BKA WIN7 nur mehr weisse Fläche

markusg · 08.07.2013, 21:30

Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

momorossi · 09.07.2013, 08:59

Hi

nothing found

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
pe130296 :: PE1302961 [administrator]

Protection: Enabled

09.07.2013 07:01:40
mbam-log-2013-07-09 (07-01-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 438316
Time elapsed: 1 hour(s), 39 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

markusg · 09.07.2013, 10:25

Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

momorossi · 09.07.2013, 12:00

here we go :
(verwende immer "#" ... sinnvoll oder nur wenn explizit requested ? )

Acrobat Professional Adobe Systems 05.06.2013 9.0 notwendig
ActivClient ActivIdentity 15.05.2012 25,9 MB 6.2 notwendig
Adobe AIR Adobe Systems Incorporated 14.05.2013 2.6.0.19140 notwendig
Adobe Flash Player 10 ActiveX Adobe 16.05.2012 2,97 MB 10.3.183.18 notwendig
Adobe Reader Adobe 15.05.2012 122 MB 9.4.6 notwendig
Apple Application Support Apple Inc. 26.04.2013 62,7 MB 2.3.3 unnötig
Apple Mobile Device Support Apple Inc. 26.04.2013 25,2 MB 6.1.0.13 unnötig
Apple Software Update Apple Inc. 26.04.2013 2,38 MB 2.1.3.127 notwendig
Bamboo Dock Wacom Co., Ltd. 14.05.2013 4.1 notwendig
Bonjour Apple Inc. 26.04.2013 2,00 MB 3.0.0.10 unnötig
Broadcom Bluetooth Software Broadcom Corporation 24.04.2013 289 MB 6.5.1.2300 notwendig
Calisto DFU Driver (x64) Plantronics, Inc. 25.04.2013 912 KB 2.4.49092.0 notwendig
Capture NX 2 NIKON CORPORATION 28.05.2013 2.4.2 notwendig
CCleaner Piriform 19.06.2013 4.03 notwendig
Chinese Simplified Fonts Support For Adobe Reader 9 Adobe 15.05.2012 30,8 MB 9 unnötig
Chinese Traditional Fonts Support For Adobe Reader 9 Adobe 15.05.2012 14,0 MB 9 unnötig
Cisco WebEx Meetings Cisco WebEx LLC 28.05.2013 notwendig
Corel Painter 12 Corel Corporation 25.04.2013 480 MB 12.2.1.1212 notwendig
Corel VideoStudio Pro X6 Corel Corporation 25.04.2013 1,48 GB 16.0.0.106 notwendig
Device Installer x64 ActivIdentity 15.05.2012 8,00 KB 2.2 notwendig
DIAL Communication Framework DIAL GmbH 25.04.2013 1.2.0.194 unbekannt
DIAL Data Dispatcher DIAL GmbH 25.04.2013 1.0 unbekannt
DIALux evo DIAL GmbH 25.04.2013 5.2.0.13980 notwendig
eLicenser Control Steinberg Media Technologies GmbH 02.05.2013 notwendig
Forefront Identity Manager Add-ins and Extensions Microsoft Corporation 15.05.2012 7,06 MB 4.0.3555.2 notwendig
Garmin BaseCamp Garmin Ltd or its subsidiaries 26.04.2013 102 MB 4.1.2 notwendig
Garmin MapInstall Garmin Ltd or its subsidiaries 26.04.2013 29,4 MB 4.0.3 notwendig
Garmin USB Drivers Garmin Ltd or its subsidiaries 26.04.2013 573 KB 2.3.1.0 notwendig
Google Earth Google 26.04.2013 180 MB 7.1.1.1580 notwendig
HP 3D DriveGuard Hewlett-Packard Company 24.04.2013 9,06 MB 5.0.9.0 notwendig
HP Client Automation Application Manager Agent Hewlett-Packard Company 15.05.2012 27,6 MB 7.80 notwendig
HP Connection Manager Hewlett-Packard Company 24.04.2013 52,0 MB 4.3.7.1 notwendig
HP ESU for Microsoft Windows 7 Hewlett-Packard Company 24.04.2013 15,3 MB 2.0.6.1 notwendig
HP Fonts Hewlett-Packard 15.05.2012 4,16 MB 2.0 notwendig
HP FWUpdateEDO2 Hewlett-Packard 10.05.2013 1,53 MB 1.2.0.0 notwendig
HP Hotkey Support Hewlett-Packard Company 24.04.2013 14,4 MB 4.5.12.1 notwendig
HP Photo Creations HP 25.04.2013 14,6 MB 1.0.0.7702 notwendig
HP Photosmart 7520 series Basic Device Software Hewlett-Packard Co. 25.04.2013 167 MB 28.0.1315.0 notwendig
HP Photosmart 7520 series Product Improvement Study Hewlett-Packard Co. 25.04.2013 8,31 MB 28.0.1315.0 notwendig
HP Power Assistant Hewlett-Packard Company 24.04.2013 29,0 MB 2.5.0.16 notwendig
HP Software Framework Hewlett-Packard Company 24.04.2013 4,71 MB 4.5.12.1 notwendig
HP Timing Service Hewlett-Packard 08.05.2013 12,7 MB 2.2.1503 notwendig
HP Update Hewlett-Packard 25.04.2013 3,98 MB 5.003.003.001 notwendig
Intel(R) Control Center Intel Corporation 24.04.2013 1.2.1.1007 notwendig
Intel(R) Processor Graphics Intel Corporation 28.06.2012 8.15.10.2712 notwendig
Intel(R) Rapid Storage Technology Intel Corporation 24.04.2013 11.1.0.1006 notwendig
iTunes Apple Inc. 26.04.2013 187 MB 11.0.2.26 notwendig
Japanese Fonts Support For Adobe Reader 9 Adobe 15.05.2012 16,4 MB 9 unnötig
JMicron 1394 Filter Driver JMicron Technology Corp. 24.04.2013 1.00.23.01 notwendig
JMicron Flash Media Controller Driver JMicron Technology Corp. 24.04.2013 1.0.68.0 notwendig
Korean Fonts Support For Adobe Reader 9 Adobe 15.05.2012 7,15 MB 9 unnötig
LSI HDA Modem LSI Corporation 24.04.2013 16,0 KB 2.2.100 unbekannt
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 09.07.2013 19,2 MB 1.75.0.1300 notwendig
McAfee Agent McAfee, Inc. 24.04.2013 23,5 MB 4.6.0.3122 notwendig
McAfee Host Intrusion Prevention McAfee, Inc. 15.05.2012 19,4 MB 7.00.0800 notwendig
McAfee SiteAdvisor Enterprise Plus McAfee, Inc. 15.05.2012 8,80 MB 3.0.0.539 notwendig
McAfee VirusScan Enterprise McAfee, Inc. 08.05.2013 87,2 MB 8.7.00051 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.04.2013 38,8 MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 24.04.2013 51,9 MB 4.0.30319 notwendig
Microsoft LifeCam Microsoft Corporation 26.06.2013 60,0 MB 3.22.270.0 notwendig
Microsoft Lync 2010 Microsoft Corporation 29.04.2013 79,2 MB 4.0.7577.4356 notwendig
Microsoft Lync 2010, MUI Microsoft Corporation 29.04.2013 96,3 MB 4.0.7577.0 notwendig
Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Corporation 23.05.2013 36,5 MB 15.0.4420.1017 notwendig
Microsoft Office Language Pack 2010 - German/Deutsch Microsoft Corporation 04.06.2013 14.0.4763.1000 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 15.05.2012 14.0.6029.1000 notwendig
Microsoft Silverlight Microsoft Corporation 03.06.2013 50,6 MB 5.1.20125.0 unbekannt
Microsoft Visio Language Pack 2010 - German/Deutsch Microsoft Corporation 04.06.2013 14.0.4763.1000 notwendig
Microsoft Visio Premium 2010 Microsoft Corporation 24.04.2013 14.0.6029.1000 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 15.05.2012 250 KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.04.2013 300 KB 8.0.56336 unbekannt
Microsoft Visual C++ 2005 Runtime Hewlett-Packard Company 15.05.2012 188 KB 8.0.50727.76201 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 29.04.2013 780 KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.04.2013 596 KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.04.2013 588 KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 25.04.2013 13,8 MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.04.2013 11,1 MB 10.0.40219 unbekannt
Nikon Message Center 2 Nikon 25.04.2013 9,42 MB 2.1.0 notwendig
PC Backup Agent Autonomy Corporation plc 29.04.2013 114 MB 8.6.2.4 notwendig
PC COE Hewlett-Packard Company 15.05.2012 6,95 MB 31.1.2 notwendig
PC COE Required Settings Hewlett-Packard Company 15.05.2012 825 KB 31.1.0 notwendig
Picture Control Utility x64 Nikon 25.04.2013 28,5 MB 1.4.11 notwendig
Plantronics Spokes Software Plantronics, Inc. 25.04.2013 37,6 MB 2.8.24304.0 notwendig
Remote Access to HP Network 6.5 Hewlett-Packard Company 25.04.2013 2,60 MB 6.5.3.52064 notwendig
Skype™ 6.5 Skype Technologies S.A. 26.06.2013 21,8 MB 6.5.158 unnötig
SmartSound Common Data SmartSound Software Inc. 25.04.2013 13,4 MB 1.1.0 notwendig
SmartSound Quicktracks 5 SmartSound Software Inc. 25.04.2013 49,1 MB 5.1.6 notwendig
Sun JRE 1.6.0 Sun 15.05.2012 97,1 MB 1.6.0.24 unbekannt
Synaptics Pointing Device Driver Synaptics Incorporated 28.06.2012 46,4 MB 16.1.6.2 notwendig
Unity Web Player Unity Technologies ApS 30.05.2013 12,0 MB notwendig
USMT_AMD64 Hewlett-Packard Company 24.04.2013 20,9 MB 4.0.1 notwendig
Validity Fingerprint Sensor Driver Validity Sensors, Inc. 24.04.2013 28,2 MB 4.4.213.0 notwendig
Wacom Wacom Technology Corp. 14.05.2013 5.3.2-1 notwendig
WaveLab LE 7 Steinberg 02.05.2013 7.1.0.543 notwendig
WebTablet FB Plugin 32 bit Wacom Technology Corp. 14.05.2013 2.1.0.2 notwendig
WebTablet FB Plugin 64 bit Wacom Technology Corp. 14.05.2013 2.1.0.2 notwendig
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Garmin 26.04.2013 04/19/2012 2.3.1.0 notwendig
Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) Plantronics, Inc. 25.04.2013 04/21/2009 5.1 notwendig
Windows Media Encoder 9 Series 25.04.2013 unbekannt
WinZip 16.5 WinZip Computing, S.L. 24.04.2013 75,4 MB 16.5.10095 notwendig

