Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01
Ran by testuser (administrator) on 27-07-2013 09:05:30
Running from C:\Users\testuser\Desktop\New folder
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Avocent Corporation) C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Super Flexible Software) C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
(Avocent Corporation ) C:\PROGRA~2\LANDesk\LDClient\collector.exe
(Super Flexible Software Ltd. & Co. KG) C:\Program Files (x86)\SuperFlexible\ExtremeVSS.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software Ltd.) C:\Windows\SysWOW64\CBA\pds.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
() C:\PROGRA~2\LANDesk\LDClient\LDregwatch.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() c:\Windows\SysWOW64\srvany.exe
(O2Micro.) c:\Windows\sysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
() C:\Program Files (x86)\Greenshot\Greenshot.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Super Flexible Software) C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\testuser\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392
2011-05-28] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Plantronics MyHeadset Updater] - C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-02-13]
(Plantronics)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKCU\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [Spark] - C:\Program Files (x86)\Spark\Spark.exe [433664 2011-07-01] (Jive Software)
HKCU\...\Run: [Greenshot] - C:\Program Files (x86)\Greenshot\Greenshot.exe [548864 2010-07-12] ()
HKCU\...\Run: [ExtremeSync Background Scheduler] - C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe [14041984 2012-05-29]
(Super Flexible Software)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64] - C:\Windows\system32\cmd.exe /q /c
rmdir /s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64] - C:\Windows\system32\cmd.exe /q /c
rmdir /s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] - C:\Windows\system32\cmd.exe /q /c
rmdir /s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c
rmdir /s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c
rmdir /s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c
rmdir /s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" [345088 2010-11-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Uninstall C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] - C:\Windows\system32\cmd.exe /q /c rmdir
/s /q "C:\Users\testuser\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" [345088 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17]
(Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12]
(Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29]
(CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112
2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [openvpn-gui] - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe [99328 2011-07-01] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems
Incorporated)
HKLM-x32\...\Run: [spark] - C:\Program Files (x86)\Spark\Spark.exe [433664 2011-07-01] (Jive Software)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1378816 2012-07-27] (Trend
Micro Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21]
(Apple Inc.)
HKLM-x32\...\Run: [FileZilla Server Interface] - C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02
-26] (FileZilla Project)
HKLM-x32\...\Run: [PlantronicsURE.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28]
(Plantronics, Inc.)
HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752
2013-02-28] (Plantronics, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] - C:\Program Files (x86)\1Password\Agile1pAgent.exe [2223888 2013-06-03] (AgileBits)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Administrator\...\RunOnce: [] - [x]
HKU\Administrator\...\RunOnce: [Parallels Transporter Agent] - C:\Program Files (x86)\Parallels\Parallels Transporter Agent
\ParallelsTransporterAgent.exe [13166856 2012-04-05] (Parallels Holdings, Ltd. and its affiliates.)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\testuser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: 10.49.254.24:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.uk.msn.com/USREL/17
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {2D91FC08-28DC-4D56-B222-1C0335B535D3} URL = http://www.bing.com/search?q={searchTerms}
&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2D91FC08-28DC-4D56-B222-1C0335B535D3} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-
SearchBox
SearchScopes: HKLM-x32 - DefaultScope {2D91FC08-28DC-4D56-B222-1C0335B535D3} URL = http://www.bing.com/search?q={searchTerms}
&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2D91FC08-28DC-4D56-B222-1C0335B535D3} URL = http://www.bing.com/search?q={searchTerms}
&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft
Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun
Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft
Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared
\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft
Corporation)
BHO-x32: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL (AgileBits)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun
Microsystems, Inc.)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751}
https://artemis.company.be:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B}
https://artemis.company.be:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B}
https://artemis.company.be:4343/officescan/console/html/ClientInstall/setup.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B}
https://artemis.company.be:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
Handler: msdaipp - No CLSID Value -
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.16.1.33 10.16.1.1 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\testuser\AppData\Roaming\Mozilla\Firefox\Profiles\uumesyq3.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft
Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\testuser\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: onepassword - C:\Users\testuser\AppData\Roaming\Mozilla\Firefox\Profiles\uumesyq3.default\Extensions
\
[email protected]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2013-06-03] (AgileBits)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [147456 2009-11-04] (Avocent Corporation)
R2 ExtremeSync_Service; C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe [14041984 2012-05-29] (Super Flexible Software)
R2 ExtremeVSSService; C:\Program Files (x86)\SuperFlexible\ExtremeVSS.exe [3196800 2011-09-20] (Super Flexible Software Ltd. & Co. KG)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [189952 2010-10-08] (LANDesk Software, Inc. and
its affiliates.)
