13:23.0824 5172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:13:23.0840 5172 mshidkmdf - ok
16:13:23.0886 5172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:13:23.0886 5172 msisadrv - ok
16:13:23.0933 5172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:13:23.0933 5172 MSiSCSI - ok
16:13:23.0933 5172 msiserver - ok
16:13:24.0011 5172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:13:24.0011 5172 MSKSSRV - ok
16:13:24.0027 5172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:24.0027 5172 MSPCLOCK - ok
16:13:24.0027 5172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:13:24.0027 5172 MSPQM - ok
16:13:24.0042 5172 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:13:24.0058 5172 MsRPC - ok
16:13:24.0089 5172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:13:24.0089 5172 mssmbios - ok
16:13:24.0120 5172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:13:24.0120 5172 MSTEE - ok
16:13:24.0136 5172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:13:24.0152 5172 MTConfig - ok
16:13:24.0152 5172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:13:24.0152 5172 Mup - ok
16:13:24.0183 5172 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
16:13:24.0198 5172 napagent - ok
16:13:24.0245 5172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:13:24.0261 5172 NativeWifiP - ok
16:13:24.0308 5172 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:13:24.0323 5172 NDIS - ok
16:13:24.0339 5172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:24.0339 5172 NdisCap - ok
16:13:24.0370 5172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:24.0370 5172 NdisTapi - ok
16:13:24.0386 5172 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:24.0386 5172 Ndisuio - ok
16:13:24.0401 5172 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:24.0417 5172 NdisWan - ok
16:13:24.0417 5172 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:13:24.0432 5172 NDProxy - ok
16:13:24.0432 5172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:13:24.0448 5172 NetBIOS - ok
16:13:24.0448 5172 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:13:24.0464 5172 NetBT - ok
16:13:24.0495 5172 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
16:13:24.0495 5172 Netlogon - ok
16:13:24.0526 5172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:13:24.0526 5172 Netman - ok
16:13:24.0620 5172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:13:24.0682 5172 netprofm - ok
16:13:24.0698 5172 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:13:24.0713 5172 NetTcpPortSharing - ok
16:13:24.0744 5172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:13:24.0760 5172 nfrd960 - ok
16:13:24.0791 5172 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:13:24.0807 5172 NlaSvc - ok
16:13:24.0822 5172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:13:24.0822 5172 Npfs - ok
16:13:24.0838 5172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:13:24.0838 5172 nsi - ok
16:13:24.0838 5172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:13:24.0854 5172 nsiproxy - ok
16:13:24.0900 5172 [ 1AD8FEF2D6AC7116B68B887A9782FD33 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:13:24.0932 5172 Ntfs - ok
16:13:24.0978 5172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:13:24.0994 5172 Null - ok
16:13:25.0072 5172 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
16:13:25.0072 5172 nusb3hub - ok
16:13:25.0134 5172 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:13:25.0134 5172 nusb3xhc - ok
16:13:25.0197 5172 [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:13:25.0197 5172 NVHDA - ok
16:13:25.0914 5172 [ C259E11C6EC43BB6B98742E399CB2304 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:13:26.0133 5172 nvlddmkm - ok
16:13:26.0195 5172 [ DEAB10231CBDB0881FC25428EBE11506 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
16:13:26.0211 5172 nvraid - ok
16:13:26.0258 5172 [ 0AF7B8136794E23E87BE138992880E64 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
16:13:26.0258 5172 nvstor - ok
16:13:26.0304 5172 [ 5B36DC51394A478BBC3757B8F0A1B94F ] NVSvc C:\Windows\system32\nvvsvc.exe
16:13:26.0320 5172 NVSvc - ok
16:13:26.0382 5172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:13:26.0382 5172 nv_agp - ok
16:13:26.0429 5172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:13:26.0429 5172 ohci1394 - ok
16:13:26.0492 5172 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:13:26.0492 5172 ose - ok
16:13:27.0100 5172 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:13:27.0194 5172 osppsvc - ok
16:13:27.0318 5172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:13:27.0350 5172 p2pimsvc - ok
16:13:27.0396 5172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:13:27.0396 5172 p2psvc - ok
16:13:27.0428 5172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:13:27.0428 5172 Parport - ok
16:13:27.0474 5172 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:13:27.0474 5172 partmgr - ok
16:13:27.0584 5172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:13:27.0584 5172 PcaSvc - ok
16:13:27.0630 5172 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
16:13:27.0630 5172 pci - ok
16:13:27.0677 5172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:13:27.0677 5172 pciide - ok
16:13:27.0724 5172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:13:27.0724 5172 pcmcia - ok
16:13:27.0740 5172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:13:27.0755 5172 pcw - ok
16:13:27.0818 5172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:13:27.0864 5172 PEAUTH - ok
16:13:27.0989 5172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:13:27.0989 5172 PerfHost - ok
16:13:28.0052 5172 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
16:13:28.0130 5172 pla - ok
16:13:28.0254 5172 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:13:28.0270 5172 PlugPlay - ok
16:13:28.0348 5172 PnkBstrA - ok
16:13:28.0364 5172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:13:28.0364 5172 PNRPAutoReg - ok
16:13:28.0379 5172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:13:28.0379 5172 PNRPsvc - ok
16:13:28.0410 5172 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:13:28.0426 5172 PolicyAgent - ok