markusg · 09.07.2013, 12:09

Hi:
Acrobat Professional sollte man wohl mal upgraden, aktuell ist Version 11
ds Problem ist, ältere Versionen haben evtl. Sicherheitslücken, auch wenn man diese schließt, fehlen wichtige Funktionen wie die Sandbox für PDF's, diese kann verhindern, das Exploits erfolgreich genutzt werden.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

Anmerkung, evtl. auch prüfen, ob diese Einstellungen auch für die Pro Version möglich sind.

Deinstaliere:
Chinese : beide
Japanese
Korean
Skype™

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

momorossi · 09.07.2013, 13:03

Hi,

erstmal danke für Deine raschen Antworten :-) - abei der scan resultAdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.304 - Logfile created 07/09/2013 at 13:29:15
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : pe130296 - PE1302961
# Boot Mode : Normal
# Running from : C:\Users\pe130296\Documents\Temp\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\pe130296\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [906 octets] - [09/07/2013 13:26:52]
AdwCleaner[R2].txt - [965 octets] - [09/07/2013 13:27:37]
AdwCleaner[S1].txt - [907 octets] - [09/07/2013 13:29:15]

########## EOF - C:\AdwCleaner[S1].txt - [966 octets] ##########

--- --- ---

markusg · 09.07.2013, 13:04

Hi,
neustarten bitte.
Hitmanpro laden:
HitmanPro - Download - Filepony
Doppelklicken, Scan klicken.
Nichts löschen, weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen.

momorossi · 09.07.2013, 15:53

here we go :

Code:

ATTFilter

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : PE1302961
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : EMEA\pe130296
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-09 16:38:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 50
   Traces  . . . . . . . : 230

   Objects scanned . . . : 1.739.804
   Files scanned . . . . : 54.019
   Remnants scanned  . . : 410.314 files / 1.275.471 keys

Malware _____________________________________________________________________

   C:\Users\pe130296\Documents\!!!Privat\temp\JabberToOC.exe
      Size . . . . . . . : 36.864 bytes
      Age  . . . . . . . : 75.8 days (2013-04-24 22:24:43)
      Entropy  . . . . . : 3.9
      SHA-256  . . . . . : 8D3055604AC503023D50199086AEDCAE0509D5E0BB0B657FF2AD8554B7569746
      Product  . . . . . : JabberToOC
      Publisher  . . . . : Hewlett-Packard Company
      Description  . . . : JabberToOC
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © Hewlett-Packard Company 2008
    > Ikarus . . . . . . : Trojan-Spy.MSIL!IK
      Fuzzy  . . . . . . : 100.0

   C:\Users\pe130296\Documents\Temp\JabberToOC.exe
      Size . . . . . . . : 36.864 bytes
      Age  . . . . . . . : 75.7 days (2013-04-24 23:14:25)
      Entropy  . . . . . : 3.9
      SHA-256  . . . . . : 8D3055604AC503023D50199086AEDCAE0509D5E0BB0B657FF2AD8554B7569746
      Product  . . . . . : JabberToOC
      Publisher  . . . . : Hewlett-Packard Company
      Description  . . . : JabberToOC
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © Hewlett-Packard Company 2008
    > Ikarus . . . . . . : Trojan-Spy.MSIL!IK
      Fuzzy  . . . . . . : 100.0


Cookies _____________________________________________________________________

   C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Cookies\06V0BPDC.txt
   C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Cookies\0LPFJN88.txt
   C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Cookies\5ZRKW6BQ.txt
   C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Cookies\94B1XLBU.txt
   C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Cookies\I0NMF26S.txt
   C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Cookies\WJOG6USP.txt

markusg · 09.07.2013, 16:11

ok das passt.
Bitte ein neues OTL Log.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

momorossi · 09.07.2013, 18:16

zuerst OTL.txt :

Code:

ATTFilter

OTL logfile created on: 09.07.2013 17:27:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pe130296\Documents\!!!Privat
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 70,44% Memory free
15,74 Gb Paging File | 13,09 Gb Available in Paging File | 83,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 334,52 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
 