R2 Intel PDS; C:\Windows\SysWow64\CBA\pds.exe [32825 2007-08-31] (LANDesk Software Ltd.)
R2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [205312 2010-10-14] (LANDesk Software, Inc.
and its affiliates.)
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [178688 2010-10-07] (LANDesk Software, Inc. and its
affiliates.)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [2145624 2012-07-17] (Trend Micro Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-07-01] ()
S2 ProcTrigger; C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [143360 2010-09-15] (LANDesk Software, Inc. and its
affiliates.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [385024 2010-10-21] (LANDesk Software, Inc. and its affiliates.)
S3 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [2452328 2012-07-17] (Trend Micro Inc.)
R3 TmPfw; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.)
S2 tracksvc; C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [66048 2010-09-15] (LANDesk Software, Inc. and its affiliates.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager
\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
S2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [836600 2006-05-17] (RealVNC Ltd.)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [33152 2013-02-13] (CSR/PLT)
S3 GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [120064 2010-07-21] (Gemalto)
S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20480 2009-11-23] (Avocent Corporation)
R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2009-11-23] (Avocent Corporation)
R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [6656 2009-11-23] (Avocent Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32936 2010-09-17] (Intel Corporation )
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [197432 2012-06-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338232 2012-06-21] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-27 09:05 - 2013-07-27 09:05 - 00000000 ____D C:\FRST
2013-07-27 09:04 - 2013-07-27 09:04 - 00000000 ____D C:\Users\testuser\Desktop\New folder
2013-07-26 19:02 - 2013-07-26 19:02 - 00003196 _____ C:\Windows\System32\Tasks\{7AE60CA2-EE57-4C68-B112-A7D959C3C7EF}
2013-07-26 17:46 - 2013-07-26 17:46 - 00000000 _____ C:\autoexec.bat
2013-07-26 17:45 - 2013-07-26 18:42 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-07-26 17:45 - 2013-07-26 17:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-26 17:42 - 2013-07-26 17:42 - 00000125 _____ C:\Users\testuser\Desktop\System Care Antivirus Support Site.url
2013-07-26 15:50 - 2013-07-26 17:42 - 00000000 ____D C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care
Antivirus
2013-07-26 15:50 - 2013-07-26 17:20 - 00000971 _____ C:\Windows\TMFilter.log
2013-07-26 15:48 - 2013-07-26 15:50 - 00000000 ____D C:\ProgramData\6C205A204C0F6BF100006C1FEE087407
2013-07-26 12:51 - 2013-07-26 12:51 - 00000000 _____ C:\Users\testuser\plink
2013-07-25 11:50 - 2013-07-25 11:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-25 11:50 - 2013-07-25 11:51 - 00000000 ____D C:\Program Files\iTunes
2013-07-25 11:50 - 2013-07-25 11:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-25 11:50 - 2013-07-25 11:50 - 00000000 ____D C:\Program Files\iPod
2013-07-18 12:22 - 2013-07-18 12:22 - 00000000 ____D C:\Users\testuser\Documents\Outlook Files
2013-07-18 08:44 - 2013-07-26 17:00 - 00000000 ____D C:\Users\testuser\Desktop\Email-Archive
2013-07-18 08:19 - 2013-07-18 08:19 - 00000000 ____D C:\ProgramData\ODIR
2013-07-18 08:19 - 2013-07-18 08:19 - 00000000 ____D C:\Program Files (x86)\ODIR
2013-07-18 08:19 - 1999-03-26 01:00 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-07-18 08:18 - 2013-07-18 08:18 - 02550878 _____ (Vaita ) C:\Users\testuser
\Downloads\ODIR.exe
2013-07-12 13:09 - 2013-07-12 13:10 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-11 16:50 - 2013-07-15 10:31 - 00028410 _____ C:\Users\testuser\Desktop\Book1.xlsx
2013-07-10 14:53 - 2013-07-10 14:53 - 00000000 ____D C:\Users\testuser\Desktop\Corp Culture