16:13:28.0442 5172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:13:28.0457 5172 Power - ok
16:13:28.0473 5172 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:13:28.0473 5172 PptpMiniport - ok
16:13:28.0488 5172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:13:28.0504 5172 Processor - ok
16:13:28.0520 5172 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
16:13:28.0520 5172 ProfSvc - ok
16:13:28.0535 5172 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:13:28.0535 5172 ProtectedStorage - ok
16:13:28.0566 5172 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:13:28.0566 5172 Psched - ok
16:13:28.0613 5172 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
16:13:28.0613 5172 PSI_SVC_2 - ok
16:13:28.0707 5172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:13:28.0738 5172 ql2300 - ok
16:13:28.0785 5172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:13:28.0785 5172 ql40xx - ok
16:13:28.0832 5172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:13:28.0832 5172 QWAVE - ok
16:13:28.0832 5172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:13:28.0832 5172 QWAVEdrv - ok
16:13:28.0863 5172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:13:28.0863 5172 RasAcd - ok
16:13:28.0878 5172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:28.0878 5172 RasAgileVpn - ok
16:13:28.0894 5172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:13:28.0894 5172 RasAuto - ok
16:13:28.0894 5172 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:28.0910 5172 Rasl2tp - ok
16:13:28.0910 5172 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
16:13:28.0925 5172 RasMan - ok
16:13:28.0941 5172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:28.0941 5172 RasPppoe - ok
16:13:28.0956 5172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:13:28.0956 5172 RasSstp - ok
16:13:28.0956 5172 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:13:28.0972 5172 rdbss - ok
16:13:28.0988 5172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:13:28.0988 5172 rdpbus - ok
16:13:29.0019 5172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:29.0034 5172 RDPCDD - ok
16:13:29.0034 5172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:13:29.0050 5172 RDPENCDD - ok
16:13:29.0066 5172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:13:29.0066 5172 RDPREFMP - ok
16:13:29.0081 5172 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:13:29.0097 5172 RDPWD - ok
16:13:29.0097 5172 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:13:29.0097 5172 rdyboost - ok
16:13:29.0128 5172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:13:29.0128 5172 RemoteAccess - ok
16:13:29.0159 5172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:13:29.0175 5172 RemoteRegistry - ok
16:13:29.0222 5172 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:13:29.0222 5172 RimUsb - ok
16:13:29.0284 5172 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:13:29.0284 5172 RimVSerPort - ok
16:13:29.0362 5172 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
16:13:29.0378 5172 ROOTMODEM - ok
16:13:29.0378 5172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:13:29.0393 5172 RpcEptMapper - ok
16:13:29.0409 5172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:13:29.0409 5172 RpcLocator - ok
16:13:29.0424 5172 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
16:13:29.0440 5172 RpcSs - ok
16:13:29.0471 5172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:13:29.0471 5172 rspndr - ok
16:13:29.0534 5172 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:13:29.0534 5172 RTL8167 - ok
16:13:29.0612 5172 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
16:13:29.0627 5172 RTL8192su - ok
16:13:29.0643 5172 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
16:13:29.0643 5172 SamSs - ok
16:13:29.0705 5172 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:13:29.0705 5172 sbp2port - ok
16:13:29.0736 5172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:13:29.0752 5172 SCardSvr - ok
16:13:29.0752 5172 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:13:29.0768 5172 scfilter - ok
16:13:29.0799 5172 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
16:13:29.0877 5172 Schedule - ok
16:13:29.0908 5172 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:13:29.0908 5172 SCPolicySvc - ok
16:13:29.0924 5172 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:13:29.0924 5172 SDRSVC - ok
16:13:29.0939 5172 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
16:13:29.0939 5172 seclogon - ok
16:13:29.0955 5172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:13:29.0955 5172 SENS - ok
16:13:29.0970 5172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:13:29.0986 5172 SensrSvc - ok
16:13:30.0017 5172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:13:30.0017 5172 Serenum - ok
16:13:30.0064 5172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:13:30.0064 5172 Serial - ok
16:13:30.0095 5172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:13:30.0111 5172 sermouse - ok
16:13:30.0126 5172 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
16:13:30.0126 5172 SessionEnv - ok
16:13:30.0189 5172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:13:30.0189 5172 sffdisk - ok
16:13:30.0220 5172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:13:30.0220 5172 sffp_mmc - ok
16:13:30.0251 5172 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:13:30.0251 5172 sffp_sd - ok
16:13:30.0267 5172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:13:30.0267 5172 sfloppy - ok
16:13:30.0329 5172 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
16:13:30.0329 5172 Sftfs - ok
16:13:30.0438 5172 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:13:30.0516 5172 sftlist - ok
16:13:30.0610 5172 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:13:30.0626 5172 Sftplay - ok
16:13:30.0657 5172 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:13:30.0657 5172 Sftredir - ok
16:13:30.0719 5172 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
16:13:30.0735 5172 Sftvol - ok
16:13:30.0750 5172 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:13:30.0766 5172 sftvsa - ok