Computer Name: PE1302961 | User Name: pe130296 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.09 06:47:26 | 000,239,496 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
PRC - [2013.07.06 17:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pe130296\Documents\!!!Privat\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.02.28 12:35:44 | 000,356,752 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
PRC - [2013.02.28 12:24:06 | 000,625,040 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2012.11.28 11:05:20 | 006,777,680 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files (x86)\PC Backup\AgentService.exe
PRC - [2012.11.28 11:05:16 | 000,299,856 | ---- | M] (Autonomy Corporation plc) -- C:\Program Files (x86)\PC Backup\Agent.exe
PRC - [2012.11.27 16:06:00 | 000,345,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2012.11.27 16:06:00 | 000,333,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2012.11.27 16:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2012.11.27 16:06:00 | 000,075,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2012.10.16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012.10.08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012.04.26 16:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2012.04.04 18:03:40 | 000,368,512 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012.04.04 02:30:36 | 000,603,536 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012.03.09 11:22:46 | 000,070,960 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2012.03.01 01:06:42 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.03.01 01:06:36 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.09.15 14:00:12 | 000,172,092 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
PRC - [2011.09.15 13:59:19 | 000,385,084 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe
PRC - [2011.08.31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011.08.30 11:11:16 | 000,861,696 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
PRC - [2011.04.02 16:01:48 | 000,176,128 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe
PRC - [2010.06.15 13:50:54 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2010.06.15 13:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2010.05.20 15:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010.04.21 05:17:06 | 000,333,544 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
PRC - [2010.04.21 05:16:34 | 000,190,184 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
PRC - [2010.04.21 05:13:00 | 000,300,776 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.12.16 22:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009.11.13 17:42:00 | 000,443,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radalert.exe
PRC - [2009.08.19 15:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007.04.11 23:44:46 | 000,026,624 | ---- | M] (Hewlett Packard) -- C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.03 09:47:32 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll
MOD - [2013.06.03 09:45:36 | 000,347,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\469425c9aaa1e994be770c54f6d8a364\PlantronicsURE.ni.exe
MOD - [2013.06.03 09:45:32 | 000,134,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\7339423ce1e6ce2aef52bee90e9e31dc\PlantronicsBatteryStatus.ni.exe
MOD - [2013.06.03 09:45:31 | 000,055,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\81d896b74657fa6e5f06f73e7a29a096\Plantronics.UC.WebexConnect.ni.dll
MOD - [2013.06.03 09:45:30 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\7c2b5748891e715ac2b5de7e23ab850f\Plantronics.UC.Skype.ni.dll
MOD - [2013.06.03 09:45:16 | 001,136,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\NAudio\50b139767f03e8976afbfcedf4768818\NAudio.ni.dll
MOD - [2013.06.03 09:45:15 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\968b41f33a2e1b3f18ae3022ca5d19cf\Plantronics.Device.Common.ni.dll
MOD - [2013.06.03 09:45:15 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\f98bb62ca390065809482f2af507cfb0\Plantronics.Device.Hid.ni.dll
MOD - [2013.06.03 09:45:12 | 000,501,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\747e9a60a5ff34453ed0c54c2d795811\Plantronics.Utility.ni.dll
MOD - [2013.06.03 09:37:29 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.06.03 09:37:27 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll
MOD - [2013.06.03 09:36:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.05.02 08:15:30 | 000,136,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config.#\85a854b431373d1c5b43d7cd089c424a\Plantronics.Config.XmlSerializers.ni.dll
MOD - [2013.05.02 07:59:38 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\d9e944b840b9b0ac826b72fc64689081\Plantronics.UC.WindowsMediaPlayer.ni.dll
MOD - [2013.05.02 07:59:35 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\59099ed1f02cad1a11c7f31e98c413c1\Plantronics.UC.ShoreTel.ni.dll
MOD - [2013.05.02 07:59:34 | 000,112,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\8399ff264fa17e6dd54d2e3273dc2f28\Plantronics.UC.SessionService.ni.dll
MOD - [2013.05.02 07:59:33 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest#\4256c126d3074b56ee85fa8c6b3346dc\Plantronics.UC.Rest.JsonpExtension.ni.dll
MOD - [2013.05.02 07:59:08 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013.05.02 07:59:06 | 000,304,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest\e5b78bf3481724e8b83ceafb9a6b6107\Plantronics.UC.Rest.ni.dll
MOD - [2013.05.02 07:59:05 | 000,168,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\db26dfe58d8bc34906de72db77e91cac\Plantronics.UC.OfficeCommunicator.ni.dll
MOD - [2013.05.02 07:59:04 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SP30SDKLib\54daded489c839fb272950312273304c\Interop.SP30SDKLib.ni.dll
MOD - [2013.05.02 07:59:04 | 000,065,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.NEC\67cfca83f6af1913919a1def2304c9bd\Plantronics.UC.NEC.ni.dll
MOD - [2013.05.02 07:59:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\673412e36da12457e32ab31203efbe6f\Plantronics.UC.iTunes.ni.dll
MOD - [2013.05.02 07:59:02 | 000,735,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\3a43c95ca991f6eb5951d0ee9d50a902\Plantronics.UC.CSFClient.ni.dll
MOD - [2013.05.02 07:59:01 | 000,140,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\7f913afcaf1f924273d2d6a962163795\Plantronics.UC.CSF.ni.dll
MOD - [2013.05.02 07:59:00 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\2a8fba297db702e72a4c44d6293262fd\Plantronics.UC.Cisco.ni.dll
MOD - [2013.05.02 07:58:59 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\78b3fbddb80d2917f214ae5812146a58\Plantronics.UC.AvayaSoftphone.ni.dll
MOD - [2013.05.02 07:58:58 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\dbe35754da61793959eeaff9b35c052f\Plantronics.UC.TAPI.ni.dll
MOD - [2013.05.02 07:58:58 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\a890ca5227f65d82696864f648b4c993\Plantronics.UC.AvayaIPAgent.ni.dll
MOD - [2013.05.02 07:58:56 | 000,389,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\2aeb1195741ba532e060d08ef70d1d0f\Plantronics.UC.Common.ni.dll
MOD - [2013.05.02 07:58:55 | 000,112,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\e89bd0e191bf27e5f8538b1e0e68777b\Plantronics.License.Manager.ni.dll
MOD - [2013.05.02 07:58:55 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\768b611d14e7aa912b4873b9c704a42f\Plantronics.UC.Avaya.ni.dll
MOD - [2013.05.02 07:58:53 | 000,077,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\eb380dd324aa8faddffd1b9721769680\Plantronics.FlexNet.Adapter.ni.dll
MOD - [2013.05.02 07:58:53 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\0276eeac7f09ac7f7a4933e34944a5c8\Plantronics.License.Common.ni.dll
MOD - [2013.05.02 07:58:52 | 000,494,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\105b16d3b4b35df4095d89914f12fba7\Plantronics.Globalization.ni.dll
MOD - [2013.05.02 07:58:50 | 000,084,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Util#\be1d0bf40182a3bcb50cf49b40db2ffe\Plantronics.UC.Utility.ni.dll
MOD - [2013.05.02 07:58:45 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\d141bca09afe54281786c6713b2ca959\log4net.ni.dll
MOD - [2013.05.02 07:58:45 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\1264f5258c5c5dcca7274dbaba6ae161\Plantronics.Config.ni.dll
MOD - [2013.05.02 07:58:41 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\630fdbcf87ff803096db1b456e42961d\Interop.FNCClient11Lib.ni.dll
MOD - [2013.05.02 07:58:41 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\dd24775b51a9c655408c93ad7391eced\Interop.CommunicatorAPI.ni.dll
MOD - [2013.05.02 07:58:40 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\9b5fcd09921278c503852b19672893aa\Interop.CiscoInterface.ni.dll
MOD - [2013.05.02 07:58:36 | 000,440,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\63b1b4434790ed5ca0c2cd726cd17b25\Atapi.ni.dll
MOD - [2013.05.02 07:58:33 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll
MOD - [2013.05.02 07:58:33 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll
MOD - [2013.05.02 07:58:27 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.05.02 07:47:15 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013.05.02 07:47:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013.05.02 07:47:02 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013.05.02 07:47:02 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013.05.02 07:46:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.05.02 07:46:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.05.02 07:46:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.05.02 07:46:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.05.02 07:46:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.05.02 07:46:02 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.05.02 07:45:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.16 11:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2011.03.17 02:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 17:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009.08.19 15:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2012.04.26 21:56:00 | 000,033,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012.04.15 23:57:22 | 000,315,392 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012.03.20 07:45:18 | 002,694,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2012.03.14 14:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2012.02.01 18:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.08.31 20:07:00 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010.11.30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010.08.19 01:23:48 | 000,075,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe -- (FIMPasswordReset)
SRV:64bit: - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009.12.03 17:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.03 03:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2008.05.02 00:37:30 | 004,510,504 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2013.04.24 18:04:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.29 22:38:53 | 001,931,536 | ---- | M] (DIAL GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2012.11.28 11:05:20 | 006,777,680 | ---- | M] (Autonomy Corporation plc) [Auto | Running] -- C:\Program Files (x86)\PC Backup\AgentService.exe -- (AgentService)
SRV - [2012.11.27 16:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2012.09.11 19:55:54 | 013,387,128 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Products\Time Service\svctimehpc.exe -- (svctimehpc)
SRV - [2012.04.30 17:34:08 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.26 16:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2012.04.04 18:03:40 | 000,368,512 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012.03.20 07:28:20 | 002,325,584 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2012.03.09 11:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012.03.01 01:06:36 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.09.15 13:59:19 | 000,385,084 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2011.08.31 20:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2011.08.31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011.08.31 20:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010.11.21 05:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.06.15 13:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2010.04.21 05:17:06 | 000,333,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe -- (Radstgms)
SRV - [2010.04.21 05:16:34 | 000,190,184 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe -- (radsched)
SRV - [2010.04.21 05:13:00 | 000,300,776 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe -- (radexecd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.26 19:45:24 | 000,039,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe -- (hips)
SRV - [2009.12.16 22:31:06 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.03 16:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.12.03 16:36:34 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.11.28 09:15:38 | 000,054,824 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV_Tracker64.sys -- (LV_Tracker)
DRV:64bit: - [2012.11.15 09:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.19 00:55:48 | 000,434,488 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.05.19 00:55:46 | 000,026,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012.05.19 00:55:46 | 000,025,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrvAMDASF)
DRV:64bit: - [2012.04.26 21:56:00 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.04.26 21:56:00 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.04.15 23:57:22 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.03.27 08:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 08:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 08:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.27 04:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.15 21:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012.03.12 15:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.27 23:28:11 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2012.02.27 23:28:08 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012.02.27 23:28:08 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2012.02.02 00:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.02.01 20:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.01 20:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.01 20:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2012.02.01 20:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.01 20:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.01 20:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.01 20:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.12.06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.09.15 13:58:29 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbregflt.sys -- (SbRegFlt)
DRV:64bit: - [2011.09.15 13:58:23 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\sbfslock.sys -- (SbFsLock)
DRV:64bit: - [2011.09.15 13:58:19 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rsvlock.sys -- (RsvLock)
DRV:64bit: - [2011.09.15 13:58:13 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbflop.sys -- (SbFlop)
DRV:64bit: - [2011.09.15 13:58:01 | 000,062,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\safeboot.sys -- (SafeBoot)
DRV:64bit: - [2011.08.31 20:07:00 | 000,642,824 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.08.31 20:07:00 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.08.31 20:07:00 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.08.31 20:07:00 | 000,158,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.08.31 20:07:00 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.08.31 20:07:00 | 000,086,368 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2011.07.18 08:11:44 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.06.15 13:49:38 | 000,038,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firelm01.sys -- (firelm01)
DRV:64bit: - [2010.06.15 13:49:32 | 000,254,520 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FireTDI.sys -- (FireTDI)
DRV:64bit: - [2010.06.15 13:49:28 | 000,186,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FirePM.sys -- (FirePM)
DRV:64bit: - [2010.05.20 15:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010.01.26 19:45:04 | 000,040,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPQK.sys -- (HIPQK)
DRV:64bit: - [2010.01.26 19:44:48 | 000,045,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPPSK.sys -- (HIPPSK)
DRV:64bit: - [2010.01.26 19:44:34 | 000,138,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HIPK.sys -- (HIPK)
DRV:64bit: - [2010.01.26 14:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010.01.13 05:46:02 | 000,043,032 | ---- | M] (Hewlett Packard) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\radiamsi.sys -- (RadiaMsi)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.17 17:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\firehk.sys -- (FirehkMP)
DRV:64bit: - [2008.10.17 17:26:24 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\firehk.sys -- (Firehk)
DRV:64bit: - [2008.08.13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sbalg.sys -- (SBAlg)
DRV:64bit: - [2008.03.17 22:08:08 | 000,017,192 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2007.02.16 02:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2013.05.08 14:31:38 | 000,025,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\ProgramData\Application Data\Time Service\mktools.sys -- (Mandiant_Tools)
DRV - [2011.09.15 13:58:29 | 000,015,688 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\SbRegFlt.sys -- (SbRegFlt)
DRV - [2011.09.15 13:58:23 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2011.09.15 13:58:19 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\RsvLock.sys -- (RsvLock)
DRV - [2011.09.15 13:58:13 | 000,023,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\SbFlop.sys -- (SbFlop)
DRV - [2011.09.15 13:58:01 | 000,062,792 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.13 15:51:44 | 000,060,128 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SBAlg)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://autocache.hp.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{3A4BD30C-6ADE-4536-A668-BFFA1D20DE74}: "URL" = hxxp://search.portal.hp.com/search/simple.asp?query={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enAT466
IE - HKCU\..\SearchScopes\{6C336C69-4D05-4234-956F-525EC5BB10C6}: "URL" = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://autocache.hp.com
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\pe130296\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2012.05.15 15:06:29 | 000,000,000 | ---D | M]
 