2013-07-10 13:09 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 13:09 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 13:09 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 13:09 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 13:09 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 13:09 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 13:09 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 13:09 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 13:09 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 13:09 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 13:09 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 13:09 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 13:09 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 13:09 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 13:09 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 13:09 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 13:09 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 13:09 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 13:09 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 13:09 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 13:09 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 13:09 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 13:09 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 13:09 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 13:09 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 13:09 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 13:09 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 13:09 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 13:09 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:09 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 13:09 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 13:09 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 08:58 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 08:58 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 08:58 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 08:58 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 08:58 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 08:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 08:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-07-27 09:05 - 2013-07-27 09:05 - 00000000 ____D C:\FRST
2013-07-27 09:04 - 2013-07-27 09:04 - 00000000 ____D C:\Users\testuser\Desktop\New folder
2013-07-27 09:02 - 2009-07-14 07:13 - 00886440 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 08:59 - 2012-06-10 13:15 - 00000000 ____D C:\ProgramData\SuperFlexibleSynchronizer
2013-07-27 08:59 - 2012-06-10 11:17 - 00000000 ____D C:\Users\testuser\AppData\Roaming\Dropbox
2013-07-27 08:58 - 2012-06-06 17:29 - 00140928 _____ C:\Users\installation\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-27 08:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-27 08:56 - 2009-07-14 06:51 - 00118335 _____ C:\Windows\setupact.log
2013-07-27 07:17 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-
8115-601632D005A0
2013-07-27 07:17 - 2009-07-14 06:45 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-
8115-601632D005A0
2013-07-27 07:14 - 2012-06-10 13:20 - 00000000 ____D C:\ProgramData\firebird
2013-07-27 00:12 - 2012-03-31 23:21 - 00000000 ____D C:\Users\testuser\AppData\Roaming\Egoz
2013-07-27 00:12 - 2012-03-28 07:18 - 00000000 ____D C:\Users\testuser\AppData\Roaming\Biegdi
2013-07-26 19:13 - 2012-04-03 10:18 - 00000000 ____D C:\Users\testuser\AppData\Roaming\Skype
2013-07-26 19:02 - 2013-07-26 19:02 - 00003196 _____ C:\Windows\System32\Tasks\{7AE60CA2-EE57-4C68-B112-A7D959C3C7EF}
2013-07-26 18:42 - 2013-07-26 17:45 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-07-26 18:42 - 2011-10-06 15:55 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-26 18:37 - 2012-06-06 17:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 17:46 - 2013-07-26 17:46 - 00000000 _____ C:\autoexec.bat