16:13:30.0782 5172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:13:30.0797 5172 SharedAccess - ok
16:13:30.0813 5172 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:13:30.0813 5172 ShellHWDetection - ok
16:13:30.0828 5172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:13:30.0828 5172 SiSRaid2 - ok
16:13:30.0860 5172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:13:30.0860 5172 SiSRaid4 - ok
16:13:30.0969 5172 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:13:30.0984 5172 SkypeUpdate - ok
16:13:31.0016 5172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:13:31.0016 5172 Smb - ok
16:13:31.0062 5172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:13:31.0062 5172 SNMPTRAP - ok
16:13:31.0764 5172 [ EAC2D7A0CD9A3B3A2B0E77DD8C7E038E ] SNP2STD C:\Windows\system32\DRIVERS\snp2sxp.sys
16:13:31.0998 5172 SNP2STD - ok
16:13:32.0045 5172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:13:32.0045 5172 spldr - ok
16:13:32.0108 5172 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
16:13:32.0123 5172 Spooler - ok
16:13:32.0232 5172 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
16:13:32.0326 5172 sppsvc - ok
16:13:32.0373 5172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:13:32.0373 5172 sppuinotify - ok
16:13:32.0685 5172 [ 2ED464C8CBC399E69FBF776A8EBC3302 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
16:13:32.0700 5172 SpyHunter 4 Service - ok
16:13:32.0732 5172 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:13:32.0747 5172 srv - ok
16:13:32.0763 5172 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:13:32.0778 5172 srv2 - ok
16:13:32.0888 5172 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:13:32.0919 5172 srvnet - ok
16:13:32.0934 5172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:13:32.0934 5172 SSDPSRV - ok
16:13:32.0950 5172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:13:32.0966 5172 SstpSvc - ok
16:13:33.0012 5172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:13:33.0012 5172 stexstor - ok
16:13:33.0075 5172 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
16:13:33.0090 5172 stisvc - ok
16:13:33.0106 5172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:13:33.0106 5172 swenum - ok
16:13:33.0168 5172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:13:33.0184 5172 swprv - ok
16:13:33.0278 5172 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
16:13:33.0324 5172 SysMain - ok
16:13:33.0371 5172 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:13:33.0371 5172 TabletInputService - ok
16:13:33.0418 5172 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:13:33.0418 5172 TapiSrv - ok
16:13:33.0434 5172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:13:33.0434 5172 TBS - ok
16:13:33.0512 5172 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:13:33.0590 5172 Tcpip - ok
16:13:33.0746 5172 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:13:33.0761 5172 TCPIP6 - ok
16:13:33.0808 5172 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:13:33.0808 5172 tcpipreg - ok
16:13:33.0839 5172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:13:33.0839 5172 TDPIPE - ok
16:13:33.0886 5172 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:13:33.0902 5172 TDTCP - ok
16:13:33.0933 5172 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:13:33.0933 5172 tdx - ok
16:13:34.0011 5172 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:13:34.0011 5172 TermDD - ok
16:13:34.0073 5172 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
16:13:34.0089 5172 TermService - ok
16:13:34.0136 5172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:13:34.0151 5172 Themes - ok
16:13:34.0182 5172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:13:34.0182 5172 THREADORDER - ok
16:13:34.0214 5172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:13:34.0229 5172 TrkWks - ok
16:13:34.0276 5172 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:13:34.0292 5172 TrustedInstaller - ok
16:13:34.0292 5172 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:34.0307 5172 tssecsrv - ok
16:13:34.0338 5172 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:13:34.0338 5172 tunnel - ok
16:13:34.0385 5172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:13:34.0385 5172 uagp35 - ok
16:13:34.0401 5172 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:13:34.0401 5172 udfs - ok
16:13:34.0479 5172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:13:34.0479 5172 UI0Detect - ok
16:13:34.0526 5172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:13:34.0526 5172 uliagpkx - ok
16:13:34.0572 5172 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:13:34.0572 5172 umbus - ok
16:13:34.0588 5172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:13:34.0588 5172 UmPass - ok
16:13:34.0635 5172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:13:34.0635 5172 upnphost - ok
16:13:34.0697 5172 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:34.0713 5172 usbccgp - ok
16:13:34.0744 5172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:13:34.0744 5172 usbcir - ok
16:13:34.0775 5172 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:13:34.0775 5172 usbehci - ok
16:13:34.0884 5172 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:13:34.0884 5172 usbhub - ok
16:13:34.0916 5172 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:13:34.0916 5172 usbohci - ok
16:13:34.0962 5172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:13:34.0962 5172 usbprint - ok
16:13:34.0978 5172 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:34.0978 5172 USBSTOR - ok
16:13:35.0009 5172 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:13:35.0025 5172 usbuhci - ok
16:13:35.0025 5172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:13:35.0040 5172 UxSms - ok
16:13:35.0103 5172 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
16:13:35.0103 5172 VaultSvc - ok
16:13:35.0118 5172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:13:35.0134 5172 vdrvroot - ok
16:13:35.0306 5172 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
16:13:35.0368 5172 vds - ok
16:13:35.0415 5172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:35.0430 5172 vga - ok
16:13:35.0462 5172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:13:35.0462 5172 VgaSave - ok