[2012.09.28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2013.07.08 20:32:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DIALux Browser Helper Object) - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll (DIAL GmbH)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [HPRAService] C:\Program Files\RA2HP\HPRAService.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PasswordRegistration] C:\Windows\SysNative\MsPwdRegistration.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files (x86)\PC Backup\Agent.exe (Autonomy Corporation plc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [COEMsgDisplay] c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe (Hewlett Packard)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eepc_SmartClient] C:\Program Files (x86)\SmartClient\Smart.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [GetITIcon] C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IDA] C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [QLBController] c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SafeBootTokenWatcher] C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ReportControllerMissing = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableNT4Policy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483644
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: DSPortal.core.hp.com ([]FIM Managed in Local intranet)
O15:64bit: - ..Trusted Domains: DSPortal.core.hp.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: DSPortal-test.core.hp.com ([]FIM Managed in Local intranet)
O15:64bit: - ..Trusted Domains: DSPortal-test.core.hp.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: basenotes.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: compaq.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compaq.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: compaq.com.ar ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compaq.com.ar ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: compaq.com.br ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compaq.com.br ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: compaq.com.co ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compaq.com.co ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: compaq.com.mx ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compaq.com.mx ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: compaq.com.sg ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compaq.com.sg ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: compaq.com.ve ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: compaq.com.ve ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cpqcorp.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: cpqcorp.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: dcu.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: dcu.org ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: dcu.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: eds.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: hpqcorp.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: hpqcorp.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sharefile.com ([hp] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sharefile.com ([hp] https in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://forrester.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.202.138.3 195.202.128.3 62.40.128.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1286F288-0AF4-4CF3-8208-64CA8BB19F06}: DhcpNameServer = 195.202.138.3 195.202.128.3 62.40.128.2
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\pe130296\Pictures\Ceremony to the sun and the mother eagle.jpg
O24 - Desktop BackupWallPaper: C:\Users\pe130296\Pictures\Ceremony to the sun and the mother eagle.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {86E45973-5352-439F-A115-2E8EE4D40140} - "C:\Program Files (x86)\Common Files\Hewlett-Packard\ActSet\HpActSet.exe"
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.09 16:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.07.09 13:31:56 | 000,047,080 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\HIPIS0e011b5.dll
[2013.07.09 13:31:56 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysWow64\HIPIS0e011b5.dll
[2013.07.09 13:17:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.07.09 12:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.07.09 08:22:28 | 000,000,000 | ---D | C] -- C:\data
[2013.07.09 06:59:18 | 000,000,000 | ---D | C] -- C:\Users\pe130296\AppData\Roaming\Malwarebytes
[2013.07.09 06:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.09 06:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.09 06:58:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.09 06:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.09 06:58:28 | 000,000,000 | ---D | C] -- C:\Users\pe130296\AppData\Local\Programs
[2013.07.08 20:48:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.08 20:34:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.08 20:26:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.08 20:26:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.08 20:26:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.08 20:26:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.08 20:26:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.08 08:56:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2013.07.06 16:13:13 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.06 13:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%appdata%
[2013.07.06 10:49:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.06.26 19:11:48 | 000,000,000 | ---D | C] -- C:\Users\pe130296\AppData\Roaming\Skype
[2013.06.26 19:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.06.26 19:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.06.26 19:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2013.06.26 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2013.06.26 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\pe130296\Desktop\*.tmp files -> C:\Users\pe130296\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.09 17:20:00 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
[2013.07.09 17:00:09 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\pcpm-collector.job
[2013.07.09 16:52:15 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.09 16:52:14 | 000,003,172 | ---- | M] () -- C:\Users\pe130296\Desktop\HitmanPro_20130709_1652.xml
[2013.07.09 16:35:20 | 000,000,346 | -H-- | M] () -- C:\Windows\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
[2013.07.09 16:35:20 | 000,000,338 | -H-- | M] () -- C:\Windows\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
[2013.07.09 16:35:18 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
[2013.07.09 16:35:17 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
[2013.07.09 16:35:17 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
[2013.07.09 16:35:16 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
[2013.07.09 16:35:07 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\pcpm-consolidator.job
[2013.07.09 16:35:04 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Maint.job
[2013.07.09 16:34:49 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.09 16:33:59 | 000,133,028 | ---- | M] () -- C:\Windows\SysWow64\api_hook_list.dat
[2013.07.09 16:33:59 | 000,002,033 | ---- | M] () -- C:\Windows\SysNative\api_hook_list.dat
[2013.07.09 16:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.09 16:33:38 | 2041,880,575 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 16:33:09 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.09 16:33:09 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.09 15:13:23 | 000,028,142 | RHS- | M] () -- C:\Users\pe130296\ntuser.pol
[2013.07.09 13:32:10 | 000,121,561 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.07.08 20:32:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.08 09:01:15 | 000,002,529 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Lync 2010.lnk
[2013.07.05 19:25:17 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI.bak
[2013.07.05 19:25:17 | 000,663,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat.bak
[2013.07.05 19:25:17 | 000,122,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat.bak
[2013.07.05 18:03:12 | 000,000,130 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat
[2013.06.26 20:16:52 | 000,200,192 | ---- | M] () -- C:\Users\pe130296\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.26 19:27:39 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2013.06.24 15:55:20 | 000,001,848 | ---- | M] () -- C:\Users\pe130296\Documents\1 Page Bus Prio.html
[2013.06.24 15:53:31 | 000,002,026 | ---- | M] () -- C:\Users\pe130296\Documents\Opportuntiy Modeling.html
[2013.06.24 15:52:53 | 000,002,035 | ---- | M] () -- C:\Users\pe130296\Documents\Depart _ Arrive _ Prios.html
[2013.06.24 15:52:27 | 000,001,997 | ---- | M] () -- C:\Users\pe130296\Documents\SWOT.html
[2013.06.11 07:58:50 | 000,609,737 | ---- | M] () -- C:\Users\pe130296\Documents\Scan0007.pdf
[2013.06.11 07:57:56 | 000,781,895 | ---- | M] () -- C:\Users\pe130296\Documents\Scan0006.pdf
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\pe130296\Desktop\*.tmp files -> C:\Users\pe130296\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.09 16:52:14 | 000,003,172 | ---- | C] () -- C:\Users\pe130296\Desktop\HitmanPro_20130709_1652.xml
[2013.07.09 16:35:20 | 000,000,338 | -H-- | C] () -- C:\Windows\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
[2013.07.09 16:35:18 | 000,000,346 | -H-- | C] () -- C:\Windows\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
[2013.07.09 16:35:17 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
[2013.07.09 16:35:17 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
[2013.07.09 16:35:16 | 000,000,412 | -H-- | C] () -- C:\Windows\tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
[2013.07.09 16:35:15 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
[2013.07.09 16:35:15 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
[2013.07.09 16:33:59 | 000,133,028 | ---- | C] () -- C:\Windows\SysWow64\api_hook_list.dat
[2013.07.09 16:33:59 | 000,002,033 | ---- | C] () -- C:\Windows\SysNative\api_hook_list.dat
[2013.07.08 20:26:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.08 20:26:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.08 20:26:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.08 20:26:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.08 20:26:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.08 09:01:15 | 000,002,529 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Lync 2010.lnk
[2013.07.05 18:03:11 | 000,000,130 | ---- | C] () -- C:\Windows\SysNative\Pen_Tablet.dat
[2013.07.01 11:20:49 | 001,192,223 | ---- | C] () -- C:\Users\pe130296\Documents\selling2senior_executives.zip
[2013.06.26 19:27:39 | 000,921,624 | ---- | C] () -- C:\img2-001.raw
[2013.06.24 15:55:20 | 000,001,848 | ---- | C] () -- C:\Users\pe130296\Documents\1 Page Bus Prio.html
[2013.06.24 15:53:31 | 000,002,026 | ---- | C] () -- C:\Users\pe130296\Documents\Opportuntiy Modeling.html
[2013.06.24 15:52:53 | 000,002,035 | ---- | C] () -- C:\Users\pe130296\Documents\Depart _ Arrive _ Prios.html
[2013.06.24 15:52:27 | 000,001,997 | ---- | C] () -- C:\Users\pe130296\Documents\SWOT.html
[2013.06.11 07:58:50 | 000,609,737 | ---- | C] () -- C:\Users\pe130296\Documents\Scan0007.pdf
[2013.06.11 07:57:56 | 000,781,895 | ---- | C] () -- C:\Users\pe130296\Documents\Scan0006.pdf