2013-07-26 17:45 - 2013-07-26 17:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-26 17:42 - 2013-07-26 17:42 - 00000125 _____ C:\Users\testuser\Desktop\System Care Antivirus Support Site.url
2013-07-26 17:42 - 2013-07-26 15:50 - 00000000 ____D C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care
Antivirus
2013-07-26 17:20 - 2013-07-26 15:50 - 00000971 _____ C:\Windows\TMFilter.log
2013-07-26 17:15 - 2011-09-23 06:52 - 00000000 ____D C:\ProgramData\Sonic
2013-07-26 17:00 - 2013-07-18 08:44 - 00000000 ____D C:\Users\testuser\Desktop\Email-Archive
2013-07-26 15:50 - 2013-07-26 15:48 - 00000000 ____D C:\ProgramData\6C205A204C0F6BF100006C1FEE087407
2013-07-26 15:47 - 2012-03-15 10:21 - 02030185 _____ C:\Windows\WindowsUpdate.log
2013-07-26 14:29 - 2012-06-29 14:45 - 00000000 ____D C:\Users\testuser\Documents\SAP
2013-07-26 14:29 - 2012-04-02 13:58 - 00000000 ____D C:\Users\testuser\AppData\Local\SAP
2013-07-26 14:28 - 2012-11-02 18:39 - 00000000 ____D C:\Users\testuser\Desktop\IO requests
2013-07-26 12:51 - 2013-07-26 12:51 - 00000000 _____ C:\Users\testuser\plink
2013-07-26 12:51 - 2012-03-26 11:52 - 00000000 ____D C:\Users\testuser
2013-07-26 10:28 - 2011-10-06 16:47 - 00008927 _____ C:\Windows\cfgall.ini
2013-07-26 10:27 - 2012-04-02 13:58 - 00000000 ____D C:\Users\testuser\AppData\Roaming\SAP
2013-07-25 13:53 - 2013-07-24 14:34 - 00000529 _____ C:\Users\testuser\Desktop\Projekt Links.txt
2013-07-25 11:51 - 2013-07-25 11:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-25 11:51 - 2013-07-25 11:50 - 00000000 ____D C:\Program Files\iTunes
2013-07-25 11:51 - 2013-07-25 11:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-25 11:50 - 2013-07-25 11:50 - 00000000 ____D C:\Program Files\iPod
2013-07-24 13:31 - 2012-06-06 17:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 13:31 - 2012-06-06 17:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-24 13:31 - 2012-04-02 11:42 - 00000000 ____D C:\Users\testuser\AppData\Local\Adobe
2013-07-24 13:31 - 2011-09-23 06:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 13:30 - 2012-04-02 13:56 - 00179843 _____ C:\Users\testuser\.fmj.registry.xml
2013-07-24 13:29 - 2013-02-08 19:03 - 00000000 ___RD C:\Users\testuser\Dropbox
2013-07-22 10:49 - 2012-04-22 14:49 - 00000000 ____D C:\Users\testuser\Desktop\!Blackhole
2013-07-22 09:10 - 2012-03-26 11:52 - 00000000 ___RD C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-22 09:05 - 2009-07-14 06:45 - 00530504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-20 09:57 - 2012-03-26 11:53 - 00140928 _____ C:\Users\testuser\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-19 08:55 - 2013-01-28 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-19 08:55 - 2012-03-26 12:27 - 00000000 ____D C:\ProgramData\Skype
2013-07-18 12:22 - 2013-07-18 12:22 - 00000000 ____D C:\Users\testuser\Documents\Outlook Files
2013-07-18 11:29 - 2012-09-25 10:09 - 00000600 _____ C:\Users\testuser\AppData\Local\PUTTY.RND
2013-07-18 08:45 - 2012-06-10 11:28 - 00000000 ___RD C:\Users\testuser\SkyDrive
2013-07-18 08:23 - 2013-06-12 11:11 - 00000000 ____D C:\Program Files (x86)\SysTools Outlook Duplicates Remover
2013-07-18 08:19 - 2013-07-18 08:19 - 00000000 ____D C:\ProgramData\ODIR
2013-07-18 08:19 - 2013-07-18 08:19 - 00000000 ____D C:\Program Files (x86)\ODIR
2013-07-18 08:18 - 2013-07-18 08:18 - 02550878 _____ (Vaita ) C:\Users\testuser
\Downloads\ODIR.exe
2013-07-17 14:42 - 2013-03-12 10:01 - 00000000 ____D C:\Users\testuser\Desktop\Projects - open
2013-07-17 14:42 - 2012-05-11 13:50 - 00000000 ____D C:\Users\testuser\Desktop\Projects - closed
2013-07-15 10:31 - 2013-07-11 16:50 - 00028410 _____ C:\Users\testuser\Desktop\Book1.xlsx
2013-07-15 10:08 - 2012-04-03 18:22 - 00000000 ____D C:\Users\testuser\Desktop\Knowledgebase