16:13:35.0493 5172 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:13:35.0493 5172 vhdmp - ok
16:13:35.0508 5172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:13:35.0508 5172 viaide - ok
16:13:35.0555 5172 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:13:35.0555 5172 volmgr - ok
16:13:35.0571 5172 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:13:35.0571 5172 volmgrx - ok
16:13:35.0602 5172 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:13:35.0618 5172 volsnap - ok
16:13:35.0664 5172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:13:35.0664 5172 vsmraid - ok
16:13:35.0805 5172 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
16:13:35.0867 5172 VSS - ok
16:13:35.0883 5172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:13:35.0898 5172 vwifibus - ok
16:13:35.0961 5172 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:13:35.0961 5172 vwififlt - ok
16:13:36.0039 5172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:13:36.0054 5172 W32Time - ok
16:13:36.0101 5172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:13:36.0101 5172 WacomPen - ok
16:13:36.0132 5172 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:13:36.0148 5172 WANARP - ok
16:13:36.0148 5172 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:13:36.0148 5172 Wanarpv6 - ok
16:13:36.0320 5172 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:13:36.0335 5172 WatAdminSvc - ok
16:13:36.0398 5172 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
16:13:36.0460 5172 wbengine - ok
16:13:36.0507 5172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:13:36.0507 5172 WbioSrvc - ok
16:13:36.0554 5172 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:13:36.0569 5172 wcncsvc - ok
16:13:36.0569 5172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:13:36.0585 5172 WcsPlugInService - ok
16:13:36.0632 5172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:13:36.0632 5172 Wd - ok
16:13:36.0678 5172 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:13:36.0678 5172 Wdf01000 - ok
16:13:36.0694 5172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:13:36.0694 5172 WdiServiceHost - ok
16:13:36.0694 5172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:13:36.0710 5172 WdiSystemHost - ok
16:13:36.0725 5172 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
16:13:36.0741 5172 WebClient - ok
16:13:36.0788 5172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:13:36.0788 5172 Wecsvc - ok
16:13:36.0850 5172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:13:36.0850 5172 wercplsupport - ok
16:13:36.0881 5172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:13:36.0897 5172 WerSvc - ok
16:13:36.0912 5172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:36.0912 5172 WfpLwf - ok
16:13:36.0944 5172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:13:36.0944 5172 WIMMount - ok
16:13:37.0022 5172 WinDefend - ok
16:13:37.0022 5172 WinHttpAutoProxySvc - ok
16:13:37.0365 5172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:13:37.0365 5172 Winmgmt - ok
16:13:37.0770 5172 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:13:37.0817 5172 WinRM - ok
16:13:38.0004 5172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:13:38.0051 5172 Wlansvc - ok
16:13:38.0207 5172 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:13:38.0223 5172 wlcrasvc - ok
16:13:38.0566 5172 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:13:38.0613 5172 wlidsvc - ok
16:13:38.0644 5172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:13:38.0644 5172 WmiAcpi - ok
16:13:38.0675 5172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:13:38.0691 5172 wmiApSrv - ok
16:13:38.0691 5172 WMPNetworkSvc - ok
16:13:38.0738 5172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:13:38.0738 5172 WPCSvc - ok
16:13:38.0769 5172 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:13:38.0784 5172 WPDBusEnum - ok
16:13:38.0784 5172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:13:38.0800 5172 ws2ifsl - ok
16:13:38.0831 5172 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
16:13:38.0831 5172 wscsvc - ok
16:13:38.0847 5172 WSearch - ok
16:13:39.0564 5172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:13:39.0658 5172 wuauserv - ok
16:13:39.0674 5172 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:13:39.0674 5172 WudfPf - ok
16:13:39.0705 5172 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:39.0705 5172 WUDFRd - ok
16:13:39.0720 5172 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:13:39.0720 5172 wudfsvc - ok
16:13:39.0752 5172 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:13:39.0767 5172 WwanSvc - ok
16:13:39.0814 5172 ================ Scan global ===============================
16:13:39.0861 5172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:13:39.0892 5172 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:13:39.0908 5172 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:13:39.0970 5172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:13:40.0032 5172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:13:40.0032 5172 [Global] - ok
16:13:40.0032 5172 ================ Scan MBR ==================================
16:13:40.0048 5172 [ 753CA1D394F3C0855134963D7361060F ] \Device\Harddisk0\DR0
16:13:41.0936 5172 \Device\Harddisk0\DR0 - ok
16:13:41.0936 5172 ================ Scan VBR ==================================
16:13:41.0951 5172 [ A2963103963C54EF7E5D80AA75846B1C ] \Device\Harddisk0\DR0\Partition1
16:13:41.0967 5172 \Device\Harddisk0\DR0\Partition1 - ok
16:13:41.0967 5172 [ B0028B7FDF93D2C8561E659F34950BA4 ] \Device\Harddisk0\DR0\Partition2
16:13:41.0982 5172 \Device\Harddisk0\DR0\Partition2 - ok
16:13:41.0998 5172 [ 1DBDC554DF4D3282BF9FC396F63C2CA0 ] \Device\Harddisk0\DR0\Partition3
16:13:41.0998 5172 \Device\Harddisk0\DR0\Partition3 - ok
16:13:41.0998 5172 ============================================================
16:13:41.0998 5172 Scan finished
16:13:41.0998 5172 ============================================================
16:13:42.0014 1528 Detected object count: 0
16:13:42.0014 1528 Actual detected object count: 0
16:13:57.0255 3000 Deinitialize success