[2013.05.30 18:23:38 | 000,217,020 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.05.02 19:13:34 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2013.05.02 19:11:48 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2013.05.02 19:11:47 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2013.04.26 09:05:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2013.04.25 16:14:22 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.04.25 11:23:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sampler
[2013.04.25 11:23:40 | 000,000,268 | RH-- | C] () -- C:\Users\pe130296\AppData\Roaming\Rock
[2013.04.25 09:51:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2013.04.24 12:23:09 | 000,028,142 | RHS- | C] () -- C:\Users\pe130296\ntuser.pol
[2013.04.24 12:01:05 | 000,777,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.11 11:50:15 | 000,000,143 | ---- | C] () -- C:\Users\pe130296\AppData\Roaming\dd
[2012.06.04 16:48:16 | 000,000,218 | ---- | C] () -- C:\Users\pe130296\.recently-used.xbel
[2012.05.15 20:03:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.15 15:05:55 | 000,121,561 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.04.27 14:47:32 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.04.27 14:47:22 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.04.27 14:47:06 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.27 14:47:00 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.03.21 12:08:52 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\vcsAPIShared.dll.hpsign
[2011.10.12 02:02:14 | 000,187,728 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll
[2011.10.12 02:02:14 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll.hpsign
[2011.10.09 16:50:36 | 000,000,000 | ---- | C] () -- C:\Users\pe130296\AppData\Local\{106DF68C-E58F-439A-A578-AEFF0F9BCA95}
[2011.05.17 13:16:36 | 000,000,680 | ---- | C] () -- C:\Users\pe130296\AppData\Local\d3d9caps.dat
[2011.04.22 13:06:34 | 000,003,108 | ---- | C] () -- C:\Users\pe130296\AppData\Roaming\PData.MMM
[2011.04.22 13:06:34 | 000,003,108 | ---- | C] () -- C:\Users\pe130296\AppData\Roaming\PData.MM1
[2011.02.17 09:27:33 | 000,002,040 | ---- | C] () -- C:\Users\pe130296\AppData\Roaming\HP12CState.bin
[2011.02.11 14:16:00 | 000,000,096 | ---- | C] () -- C:\Users\pe130296\AppData\Local\fusioncache.dat
[2008.06.09 10:30:02 | 000,200,192 | ---- | C] () -- C:\Users\pe130296\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.01 15:27:48 | 000,025,773 | ---- | C] () -- C:\Users\pe130296\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2013.04.24 21:54:12 | 000,000,000 | -HSD | M] -- C:\Users\pe130296\AppData\Local\{69b202c0-2858-b795-3da1-b2788082b446}\L
[2013.04.24 21:54:12 | 000,000,000 | -HSD | M] -- C:\Users\pe130296\AppData\Local\{69b202c0-2858-b795-3da1-b2788082b446}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.24 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\.oit
[2013.04.24 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\4Team
[2013.04.24 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Acronis
[2013.04.24 22:42:13 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Dropbox
[2013.04.24 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Exwa
[2013.04.24 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Garmin
[2013.04.24 22:42:43 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\gtk-2.0
[2013.04.24 22:42:50 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Image Zone Express
[2013.04.24 22:42:50 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\InterVideo
[2013.04.24 22:42:51 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Jabber Messenger
[2013.04.24 22:45:53 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\messages
[2013.04.29 08:43:18 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Nikon
[2013.04.24 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Noduo
[2013.04.24 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\PeerNetworking
[2013.04.24 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Printer Info Cache
[2013.04.24 22:46:54 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\PTS Charts
[2013.04.24 22:46:55 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Samsung
[2013.04.24 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\ScanSoft
[2013.05.02 19:13:53 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Steinberg
[2013.04.24 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\SuperMailer
[2013.04.24 12:23:31 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Synaptics
[2013.04.24 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Ulead Systems
[2013.04.24 22:54:31 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Visan
[2013.05.14 09:43:43 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Wacom
[2013.04.24 22:54:32 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013.04.24 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\webex
[2013.04.24 22:54:35 | 000,000,000 | ---D | M] -- C:\Users\pe130296\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.07.08 20:48:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.04.24 21:54:14 | 000,000,000 | ---D | M] -- C:\3228e11edc2259cfc5fb11
[2013.04.24 21:54:14 | 000,000,000 | ---D | M] -- C:\60862571154f3d9264
[2013.04.24 19:48:48 | 000,000,000 | ---D | M] -- C:\AIP
[2013.04.24 21:54:15 | 000,000,000 | ---D | M] -- C:\Appigo-Sync-Win-0.9.4-4788
[2012.05.15 21:01:19 | 000,000,000 | ---D | M] -- C:\Boot
[2013.04.24 21:54:15 | 000,000,000 | ---D | M] -- C:\c-Data
[2013.07.09 13:23:43 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2013.07.09 17:27:39 | 000,000,000 | ---D | M] -- C:\data
[2013.04.24 21:54:32 | 000,000,000 | ---D | M] -- C:\DIALux
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.04.24 21:54:33 | 000,000,000 | ---D | M] -- C:\dpqueuechange
[2013.07.06 16:13:13 | 000,000,000 | ---D | M] -- C:\FRST
[2013.04.24 21:54:33 | 000,000,000 | ---D | M] -- C:\HP
[2013.04.24 21:54:34 | 000,000,000 | ---D | M] -- C:\HPExperience
[2013.04.24 13:53:26 | 000,000,000 | ---D | M] -- C:\Intel
[2013.07.09 08:54:11 | 000,000,000 | ---D | M] -- C:\Logs
[2013.07.09 17:35:59 | 000,000,000 | ---D | M] -- C:\mail
[2012.05.15 14:49:11 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013.04.24 21:54:34 | 000,000,000 | ---D | M] -- C:\OCSETUPDIR
[2013.04.24 21:54:34 | 000,000,000 | ---D | M] -- C:\oracle
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.04.24 21:55:52 | 000,000,000 | ---D | M] -- C:\pioneerv2
[2013.07.09 12:38:42 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.07.09 13:19:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.07.09 16:37:29 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013.04.24 21:56:06 | 000,000,000 | ---D | M] -- C:\Programme
[2013.04.24 21:56:08 | 000,000,000 | ---D | M] -- C:\prsrvchg
[2013.07.08 20:34:07 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.07.06 17:38:56 | 000,000,000 | ---D | M] -- C:\Quarantine
[2013.04.24 11:56:07 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.04.24 21:56:08 | 000,000,000 | ---D | M] -- C:\ssm
[2013.07.09 17:29:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.04.24 21:56:10 | 000,000,000 | ---D | M] -- C:\system.sav
[2013.07.09 10:53:05 | 000,000,000 | ---D | M] -- C:\Temp
[2013.04.24 21:56:44 | 000,000,000 | ---D | M] -- C:\trams
[2013.04.24 12:22:59 | 000,000,000 | ---D | M] -- C:\Users
[2013.07.08 20:34:06 | 000,000,000 | ---D | M] -- C:\Windows
[2013.04.24 21:56:44 | 000,000,000 | ---D | M] -- C:\winnt
[2013.04.24 21:56:44 | 000,000,000 | ---D | M] -- C:\worldtim
[2013.04.24 21:56:44 | 000,000,000 | ---D | M] -- C:\WTablet
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,014,578 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.04.24 12:23:55 | 000,000,290 | ---- | C] () -- C:\Windows\Tasks\Maint.job
[2013.04.26 10:32:25 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 10:32:25 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.28 08:54:05 | 000,000,308 | ---- | C] () -- C:\Windows\Tasks\pcpm-collector.job
[2013.05.28 08:54:12 | 000,000,314 | ---- | C] () -- C:\Windows\Tasks\pcpm-consolidator.job
[2013.07.09 16:35:15 | 000,000,278 | -H-- | C] () -- C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
[2013.07.09 16:35:15 | 000,000,370 | -H-- | C] () -- C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
[2013.07.09 16:35:16 | 000,000,412 | -H-- | C] () -- C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
[2013.07.09 16:35:17 | 000,000,370 | -H-- | C] () -- C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
[2013.07.09 16:35:17 | 000,000,392 | -H-- | C] () -- C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
[2013.07.09 16:35:18 | 000,000,346 | -H-- | C] () -- C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
[2013.07.09 16:35:20 | 000,000,338 | -H-- | C] () -- C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2012.02.02 00:06:58 | 000,470,808 | ---- | M] (Intel Corporation) MD5=76C3966183BD5382E14CEB6DF97D9709 -- C:\HP\drivers\intelrst\Drivers\x32\iaStor.sys
[2012.02.02 00:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\HP\drivers\intelrst\Drivers\x64\iaStor.sys
[2012.02.02 00:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\drivers\iaStor.sys
[2012.02.02 00:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4b6764daf5ce9174\iaStor.sys
[2012.02.02 00:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_4ffa60c18b7e0989\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2011.07.16 06:56:11 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=1A632357783D393BCAC09A07DD57CF51 -- C:\Windows\erdnt\cache86\netlogon.dll
[2011.07.16 06:56:11 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=1A632357783D393BCAC09A07DD57CF51 -- C:\Windows\SysWOW64\netlogon.dll
[2011.07.16 06:56:11 | 000,564,224 | ---- | M] (Microsoft Corporation) MD5=1A632357783D393BCAC09A07DD57CF51 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.21772_none_667925999c4a467c\netlogon.dll
[2011.07.16 07:29:43 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=5338B789D4A22586CF49DBA733C81A55 -- C:\Windows\erdnt\cache64\netlogon.dll
[2011.07.16 07:29:43 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=5338B789D4A22586CF49DBA733C81A55 -- C:\Windows\SysNative\netlogon.dll
[2011.07.16 07:29:43 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=5338B789D4A22586CF49DBA733C81A55 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.21772_none_5c247b4767e98481\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.14 09:43:20 | 000,000,002 | ---- | M] () -- C:\Users\pe130296\.bdockinstall.log
[2012.06.04 16:48:16 | 000,000,218 | ---- | M] () -- C:\Users\pe130296\.recently-used.xbel
[2013.07.09 17:36:09 | 006,553,600 | -HS- | M] () -- C:\Users\pe130296\NTUSER.DAT
[2013.07.09 17:36:09 | 000,262,144 | -HS- | M] () -- C:\Users\pe130296\ntuser.dat.LOG1
[2013.04.24 12:23:10 | 000,000,000 | -HS- | M] () -- C:\Users\pe130296\ntuser.dat.LOG2
[2013.04.24 16:36:51 | 000,065,536 | -HS- | M] () -- C:\Users\pe130296\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013.04.24 16:36:51 | 000,524,288 | -HS- | M] () -- C:\Users\pe130296\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013.04.24 16:36:51 | 000,524,288 | -HS- | M] () -- C:\Users\pe130296\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.05.15 13:07:32 | 000,000,020 | -HS- | M] () -- C:\Users\pe130296\ntuser.ini
[2013.07.09 15:13:23 | 000,028,142 | RHS- | M] () -- C:\Users\pe130296\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2013.07.09 16:33:02 | 000,028,099 | ---- | M] () -- C:\Users\pe130296\Local Settings\Temp\i4jdel0.exe
[5 C:\Users\pe130296\Local Settings\Temp\*.tmp files -> C:\Users\pe130296\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