2013-07-12 13:10 - 2013-07-12 13:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-12 13:00 - 2012-03-20 18:24 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 08:25 - 2012-05-13 14:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 08:25 - 2012-05-13 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 08:25 - 2009-07-14 07:08 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 08:23 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 08:23 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 08:23 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 14:53 - 2013-07-10 14:53 - 00000000 ____D C:\Users\testuser\Desktop\Corp Culture
2013-07-10 13:15 - 2011-12-20 10:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 13:11 - 2012-05-07 11:35 - 00000039 _____ C:\Windows\vbaddin.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-23 10:19
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2013 01
Ran by testuser at 2013-07-27 09:06:19
Running from C:\Users\testuser\Desktop\New folder
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
1Password 1.0.9.332 (x32 Version: 1.0)
7-Zip 9.20 (x32 Version: 9.20.00.0)
AccelerometerP11 (x32 Version: 2.00.10.33)
Actioncable Hotel NMS (x32 Version: 1.0.0)
Adobe AIR (x32 Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.1.629)
Advanced IP Scanner (x32 Version: 2.2.224)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
BioAPI Framework (Version: 1.0.2)
Bonjour (Version: 3.0.0.10)
Calisto DFU Driver (x64) (Version: 2.4.49092.0)
Cisco WebEx Meetings (x32)
Citrix Presentation Server Client (x32 Version: 10.200.2650)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Custom (Version: 01.00.00.000)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Client System Update (x32 Version: 1.2.2)
Dell ControlVault Host Components Installer 64 bit (Version: 2.1.6.214)
Dell Data Protection | Access (Version: 02.01.01.002)
Dell Data Protection | Access (x32 Version: 2.1.00001.002)
Dell Data Protection | Access | Drivers (x32 Version: 2.01.018)
Dell Data Protection | Access | Middleware (x32 Version: 2.01.010)
Dell Edoc Viewer (Version: 1.0.0)
Dell System Manager (Version: 1.6.00000)
Dell Touchpad (Version: 7.1208.101.125)
Dell Webcam Central (x32 Version: 1.40.28)
DellAccess (Version: 01.01.00.072)
DHTML Editing Component (x32 Version: 6.02.0001)
DirectX 9 Runtime (x32 Version: 1.00.0000)
dows Driver Package - Cambridge Silicon Radio (CSRBC) USB (08/15/2010 2.1.0.2) (Version: 08/15/2010 2.1.0.2)
Dropbox (HKCU Version: 2.0.22)
EMBASSY Security Center (Version: 04.03.00.121)
FileZilla Client 3.5.3 (HKCU Version: 3.5.3)
FileZilla Server (x32 Version: beta 0.9.41)
Gemalto (Version: 01.64.01.0010)
GoToMeeting 5.4.0.1061 (HKCU Version: 5.4.0.1061)
Greenshot (x32)
HDMS 2.21.1 (x32 Version: 2.21.1)
inSSIDer (x32 Version: 2.1.5)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Network Connections 15.7.176.1 (Version: 15.7.176.1)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.00.20110)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270)
Java(TM) 6 Update 27 (x32 Version: 6.0.270)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LANDesk Advance Agent (x32 Version: 1.0.0)
LANDesk(R) Common Base Agent 8 (x32 Version: 9.0.0.18)
LanSpy (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project Standard 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio Professional 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (x32 Version: 8.0.50727.4053)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (x32 Version: 9.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Desktop Engine (x32 Version: 8.00.761)
Microsoft Visio Viewer 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.36)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23)
ODIR (x32)
OpenVPN 2.2.1 (x32 Version: 2.2.1)
Parallels runtime modules (x32 Version: 1.00.0000)
Parallels Transporter Agent (x32 Version: 6.00.15094)
Parallels USB Driver (x32 Version: 6.00.15094)
PC-CCID (Version: 2.0.0)
PDFCreator (x32 Version: 1.5.1)
PhotoShowExpress (x32 Version: 2.0.063)
Plantronics MyHeadset Updater (x64) (Version: 2.8.23209.0)
Plantronics Spokes Software (x32 Version: 2.8.24304.0)
Preboot Manager (Version: 03.03.00.074)
Private Information Manager (Version: 07.01.00.022)