Already awaiting your reply!
Greetz
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby Gary R » October 17th, 2012, 12:01 pm

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

BitTorrent
BittorrentBar_NL Toolbar
Java(TM) 6 Update 22 (64-bit)
Java(TM) 6 Update 26


Use of P2P programs is the fastest way to an infected machine that I know.

Old versions of java can be exploited. We'll install the latest version later.

Reboot your computer when all those programs have been removed.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\..\URLSearchHook: {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{66A44EED-1664-40C1-A6C7-053A424CA26D}: "URL" = http://search.avg.com/route/?d=4e36f1a5 ... =chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={CAC54072-91EC-4B3F-89AD-EBE500D590C2}&mid=d90f3ea89aef47d1a476bd2b2b0999b7-a9f47d62a881e3340d10a4e4e95d59a39e89090b&lang=nl&ds=AVG&pr=pr&d=2012-08-07 19:27:32&v=12.1.0.21&sap=dsp&q={searchTerms}
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
[2012/08/18 10:58:04 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru
O2 - BHO: (BittorrentBar_NL Toolbar) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_NL Toolbar) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (BittorrentBar_NL Toolbar) - {2D8D9ACC-F6D7-4362-8876-A275CA929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [JAVA] C:\Windows\java.vbs ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O33 - MountPoints2\{0493efca-5b20-11e0-a631-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0493efca-5b20-11e0-a631-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2010/05/28 11:13:27 | 000,304,472 | R--- | M] (Cyanide)
O33 - MountPoints2\{6a659444-5b83-11e0-874e-6c626ded7044}\Shell - "" = AutoRun
O33 - MountPoints2\{6a659444-5b83-11e0-874e-6c626ded7044}\Shell\AutoRun\command - "" = I:\Launcher.exe
[2012/10/17 14:22:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{5B2B3013-A96A-4554-B129-CC91AD010BB8}
[2012/10/16 11:26:25 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{A28C5496-62AB-4639-9E05-7E0F22EBAC4C}
[2012/10/16 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{ED35836E-C0A5-490C-8241-B12266789E13}
[2012/10/16 06:44:17 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{94C4EE08-1472-4958-8185-66AE98E3052E}
[2012/10/15 08:05:03 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{F519E736-1689-4871-8AAF-607A70292379}
[2012/10/14 18:47:20 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{59A1898C-8297-46B4-A703-8A1D4C20CBFE}
[2012/10/13 10:29:48 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{36599C86-C090-45B5-A2CD-C31B4021006B}
[2012/10/12 15:37:36 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{CB12BB76-C551-47B8-B759-20344EB8BE00}
[2012/10/11 16:52:52 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{F614BB45-DE9A-4066-A930-5F53DA4F95F2}
[2012/10/10 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{AE40DAD8-C22B-44A6-8E1A-598ADC9ABF8E}
[2012/10/10 05:20:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{EEA4DB2E-E8DE-4280-BA36-C07E55898F0A}
[2012/10/09 13:02:57 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{B8B69BC6-FA82-489B-B77B-70E2DE142F79}
[2012/10/09 07:07:25 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{683CEE7A-8B06-42D1-8E6B-3ADFB6BB9241}
[2012/10/08 10:57:47 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{3BD8B58E-49C1-40A4-A2BD-808556E69CEE}
[2012/10/07 16:05:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{E5237C69-705D-4BA5-B8E8-08650DE99F54}
[2012/10/06 18:48:49 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{6CADC59E-D21B-4F52-8E64-40BC2A96FDA6}
[2012/10/05 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{55B93F30-C986-40D8-BF9B-4EDC41075130}
[2012/10/04 10:58:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{72DA5E6D-623C-45CA-8761-F141070FA859}
[2012/10/03 22:58:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{61519E94-8482-4261-A031-04F8167BBC14}
[2012/10/03 09:13:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{0DC33576-1F38-4C6C-8041-023A9AC62270}
[2012/10/02 07:08:11 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{85969ECA-5674-4600-A536-561606D11D20}
[2012/10/01 11:39:25 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{2E3394BF-CA9D-40BD-88CF-64A1356D59DC}
[2012/09/30 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{A008D7C2-099E-4FED-94F3-3E58F67F2ED3}
[2012/09/29 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{DBB83FDE-E3A3-41EB-94C4-FEAD49B6C481}
[2012/09/28 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{FA4A4F97-6955-47F2-9AFA-36835D8288B4}
[2012/09/28 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{2D2AFFC6-3639-46C7-9FF4-E17FADF80814}
[2012/09/27 07:03:45 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{100D7149-C397-4F4B-A220-9ED2C7E8E697}
[2012/09/26 12:14:59 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{543CC102-789B-4CB6-94CD-B5F7D4505B08}
[2012/09/25 12:23:13 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{529ED884-68ED-4AEF-864A-1B8270FFB5FE}
[2012/09/24 11:56:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{C3CCB5FC-BD4A-4069-8411-1C7536551692}
[2012/09/23 08:56:15 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{BCB88792-7380-4866-A56E-5546BEEC1C11}
[2012/09/22 11:27:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{749E4A21-0A9B-4EE2-96B4-9A63B4249107}
[2012/09/21 07:40:57 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{A330C7C5-1709-430C-A02F-653C1E39768B}
[2012/09/20 09:32:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{8C65EB38-E881-4177-897A-A68B1825F5CE}
[2012/09/19 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{CEDD8210-319D-41FE-8684-F71C6EA3F770}
[2012/09/18 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{6872FD3B-D988-4222-AC0F-09638095428F}
[2012/09/18 06:47:31 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{0DB1D789-8EE3-440F-AC63-9517ED3D1F6F}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2011/07/06 13:26:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AVG
[2012/01/19 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\BitTorrent
[2012/05/24 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Huakil
[2012/05/24 18:01:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Iwdi
[2012/07/10 16:07:03 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Koip
[2012/07/10 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Kyvie
[2012/05/24 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Udliwe
[2012/05/24 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Unuba
[2012/05/24 13:12:28 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Uvyx
[2012/07/10 16:06:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Yhkuo
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 18th, 2012, 10:38 am