momorossi · 09.07.2013, 18:18

und nun OTL extra :

Code:

ATTFilter

OTL Extras logfile created on: 09.07.2013 17:27:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pe130296\Documents\!!!Privat
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 70,44% Memory free
15,74 Gb Paging File | 13,09 Gb Available in Paging File | 83,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 334,52 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
 
Computer Name: PE1302961 | User Name: pe130296 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GetIT] -- C:\Program Files (x86)\Hewlett-Packard\GetITIcon\MainConsole.exe (Hewlett-Packard Company)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GetIT] -- C:\Program Files (x86)\Hewlett-Packard\GetITIcon\MainConsole.exe (Hewlett-Packard Company)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe" = C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe:*:Enabled:HPCA Notify Daemon -- (Hewlett-Packard)
"C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe" = C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe:*:Enabled:HPCA Notify Daemon -- (Hewlett-Packard)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034C5259-AFC0-4081-86A7-7A9FBBC6D94A}" = lport=5556 | protocol=6 | dir=in | name=mcafee endpoint encryption for pc v5 | 
"{0742DFB6-7E50-4A11-A451-D0B645ACCD01}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1A347961-E45C-45B1-B27E-43DCDBD992DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{215C1CFB-84B6-4069-A311-7D8C1E3F2EC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2746D9EB-1B44-4505-A991-CC776E279136}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{3EA205D8-DF6B-413B-BF62-54C64046ED96}" = rport=137 | protocol=17 | dir=out | app=system | 
"{45137C65-A72D-455F-8B66-50A47B110ECD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{534C9E27-E624-4BD4-860D-9342A9DA8A0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{636E166A-3277-450C-97F3-0D4DD4D98B06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{669391E0-D682-424F-BE1F-83929C78CFE8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{73DE7C97-AA5C-43A1-8B50-D57E85601597}" = rport=138 | protocol=17 | dir=out | app=system | 
"{854BA19E-F93E-4261-A2A1-477F7B68231B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{86D51483-0D45-4FF0-A46B-437E508E5DB8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{876FD4DF-493E-4D42-9CC2-F04B2D75343D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{89C7385B-A3F6-4A44-8B3D-69D440087240}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{90C6E921-978C-4649-A12C-3DF7E628D9A9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{98470F77-18DB-4C48-922C-7879571DA0FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{986BFD67-F92E-486E-8F69-6741B6442556}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99B4E8EC-6BC3-42C9-A8C6-7234F13AD166}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9A3D6467-C2E9-433B-B7B5-174384CAF774}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DCA066B-B27C-415D-9965-6A8711EE4602}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B444BC16-C4CC-4ECF-B816-14107446FD05}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7D1FE94-4E1C-4AFC-B052-0E7D283F8513}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C37CCD-F374-494E-A67D-472F66AF7A44}" = dir=in | app=c:\program files (x86)\microsoft lync\ucmapi.exe | 
"{073B69DA-8405-41B3-B322-A35D70F461F6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{0C129FA6-C0AB-484F-960C-BA813B968BE1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1235AAF0-0848-41D8-B407-4A1BF659A360}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{14296450-997D-4E4A-9B53-F68925515DC7}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{17872CD4-3BD4-4855-B526-DDE245A9C509}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{2553491A-A440-4430-92B2-66612D410DF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{267A9E82-A96D-421E-8692-F483D885D788}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{341CC692-CB8E-4E73-9D32-D79FAFC5B980}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{35FADDC7-A0A0-4381-A905-D65603EB2B0E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{3D772EDE-BA12-4924-923F-EB35C5EAA06D}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{43C937A1-FBF3-45E1-9420-64CCC1DDD9B6}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{4439169F-A157-4FEC-B81B-F8D342B6B1A8}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{47B5976B-1F4E-41AB-ABD4-941580661C4D}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{47FA7A4B-F45A-487B-B87B-0C7CA61C3C65}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{4BDD7D29-2C5D-4C41-A6A5-CED821BFA277}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{4F8475AA-684C-4285-9CBF-48B3CB3F0C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4FB10454-2A60-4C6E-947F-F75406DA26DC}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{5396927D-FBA1-42D4-B332-23206A759966}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{558F3174-2369-4F7A-B535-F043E0CE0A68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5676CCC0-6527-4697-9A49-9D80FF3B4E85}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{573806AD-4617-4E83-871C-030E7939B051}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | 
"{610EC0B7-5AC8-40A9-8093-F4389E1CDF85}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6886A8ED-25BD-4980-A84C-E315D3A54C1A}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{72CCD836-AC55-4CD4-9DA4-7A3160FB2F7C}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{73090555-73A2-406A-A57B-F1B5E33A01F5}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{741EC490-73E4-42CA-AB67-8E5AC5C575AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | 
"{761B5FE8-1AE9-4773-9655-02745463580F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{7835A766-917E-4E3C-AABF-5F990C74716A}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{7AA3B174-70B7-46F8-89D2-705D465250F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8323350B-3232-4CA0-B788-6F19E1BBC06D}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{8383A32E-E581-4F4E-A314-9228058556DC}" = dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{86CC4D9D-D69E-4387-84C3-43D385A0D212}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{8C9B5989-300F-49AC-AC4D-B82D44E7F766}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8EF6B8D5-0DCD-42C1-AD9A-A17C554FF6A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9011973C-28BE-48D4-8856-491464AC269E}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\digitalwizards.exe | 
"{9266CE99-5FB7-4594-9E69-6DB9357F0539}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe | 
"{973200EC-9EA7-4CE2-94D7-29CA70C90DDE}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{9FBCABAB-7488-45B8-89C1-4F645175E12E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{A0656302-ABA1-4763-AAD2-70D82439BAFC}" = dir=in | app=c:\program files\microsoft lync\ucmapi64.exe | 
"{A54C3805-D008-4A44-844F-29917552A2A6}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe | 
"{A672F704-FB0B-4A24-AC3B-664DDCF71724}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{AEC1DE17-B6F8-44F9-B8B5-D05144BB313D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B4ADFE1B-12AA-40CD-9342-FF82016C3CF6}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{B7684101-5EB6-48A2-925D-8E15B98D08F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B9022664-1E25-401D-916E-1BB604D439ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{BBA2D4A4-6194-4859-B964-4F16AE07B4FD}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{C6E38218-8F39-48EB-A10D-3432FD989803}" = protocol=6 | dir=in | app=c:\program files (x86)\pc backup\agent.exe | 
"{C743189E-27FF-4F61-8F63-8E4DF387290C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | 
"{C7586810-4A50-48F2-91BF-17C8C0395F73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{CC18F27B-A59E-4C47-B0E0-FDAF2C8C2D18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{CE5678E7-184D-4128-94AE-1BD2B12B0ACA}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\faxapplications.exe | 
"{D413D5A4-24C7-48DC-BA5C-6416F0D64F33}" = protocol=17 | dir=in | app=c:\program files (x86)\pc backup\agent.exe | 
"{DE63FB0F-DBEF-403B-9734-CC8828D921B1}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\sendafax.exe | 
"{E431085B-9F4C-4A26-82BA-E9D5063C9F9B}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{E551C663-F5B2-4362-8481-F684FABC8925}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe | 
"{E7DD7FE8-BA4F-4BD8-A4D8-783E57FFEAF5}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{E930604E-A8EF-461D-A244-4B30D4F9484B}" = dir=in | app=c:\program files (x86)\products\time service\svctimehpc.exe | 
"{EAADA21C-B80F-447D-9EBE-AC7A01E22874}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\devicesetup.exe | 
"{F2A38C0A-EED5-4B4F-93D8-AAC82555F15D}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | 
"{F5136706-5CF4-463C-8D01-4AE6A1D81F44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F7CE2B22-1DA8-4623-8167-45414F072374}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{FCAE80B5-B4BF-4992-A65D-D45DAF4DE7DA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FD1DC22D-2E36-4F86-9260-3F990B06D32C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lync\communicator.exe | 
"{FFC369B9-C3A4-4F83-9D5E-C51710899C94}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Corel Painter 12
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0838FACF-AB67-4AB7-B09A-3FC1809AED34}" = Painter 12 - FR
"{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Painter 12 - Setup Files
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{16B872EE-C458-41BD-BEAE-52758A3F3168}" = HP Photosmart 7520 series Product Improvement Study
"{1937AE9E-E8B7-4E02-9D91-7BBCED578570}" = USMT_AMD64
"{1C20E609-768A-4FDC-AC75-2CE466D81506}" = Calisto DFU Driver (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27ABA988-D480-4F44-B0FD-45E5656D2CFE}" = HP Photosmart 7520 series Basic Device Software
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3008095C-B516-4A5E-8B99-F0E113C21C72}" = Share64
"{42CD49CD-4B05-4A2D-8FD1-E37CC9315FA5}" = Painter 12 - Core
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5FD7D415-F562-4767-913F-26E7F463DF8B}" = Painter 12 - Corex64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77013803-5BA9-4C8A-BFC4-99AE7151C4B7}" = Painter 12 - EN
"{81BE0B17-563B-45D4-B198-5721E6C665CD}" = Microsoft Lync 2010
"{82602802-91A2-449B-98BF-7F86BDE7F7E5}" = Forefront Identity Manager Add-ins and Extensions
"{84642787-58C0-44AE-8B26-E2F544E380A1}" = HP Power Assistant
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90FE5BFC-C6C5-45D3-A7E3-463D707E2D44}" = Device Installer x64
"{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}" = Validity Fingerprint Sensor Driver
"{97759DE4-0A6A-4ACF-A511-4DA791BEAA1A}" = Painter 12 - Content
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{AC6FC993-CCD1-41A5-B61C-AD61F90549BE}" = Corel Painter 12 - IPM
"{C0C9A493-51CB-4F3F-A296-5B5E410C338E}" = HP 3D DriveGuard
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{E187937F-E3D5-45F7-BA33-1FC7CBF91640}" = Painter 12 - IT
"{E664F998-3760-4B30-AEF0-BB624C498870}" = Painter 12 - DE
"{F55AC315-3443-4A7A-9C01-621C776E1AA4}" = Remote Access to HP Network 6.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07AFE62D73C8799E9E5689F86FB9F48389717BA3" = Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports  (04/21/2009 5.1)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Wacom
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{6688A246-F6E8-48AD-9806-8D5832E9F15D}" = Corel VideoStudio Pro X6
"{00FC3F65-86EB-475E-881F-A5B1CF731320}" = McAfee SiteAdvisor Enterprise Plus
"{05FCDAAC-6974-439F-872C-6921F1424FC5}" = HP Fonts
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8E64E0-FFAB-4D7D-A793-F451D580EF65}" = Microsoft Visual C++ 2005 Runtime
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Sun JRE 1.6.0
"{2B2E5A81-C31B-40AD-B3C6-C08C85755A14}" = HP Connection Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = PC Backup Agent
"{3D1BB3AD-F008-49B4-91D3-EA027CBED4FB}" = Plantronics Spokes Software
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4AEFF024-F0D0-4AD6-8231-FF51949E91E0}" = McAfee Agent
"{4D9D12CD-B714-4A8F-A4AB-C33C4DD7F770}" = PC COE Required Settings
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}" = Garmin MapInstall
"{5FF70775-5D3A-4A26-B9ED-1BF642E9987C}" = DIALux evo
"{6357258D-2BF9-49E7-A9EF-0C609D52C46D}" = HP ESU for Microsoft Windows 7
"{6688A246-F6E8-48AD-9806-8D5832E9F15D}" = ICA
"{6C6EEA9F-3998-4E0D-B91F-43CB218C715C}" = Setup
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4381993C-BD4B-4EA5-914F-50C17EE88175}" = 
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-0055-0407-0000-0000000FF1CE}" = Microsoft Office VisMUI (German) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{3C660329-51B7-4F5D-AF0A-A97563B052C6}" = 
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000004}" = Acrobat Professional
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Acrobat Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader
"{AD7DA145-3118-4D69-BE89-D3ED1510BD15}" = Share
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B27D272F-2860-4363-9803-956C0A9FAFB9}" = Garmin BaseCamp
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C74C286B-67D8-453B-A639-9C99053E76A2}" = HP Timing Service
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CBDC1D3E-0700-4C20-B9C1-C3454C0FBF18}" = HP Client Automation Application Manager Agent
"{CCC10E8E-7FD1-4D55-87C2-D0A5ABC0A62B}" = IPM_VS_Pro
"{CEECF731-3F08-4210-8073-7E87F58C01D3}" = Microsoft Lync 2010, MUI
"{D0096E50-D99E-4178-A988-E5192B6F6B91}" = VSClassic
"{D88D7ECD-F173-4A97-96F9-2B05C5DC90DC}" = VSPro
"{D9DD0D4F-6E5A-484D-AD8C-FD3BAF5D4450}" = VSHelp
"{DF6F1789-2C07-49CB-993D-6B3D5586C34E}" = PC COE
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E0F49D-0C92-4095-9ECC-4C36568F7D9D}" = Get IT Icon
"{EE0B1766-153A-4251-A192-F8FD3D941711}" = Contents
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Bamboo Dock" = Bamboo Dock
"DIAL Data Dispatcher1.0" = DIAL Data Dispatcher
"eLicenser Control" = eLicenser Control
"HP Photo Creations" = HP Photo Creations
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Office14.VisMUI.de-de" = Microsoft Visio Language Pack 2010 - German/Deutsch
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WaveLabLE7" = WaveLab LE 7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.07.2013 05:08:05 | Computer Name = PE1302961.emea.hpqcorp.net | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 07:04:53 | Computer Name = PE1302961.emea.hpqcorp.net | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 07:05:06 | Computer Name = PE1302961.emea.hpqcorp.net | Source = TabletServicePen | ID = 0
Description = 
 
Error - 06.07.2013 07:22:38 | Computer Name = PE1302961.emea.hpqcorp.net | Source = TabletServicePen | ID = 0
Description = 
 
Error - 06.07.2013 07:22:42 | Computer Name = PE1302961.emea.hpqcorp.net | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 07:22:50 | Computer Name = PE1302961.emea.hpqcorp.net | Source = TabletServicePen | ID = 0
Description = 
 
Error - 06.07.2013 07:22:59 | Computer Name = PE1302961.emea.hpqcorp.net | Source = WTabletServiceCon | ID = 1
Description = 
 
Error - 06.07.2013 08:27:15 | Computer Name = PE1302961.emea.hpqcorp.net | Source = TabletServicePen | ID = 0
Description = 
 
Error - 06.07.2013 08:27:26 | Computer Name = PE1302961.emea.hpqcorp.net | Source = TabletServicePen | ID = 0
Description = 
 
Error - 06.07.2013 08:27:31 | Computer Name = PE1302961.emea.hpqcorp.net | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 08:27:35 | Computer Name = PE1302961.emea.hpqcorp.net | Source = WTabletServiceCon | ID = 1
Description = 
 
[ HP Connection Manager Events ]
Error - 24.04.2013 12:48:41 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.04.24 18:48:41.414|000016E4|Error      |[HP.Mobile]HotSpotPolicies::get_HotSpotEnabledRegistryValue{bool()}|The
 specified registry key does not exist.
 
Error - 08.05.2013 09:43:44 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.05.08 15:43:44.528|00001CD8|Error      |[HP.Mobile]HotSpotPolicies::get_HotSpotEnabledRegistryValue{bool()}|The
 specified registry key does not exist.
 
Error - 09.05.2013 07:14:52 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.05.09 13:14:52.835|00001628|Error      |[HP.Mobile]Wlan::b{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 13.05.2013 06:36:35 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.05.13 12:36:35.160|00001CD8|Error      |[HP.Mobile]HotSpotPolicies::get_HotSpotEnabledRegistryValue{bool()}|The
 specified registry key does not exist.
 
Error - 29.05.2013 10:34:46 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.05.29 16:34:46.281|000011E4|Error      |[HP.Mobile]Wlan::b{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 20.06.2013 08:18:27 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.06.20 14:18:27.590|0000165C|Error      |[HP.Mobile]HotSpotPolicies::get_HotSpotEnabledRegistryValue{bool()}|The
 specified registry key does not exist.
 
Error - 01.07.2013 06:15:12 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.07.01 12:15:12.938|00001DBC|Error      |[HP.Mobile]HotSpotPolicies::get_HotSpotEnabledRegistryValue{bool()}|The
 specified registry key does not exist.
 
Error - 02.07.2013 09:41:01 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.07.02 15:41:01.966|00000684|Error      |[HP.Mobile]AutomaticLocationSelector::c{HP.Mobile.Locations.Location()}|An
 invalid IP address was specified.
 
Error - 03.07.2013 10:17:09 | Computer Name = PE1302961.emea.hpqcorp.net | Source = hpMobile | ID = 5
Description = 2013.07.03 16:17:09.688|00000684|Error      |[HP.Mobile]Wlan::b{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
[ HP Software Framework Events ]
Error - 31.05.2013 03:44:45 | Computer Name = PE1302961.emea.hpqcorp.net | Source = CaslSmBios | ID = 5
Description = 2013.05.31 09:44:45.179|00000300|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Object reference not set to an instance
 of an object.
 
Error - 31.05.2013 03:44:45 | Computer Name = PE1302961.emea.hpqcorp.net | Source = CaslSmBios | ID = 5
Description = 2013.05.31 09:44:45.631|00000300|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged.2.0 event. Exception: Object reference
 not set to an instance of an object.
 
Error - 03.06.2013 03:33:15 | Computer Name = PE1302961.emea.hpqcorp.net | Source = CaslSmBios | ID = 5
Description = 2013.06.03 09:33:15.779|00001BA8|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Object reference not set to an instance
 of an object.
 
Error - 03.06.2013 03:33:15 | Computer Name = PE1302961.emea.hpqcorp.net | Source = CaslSmBios | ID = 5
Description = 2013.06.03 09:33:15.888|00001BA8|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged.2.0 event. Exception: Object reference
 not set to an instance of an object.
 
Error - 08.07.2013 14:47:38 | Computer Name = PE1302961.emea.hpqcorp.net | Source = CaslSmBios | ID = 5
Description = 2013/07/08 20:47:38.033|00001324|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Object reference not set to an instance
 of an object.
 
[ System Events ]
Error - 06.07.2013 03:24:32 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Service Control Manager | ID = 7001
Description = The SMB MiniRedirector Wrapper and Engine service depends on the Redirected
 Buffering Sub Sysytem service which failed to start because of the following error:
   %%31
 
Error - 06.07.2013 03:24:32 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Service Control Manager | ID = 7001
Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
 Wrapper and Engine service which failed to start because of the following error:
   %%1068
 
Error - 06.07.2013 03:24:32 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Service Control Manager | ID = 7001
Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
 Wrapper and Engine service which failed to start because of the following error:
   %%1068
 
Error - 06.07.2013 03:24:32 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness service depends on the Network Store
 Interface Service service which failed to start because of the following error:
   %%1068
 
Error - 06.07.2013 03:24:32 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Service Control Manager | ID = 7001
Description = The McAfee McShield service depends on the McAfee Validation Trust
 Protection Service service which failed to start because of the following error:
   %%1068
 
Error - 06.07.2013 03:24:32 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFD  CSC  DfsC  discache  FireTDI  mfehidk  NetBIOS  NetBT  nsiproxy  Psched  rdbss  RsvLock  SbFlop  SbRegFlt
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
 
Error - 06.07.2013 03:24:30 | Computer Name = PE1302961.emea.hpqcorp.net | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:11:11 PM on ?7/?5/?2013 was unexpected.
 
Error - 06.07.2013 04:49:54 | Computer Name = PE1302961.emea.hpqcorp.net | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain EMEA due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 06.07.2013 04:49:55 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
 computer name. This could be caused by one of more of the following:   a) Name Resolution
 failure on the current domain controller.   b) Active Directory Replication Latency
 (an account created on another domain controller has not replicated to the current
 domain controller).
 
Error - 06.07.2013 04:49:59 | Computer Name = PE1302961.emea.hpqcorp.net | Source = Microsoft-Windows-GroupPolicy | ID = 1053
Description = The processing of Group Policy failed. Windows could not resolve the
 user name. This could be caused by one of more of the following:   a) Name Resolution
 failure on the current domain controller.   b) Active Directory Replication Latency
 (an account created on another domain controller has not replicated to the current
 domain controller).
 
 
< End of report >

markusg · 09.07.2013, 18:25

Hi,
1.
Internet Explorer 10 instalieren, der muss aktuell sein:
Internet Explorer*10 herunterladen - Internet Explorer*10 herunterladen

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.