QuickTime (x32 Version: 7.74.80.86)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
SAP GUI for Windows 7.20 (x32 Version: 7.20 Compilation 3)
SHARP MX-2310/2010/2610/3110/3610 Series PCL/PS Printer Driver (x32 Version: 1.00.000)
Skype™ 6.6 (x32 Version: 6.6.106)
SnapAPI (x32 Version: 3.0.306)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Spark (x32 Version: 2.5.8)
Spark 2.6.3.12555 (x32)
SPBA 5.9 (Version: 5.9.4.6686)
Super Flexible File Synchronizer 5.72a (x32 Version: 5.72a)
swMSM (x32 Version: 12.0.0.1)
System Care Antivirus (HKCU)
Tera Term 4.75 (x32)
Tftpd64 Standalone Edition (remove only) (x32)
Trend Micro OfficeScan Client (x32 Version: 10.5)
Trusted Drive Manager (Version: 4.1.1.312)
UC232A_Win 7_64bit (HKCU Version: 1.0.075)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
VLC media player 2.0.2 (x32 Version: 2.0.2)
VNC Enterprise Edition E4.2.5 (x32 Version: E4.2.5)
Wave Infrastructure Installer (Version: 07.67.17.0010)
Wave Support Software Installer (Version: 05.13.00.033)
WIDCOMM Bluetooth Software (Version: 6.3.0.7900)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (Version: 04/21/2009 5.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinImage (HKCU)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Wireshark 1.6.7 (64-bit) (x32 Version: 1.6.7)
==================== Restore Points =========================
16-07-2013 08:43:56 Windows Update
22-07-2013 12:14:34 Windows Update
26-07-2013 15:45:29 Installed SpyHunter
26-07-2013 16:41:52 Removed SpyHunter
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {19E0AD2F-23CD-4044-ADFF-80EE53A82032} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6C2DC9AB-8214-4C21-AB9B-DE9C64FB0F98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe [2013-07-24] (Adobe Systems Incorporated)
Task: {72C2006B-171A-4D56-9A66-B9EB3326A00F} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
No File
Task: {A0FBAB46-5A60-4B49-9310-43D33183BBDA} - \WPD\SqmUpload_S-1-5-21-3059524598-3505483258-2058099780-500 No Task File
Task: {F8501FD2-6013-4548-B6B1-08052DAF2DA5} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3059524598-3505483258-2058099780-1004 => C:\Windows
\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/27/2013 08:56:53 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be
delivered through this filter until the problem is corrected.
Error: (07/27/2013 07:17:37 AM) (Source: WinVNC4) (User: )
Description: MsgWindow: untrapped: Unable to open Input desktop: {DLL Initialization Failed}
The application failed to initialize because the window station is shutting down. (624)
Error: (07/27/2013 07:17:34 AM) (Source: WinVNC4) (User: )
Description: MsgWindow: untrapped: Unable to open Input desktop: {DLL Initialization Failed}
The application failed to initialize because the window station is shutting down. (624)
Error: (07/27/2013 07:14:00 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be
delivered through this filter until the problem is corrected.
Error: (07/26/2013 07:17:20 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be
delivered through this filter until the problem is corrected.
Error: (07/26/2013 07:13:03 PM) (Source: WinVNC4) (User: )
Description: MsgWindow: untrapped: Unable to open Input desktop: {DLL Initialization Failed}
The application failed to initialize because the window station is shutting down. (624)
Error: (07/26/2013 07:12:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: 6C205A204C0F6BF100006C1FEE087407.exe, version: 1.0.0.1, time stamp: 0x51ec5f5e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80000002
Fault offset: 0x7792d7d8
Faulting process id: 0x1740
Faulting application start time: 0x6C205A204C0F6BF100006C1FEE087407.exe0
Faulting application path: 6C205A204C0F6BF100006C1FEE087407.exe1
Faulting module path: 6C205A204C0F6BF100006C1FEE087407.exe2
Report Id: 6C205A204C0F6BF100006C1FEE087407.exe3
Error: (07/26/2013 07:10:56 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be
delivered through this filter until the problem is corrected.