Here you have the Fix log Gary. On to the eset-scan now.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{2d8d9acc-f6d7-4362-8876-a275ca929591} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d8d9acc-f6d7-4362-8876-a275ca929591}\ not found.
File C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Internet Explorer\SearchScopes\{66A44EED-1664-40C1-A6C7-053A424CA26D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66A44EED-1664-40C1-A6C7-053A424CA26D}\ not found.
Registry key HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: ALone-live@ya.ru:1.3.8 removed from extensions.enabledAddons
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\skin\css folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\skin folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\zh-CN folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\tr-TR folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\sv-SE folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\sr folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\ru folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\ro folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\pt-BR folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\pl folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\fr folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\en folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale\de folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\locale folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\defaults\preferences folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\defaults folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru\content folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\ALone-live@ya.ru folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d8d9acc-f6d7-4362-8876-a275ca929591}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d8d9acc-f6d7-4362-8876-a275ca929591}\ not found.
File C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2d8d9acc-f6d7-4362-8876-a275ca929591} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d8d9acc-f6d7-4362-8876-a275ca929591}\ not found.
File C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2D8D9ACC-F6D7-4362-8876-A275CA929591} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D8D9ACC-F6D7-4362-8876-A275CA929591}\ not found.
File C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll not found.
Registry value HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\JAVA not found.
C:\Windows\java.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0493efca-5b20-11e0-a631-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0493efca-5b20-11e0-a631-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0493efca-5b20-11e0-a631-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0493efca-5b20-11e0-a631-806e6f6e6963}\ not found.
File move failed. E:\Launcher.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a659444-5b83-11e0-874e-6c626ded7044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a659444-5b83-11e0-874e-6c626ded7044}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a659444-5b83-11e0-874e-6c626ded7044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a659444-5b83-11e0-874e-6c626ded7044}\ not found.
File I:\Launcher.exe not found.
C:\Users\Christoph\AppData\Local\{5B2B3013-A96A-4554-B129-CC91AD010BB8} folder moved successfully.
C:\Users\Christoph\AppData\Local\{A28C5496-62AB-4639-9E05-7E0F22EBAC4C} folder moved successfully.
C:\Users\Christoph\AppData\Local\{ED35836E-C0A5-490C-8241-B12266789E13} folder moved successfully.
C:\Users\Christoph\AppData\Local\{94C4EE08-1472-4958-8185-66AE98E3052E} folder moved successfully.
C:\Users\Christoph\AppData\Local\{F519E736-1689-4871-8AAF-607A70292379} folder moved successfully.
C:\Users\Christoph\AppData\Local\{59A1898C-8297-46B4-A703-8A1D4C20CBFE} folder moved successfully.
C:\Users\Christoph\AppData\Local\{36599C86-C090-45B5-A2CD-C31B4021006B} folder moved successfully.
C:\Users\Christoph\AppData\Local\{CB12BB76-C551-47B8-B759-20344EB8BE00} folder moved successfully.
C:\Users\Christoph\AppData\Local\{F614BB45-DE9A-4066-A930-5F53DA4F95F2} folder moved successfully.
C:\Users\Christoph\AppData\Local\{AE40DAD8-C22B-44A6-8E1A-598ADC9ABF8E} folder moved successfully.
C:\Users\Christoph\AppData\Local\{EEA4DB2E-E8DE-4280-BA36-C07E55898F0A} folder moved successfully.
C:\Users\Christoph\AppData\Local\{B8B69BC6-FA82-489B-B77B-70E2DE142F79} folder moved successfully.
C:\Users\Christoph\AppData\Local\{683CEE7A-8B06-42D1-8E6B-3ADFB6BB9241} folder moved successfully.
C:\Users\Christoph\AppData\Local\{3BD8B58E-49C1-40A4-A2BD-808556E69CEE} folder moved successfully.
C:\Users\Christoph\AppData\Local\{E5237C69-705D-4BA5-B8E8-08650DE99F54} folder moved successfully.
C:\Users\Christoph\AppData\Local\{6CADC59E-D21B-4F52-8E64-40BC2A96FDA6} folder moved successfully.