Error: (07/26/2013 07:02:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: 6C205A204C0F6BF100006C1FEE087407.exe, version: 1.0.0.1, time stamp: 0x51ec5f5e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80000002
Fault offset: 0x770dd7d8
Faulting process id: 0x7a0
Faulting application start time: 0x6C205A204C0F6BF100006C1FEE087407.exe0
Faulting application path: 6C205A204C0F6BF100006C1FEE087407.exe1
Faulting module path: 6C205A204C0F6BF100006C1FEE087407.exe2
Report Id: 6C205A204C0F6BF100006C1FEE087407.exe3
Error: (07/26/2013 05:38:14 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be
delivered through this filter until the problem is corrected.
System errors:
=============
Error: (07/27/2013 08:59:25 AM) (Source: Service Control Manager) (User: )
Description: The VNC Server Version 4 service terminated with the following error:
%%1073807364
Error: (07/27/2013 08:56:52 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following
error:
%%0
Error: (07/27/2013 07:17:39 AM) (Source: Service Control Manager) (User: )
Description: The VNC Server Version 4 service terminated with the following error:
%%1073807364
Error: (07/27/2013 07:13:58 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following
error:
%%0
Error: (07/26/2013 07:17:19 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following
error:
%%0
Error: (07/26/2013 07:13:03 PM) (Source: Service Control Manager) (User: )
Description: The VNC Server Version 4 service terminated with the following error:
%%1073807364
Error: (07/26/2013 07:10:55 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following
error:
%%0
Error: (07/26/2013 05:42:24 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the
Intel(R) Management and Security Application Local Management Service service, but this action failed with the following error:
%%1056
Error: (07/26/2013 05:42:14 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/26/2013 05:42:13 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (07/27/2013 08:56:53 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 990x80041003
Error: (07/27/2013 07:17:37 AM) (Source: WinVNC4)(User: )
Description: MsgWindowuntrapped: Unable to open Input desktop: {DLL Initialization Failed}
The application failed to initialize because the window station is shutting down. (624)
Error: (07/27/2013 07:17:34 AM) (Source: WinVNC4)(User: )
Description: MsgWindowuntrapped: Unable to open Input desktop: {DLL Initialization Failed}
The application failed to initialize because the window station is shutting down. (624)
Error: (07/27/2013 07:14:00 AM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 990x80041003
Error: (07/26/2013 07:17:20 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 990x80041003
Error: (07/26/2013 07:13:03 PM) (Source: WinVNC4)(User: )
Description: MsgWindowuntrapped: Unable to open Input desktop: {DLL Initialization Failed}
The application failed to initialize because the window station is shutting down. (624)
Error: (07/26/2013 07:12:08 PM) (Source: Application Error)(User: )
Description: 6C205A204C0F6BF100006C1FEE087407.exe1.0.0.151ec5f5eunknown0.0.0.000000000800000027792d7d8174001ce8a233d29787fC:\ProgramData
\6C205A204C0F6BF100006C1FEE087407\6C205A204C0F6BF100006C1FEE087407.exeunknown7fe75155-f616-11e2-8ca2-100ba9c7e2ec
Error: (07/26/2013 07:10:56 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 990x80041003
Error: (07/26/2013 07:02:43 PM) (Source: Application Error)(User: )
Description: 6C205A204C0F6BF100006C1FEE087407.exe1.0.0.151ec5f5eunknown0.0.0.00000000080000002770dd7d87a001ce8a21ef07074fC:\ProgramData
\6C205A204C0F6BF100006C1FEE087407\6C205A204C0F6BF100006C1FEE087407.exeunknown2f742981-f615-11e2-bf5f-d4bed91b400b
Error: (07/26/2013 05:38:14 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 3977.02 MB
Available physical RAM: 2177.91 MB
Total Pagefile: 7952.21 MB
Available Pagefile: 5985.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:127.36 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 9FE500D3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)
==================== End Of Log ============================