C:\Users\Christoph\AppData\Local\{55B93F30-C986-40D8-BF9B-4EDC41075130} folder moved successfully.
C:\Users\Christoph\AppData\Local\{72DA5E6D-623C-45CA-8761-F141070FA859} folder moved successfully.
C:\Users\Christoph\AppData\Local\{61519E94-8482-4261-A031-04F8167BBC14} folder moved successfully.
C:\Users\Christoph\AppData\Local\{0DC33576-1F38-4C6C-8041-023A9AC62270} folder moved successfully.
C:\Users\Christoph\AppData\Local\{85969ECA-5674-4600-A536-561606D11D20} folder moved successfully.
C:\Users\Christoph\AppData\Local\{2E3394BF-CA9D-40BD-88CF-64A1356D59DC} folder moved successfully.
C:\Users\Christoph\AppData\Local\{A008D7C2-099E-4FED-94F3-3E58F67F2ED3} folder moved successfully.
C:\Users\Christoph\AppData\Local\{DBB83FDE-E3A3-41EB-94C4-FEAD49B6C481} folder moved successfully.
C:\Users\Christoph\AppData\Local\{FA4A4F97-6955-47F2-9AFA-36835D8288B4} folder moved successfully.
C:\Users\Christoph\AppData\Local\{2D2AFFC6-3639-46C7-9FF4-E17FADF80814} folder moved successfully.
C:\Users\Christoph\AppData\Local\{100D7149-C397-4F4B-A220-9ED2C7E8E697} folder moved successfully.
C:\Users\Christoph\AppData\Local\{543CC102-789B-4CB6-94CD-B5F7D4505B08} folder moved successfully.
C:\Users\Christoph\AppData\Local\{529ED884-68ED-4AEF-864A-1B8270FFB5FE} folder moved successfully.
C:\Users\Christoph\AppData\Local\{C3CCB5FC-BD4A-4069-8411-1C7536551692} folder moved successfully.
C:\Users\Christoph\AppData\Local\{BCB88792-7380-4866-A56E-5546BEEC1C11} folder moved successfully.
C:\Users\Christoph\AppData\Local\{749E4A21-0A9B-4EE2-96B4-9A63B4249107} folder moved successfully.
C:\Users\Christoph\AppData\Local\{A330C7C5-1709-430C-A02F-653C1E39768B} folder moved successfully.
C:\Users\Christoph\AppData\Local\{8C65EB38-E881-4177-897A-A68B1825F5CE} folder moved successfully.
C:\Users\Christoph\AppData\Local\{CEDD8210-319D-41FE-8684-F71C6EA3F770} folder moved successfully.
C:\Users\Christoph\AppData\Local\{6872FD3B-D988-4222-AC0F-09638095428F} folder moved successfully.
C:\Users\Christoph\AppData\Local\{0DB1D789-8EE3-440F-AC63-9517ED3D1F6F} folder moved successfully.
C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla36.exe deleted successfully.
C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\SysWow64\sho2C9B.tmp deleted successfully.
C:\Windows\SysWow64\sho559E.tmp deleted successfully.
C:\Windows\SysWow64\sho5C52.tmp deleted successfully.
C:\Windows\SysWow64\sho61BE.tmp deleted successfully.
C:\Windows\SysWow64\sho6D71.tmp deleted successfully.
C:\Windows\SysWow64\sho75EC.tmp deleted successfully.
C:\Windows\SysWow64\sho9434.tmp deleted successfully.
C:\Windows\SysWow64\sho9628.tmp deleted successfully.
C:\Windows\SysWow64\shoC7F.tmp deleted successfully.
C:\Windows\SysWow64\shoD6ED.tmp deleted successfully.
C:\Windows\SysWow64\shoE2C0.tmp deleted successfully.
C:\Windows\SysWow64\shoE752.tmp deleted successfully.
C:\Windows\SysWow64\shoF150.tmp deleted successfully.
C:\Windows\SysWow64\shoF871.tmp deleted successfully.
C:\Windows\SysWow64\shoF9B9.tmp deleted successfully.
C:\Windows\SysWow64\shoFFD1.tmp deleted successfully.
C:\Users\Christoph\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Christoph\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Christoph\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Christoph\AppData\Roaming\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Users\Christoph\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Christoph\AppData\Roaming\AVG folder moved successfully.
C:\Users\Christoph\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\Christoph\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\Christoph\AppData\Roaming\BitTorrent folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Huakil folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Iwdi folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Koip folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Kyvie folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Udliwe folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Unuba folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Uvyx folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Yhkuo folder moved successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\Christoph\Desktop\cmd.bat deleted successfully.
C:\Users\Christoph\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christoph
->Temp folder emptied: 119466454 bytes
->Temporary Internet Files folder emptied: 1387538494 bytes
->Java cache emptied: 1128660 bytes
->FireFox cache emptied: 1126222457 bytes
->Flash cache emptied: 10222642 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 391862617 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36046115 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,930.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10182012_161307

Files\Folders moved on Reboot...
File move failed. E:\Launcher.exe scheduled to be moved on reboot.
C:\Users\Christoph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF111D2EB309F4B13D.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF262916AE740C973F.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF2D0826D8BD99AF84.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF3ED22E5546B35212.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF3EFC08572662F187.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF4F651DB71F918914.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF87E31A2BEE40B615.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF8FBF07C08590BD77.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFC62941A878724A51.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFD740BAEEECF656C8.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFD740D73936C3806E.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFE324A196E10F0F82.TMP not found!
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z7HOMM3B\Banners[2].js moved successfully.
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z7HOMM3B\ca[1] not found!
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6MLB4LK\viewtopic[1].htm moved successfully.
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HUJZS8NF\01CAIXJ96E.htm not found!
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4IYZN68K\01CAASDZLQ.htm not found!
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4IYZN68K\01CAXLDN8R.htm not found!
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4IYZN68K\emily[1].html moved successfully.
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Best Regards,
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 18th, 2012, 1:13 pm

There you go, Eset log. I hope this is all, because it seems kinda short. In total 10 threats were found.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 18th, 2012, 1:33 pm

I looked at another topic, just to see what the ESET-log looks like. I am quiet sure the previous post isn't what you wanted, eventhough I found it at your given location. Underneath, you can see the 10 threats ESET found.

C:\Program Files (x86)\Reviversoft\Driver Reviver\ASOHelper.dll a variant of Win32/RegistryReviver application
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007.rar JS/Trackware.ReadNotify.A application
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Guatemala3rd_Edition_September_2007.rar JS/Trackware.ReadNotify.A application
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007.rar JS/Trackware.ReadNotify.A application
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006.rar JS/Trackware.ReadNotify.A application
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Panama4th_Edition_November_2007.rar JS/Trackware.ReadNotify.A application
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006.rar JS/Trackware.ReadNotify.A application
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006.rar JS/Trackware.ReadNotify.A application
C:\Users\Christoph\Downloads\Driver Reviver 3.1\DriverReviverSetup.exe a variant of Win32/RegistryReviver application
C:\Users\Christoph\Downloads\Driver Reviver 3.1\Crack\ASOHelper.dll a variant of Win32/RegistryReviver application

Best Regards,
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby Gary R » October 18th, 2012, 3:50 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Program Files (x86)\Reviversoft\Driver Reviver\ASOHelper.dll
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007.rar
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Guatemala3rd_Edition_September_2007.rar
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007.rar 
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006.rar
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Panama4th_Edition_November_2007.rar
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006.rar
C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006.rar
C:\Users\Christoph\Downloads\Driver Reviver 3.1\DriverReviverSetup.exe
C:\Users\Christoph\Downloads\Driver Reviver 3.1\Crack\ASOHelper.dll 

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Please let me know how your computer is behaving now.

.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 19th, 2012, 9:49 am

This is the result from the last otl-log.

========== FILES ==========
C:\Program Files (x86)\Reviversoft\Driver Reviver\ASOHelper.dll moved successfully.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Guatemala3rd_Edition_September_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Panama4th_Edition_November_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006.rar not found.
C:\Users\Christoph\Downloads\Driver Reviver 3.1\DriverReviverSetup.exe moved successfully.
C:\Users\Christoph\Downloads\Driver Reviver 3.1\Crack\ASOHelper.dll moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10192012_154510

Since I started working on my pc today, I haven't gotten one pop up. Hopefully this stays the same way. If those popups stay away the next couple of days, I hope my pc is cured.

Best Regards,
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 19th, 2012, 9:51 am

While starting up, I noticed that my pc was running very slow. Is there anyway to check, if the pc is running at normal speed?
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby Gary R » October 19th, 2012, 11:31 am

Slow to boot, or running slow after it has booted ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 19th, 2012, 11:36 am

Slow to boot.
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware