Kwik case security cases how to open

Browser starts automatically, tabs open independently with advertising

Browser starts automatically, tabs open independently with advertising



FRST log file:

FRST log file:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 Ran by RH2708 (ATTENTION: The logged in user is not administrator) on RH2708 on 06-10-2014 11:37:32 Running from C : \ Users \ RH2708 \ Desktop Loaded Profile: RH2708 (Available profiles: RH & RH2708) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German (Germany) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp: //www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ============= ======= Processes (Whitelisted) =================== (If an entry is included in the fixlist, the process will be closed. The file will not be moved .) (Microsoft Corporation) C: \ Program Files \ Microsoft Security Client \ msseces.exe (Synaptics Incorporated) C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe (Adobe Systems Inc.) C: \ Program Files \ Adobe \ Acrobat 8.0 \ Acrobat \ acrotray.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Displ ay \ nvtray.exe (Hewlett-Packard) C: \ Program Files \ HP \ HP Software Update \ hpwuschd2.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Update Core \ NvBackend.exe (Oracle Corporation) C: \ Program Files \ Common Files \ Java \ Java Update \ jusched.exe (Bose Corporation) C: \ Program Files \ SoundTouch \ SoundTouchMusicServer \ SoundTouch music server.exe () C: \ Users \ RH2708 \ AppData \ Local \ Program Files \ Amazon \ MP3 Downloader \ AmazonMP3DownloaderHelper.exe () C: \ Users \ RH2708 \ AppData \ Local \ Amazon Cloud Player \ Amazon Music Helper.exe (Nokia) C: \ Program Files \ Nokia \ Nokia PC Suite 7 \ PCSuite.exe ( Hewlett-Packard Co.) C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe (Logitech Inc.) C: \ Program Files \ Squeezebox \ SqueezeTray.exe (Hewlett-Packard Co.) C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqste08.exe (Hewlett-Packard Co.) C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqbam08.exe (Hewlett-Packard) C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqgpc01.exe (Microsoft Corporation) C: \ Windows \ System32 \ rundll32.exe (Opera Software) C: \ Users \ RH2708 \ AppData \ Local \ Programs \ Opera \ 24.0.1558.64 \ opera.exe (Opera Software) C: \ Users \ RH2708 \ AppData \ Local \ Programs \ Opera \ 24.0.1558.64 \ opera.exe (Opera Software) C: \ Users \ RH2708 \ AppData \ Local \ Programs \ Opera \ 24.0.1558.64 \ opera.exe (Opera Software) C: \ Users \ RH2708 \ AppData \ Local \ Programs \ Opera \ 24.0.1558.64 \ opera .exe (Opera Software) C: \ Users \ RH2708 \ AppData \ Local \ Programs \ Opera \ 24.0.1558.64 \ opera.exe ===================== Registry ( Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM \ ... \ Run: [MSC] => C: \ Program Files \ Microsoft Security Client \ msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM \ .. . \ Run: [SynTPEnh] => C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated) HKLM \ ... \ Run: [Logitech Download Assistant] => C : \ Windows \ system32 \ rundll32.exe C: \ Windows \ System32 \ LogiLDA.dll, LogiFetch HKLM \ ... \ Run: [Acrobat Assistant 8.0] => C: \ Program Files \ Adobe \ Acrobat 8.0 \ Acrobat \ Acrotray .exe [624248 2007-05-10] (Adobe Systems Inc.) HKLM \ ... \ Run: [] => [X] HKLM \ ... \ Run: [Adobe Acrobat Speed ‚Äč‚ÄčLauncher] => C: \ Program Files \ Adobe \ Acrobat 8.0 \ Acrobat \ Acrobat_sl.exe [46200 2007-05-11] (Adobe Systems Incorporated) HKLM \ ... \ Run: [DNS7reminder] => C: \ Program Files \ Nuance \ NaturallySpeaking11 \ Ereg \ Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM \ ... \ Run: [DivXMediaServer] => C: \ Program Files \ DivX \ DivX Media Server \ DivXMediaServer.exe HKLM \. .. \ Run: [AdobeAAMUpdater-1.0] => C: \ Program Files \ Common Files \ Adobe \ OOBE \ PDApp \ UWA \ UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM \ ... \ Run: [HP Software Update] => C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM \ ... \ Run: [Nikon Message Center 2] => C: \ Program Files \ Nikon \ Nikon Message Center 2 \ NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM \ ... \ Run: [APSDaemon] => C: \ Program Files \ Common Files \ Apple \ Apple Application Support \ APSDaemon.exe [59720 2013- 09-13] (Apple Inc.) HKLM \ ... \ Run: [QuickTime Task] => C: \ Program Files \ QuickTime \ QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM \. .. \ Run: [NvBackend] => C: \ Program Files \ NVIDIA Corporation \ Update Core \ NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM \ ... \ Run: [ShadowPlay] => C: \ Windows \ system32 \ rundll32.exe C: \ Windows \ system32 \ nvspcap.dll, ShadowPlayOnSystemStart HKLM \ ... \ Run: [SunJavaUpdateSched] => C: \ Program Files \ Common Files \ Java \ Java Update \ jusched .exe [256896 2014-07-25] (Oracle Corpo ration) HKLM \ ... \ Run: [SoundTouch Music Server] => C: \ Program Files \ SoundTouch \ SoundTouchMusicServer \ SoundTouch music server.exe [1063424 2014-07-29] (Bose Corporation) HKLM \ ... \ RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE \ Software \ SearchProtect / f HKU \ S-1-5-21-638709124-720255203-905956943-1003 \ ... \ Run: [AmazonMP3DownloaderHelper] => C: \ Users \ RH2708 \ AppData \ Local \ Program Files \ Amazon \ MP3 Downloader \ AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU \ S-1-5-21-638709124-720255203-905956943-1003 \ ... \ Run : [Amazon Cloud Player] => C: \ Users \ RH2708 \ AppData \ Local \ Amazon Cloud Player \ Amazon Music Helper.exe [3145536 2014-05-08] () HKU \ S-1-5-21-638709124- 720255203-905956943-1003 \ ... \ Run: [PC Suite Tray] => C: \ Program Files \ Nokia \ Nokia PC Suite 7 \ PCSuite.exe [1516632 2012-06-26] (Nokia) HKU \ S- 1-5-18 \ ... \ Run: [GarminExpressTrayApp] => C: \ Program Files \ Garmin \ Express Tray \ ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) AppInit_DLLs: acaptuser32. dll => C: \ Windows \ system32 \ acaptuser32.dll [112248 2007-05-11] (Adobe Systems, Inc.) Startup: C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe (Hewlett-Packard Co.) Startup: C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Logitech Media Server-Taskbar-Tool.lnk ShortcutTarget: Logitech Media Server-Taskbar-Tool.lnk -> C: \ Program Files \ Squeezebox \ SqueezeTray.exe (Logitech Inc.) ============== ====== Internet (Whitelisted) ===================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache = hxxp: //de.msn.com/ HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache AcceptLangs = de -DE HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page Redirect Cache_TIMESTAMP = 0xC0D27B4C9AD9 CF01 HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = hxxp: //www.sweet-page.com/web/? Type = ds & ts = 1397330490 & from = cor & uid = 3219913727_67194_28793B6D & q = {searchTerms} HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = hxxp: //www.sweet-page.com/? Type = hp & ts = 1397330490 & from = cor & uid = 3219913727_67194_28793B6D HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = hxxp: //www.sweet-page .com /? type = hp & ts = 1397330490 & from = cor & uid = 3219913727_67194_28793B6D HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = hxxp: //www.sweet-page.com/web/? type = ds & ts = 1397330490 & from = cor & uid = 3219913727_67194_28793B6D & q = {searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp: //www.sweet-page.com/web/? Type = ds & ts_79 & ts = 139739913728 & from = 139739913728 & ts = = ds & ts = 791194 & ts = search = ds } SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp: //www.sweet-page.com/web/? Type = ds & ts = 1397330490 & from = cor & uid = 3219913727_67194_28793B6D & q = { searchTerms} BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C: \ Program Files \ HP \ Digital Imaging \ Smart Web Printing \ hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C: \ Program Files \ Microsoft Office \ Office15 \ OCHelper.dll (Microsoft Corporation) BHO : Java (tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C: \ Program Files \ Java \ jre7 \ bin \ ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign -in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll (Microsoft Corp.) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C: \ Program Files \ Adobe \ Acrobat 8 .0 \ Acrobat \ AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C: \ Program Files \ Microsoft Office \ Office15 \ URLREDIR.DLL (Microsoft Corporation) BHO: Java (tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C: \ Program Files \ Java \ jre7 \ bin \ jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C: \ Program Files \ HP \ Digital Imaging \ Smart Web Printing \ hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C: \ Program Files \ Adobe \ Acrobat 8.0 \ Acrobat \ AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8- 0819E2EAAC93} - C: \ Program Files \ Adobe \ Acrobat 8.0 \ Acrobat \ AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C: \ Program Files \ Microsoft Office \ Office15 \ MSOSB.DLL (Microsoft Corporation) Winsock: Catalog5 07 C : \ Program Files \ Bonjour \ mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip \ Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C: \ Users \ RH2708 \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ n7e6m5r4.default FF SearchEngineOrder.1: Delta Search FF Homepage: about: superstart FF Plugin: @ adobe.com / FlashPlayer -> C: \ Windows \ system32 \ Macromed \ Flash \ NPSWF32_15_0_0_152. dll () FF Plugin: @ java.com / DTPlugin, version = 10.67.2 -> C: \ Program Files \ Java \ jre7 \ bin \ dtplugin \ npDeployJava1.dll (Oracle Corporation) FF Plugin: @ java.com / JavaPlugin , version = 10.67.2 -> C: \ Program Files \ Java \ jre7 \ bin \ plugin2 \ npjp2.dll (Oracle Corporation) FF Plugin: @ microsoft.com / Lync, version = 15.0 -> C: \ Program Files \ Mozilla Firefox \ plugins \ npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @ Microsoft.com / NpCtrl, version = 1.0 -> C: \ Program Files \ Microsoft Silverlight \ 5.1.30514.0 \ npctrl.dll (Microsoft Corporation) FF Plugin: @ microsoft.com / SharePoint, version = 14.0 -> C: \ PROGRA ~ 1 \ MICROS ~ 4 \ Office15 \ NPSPWRA P.DLL (Microsoft Corporation) FF Plugin: @ microsoft.com / WLPG, version = 16.4.3528.0331 -> C: \ Program Files \ Windows Live \ Photo Gallery \ NPWLPG.dll (Microsoft Corporation) FF Plugin: @ nvidia.com / 3DVision -> C: \ Program Files \ NVIDIA Corporation \ 3D Vision \ npnv3dv.dll (NVIDIA Corporation) FF Plugin: @ nvidia.com / 3DVisionStreaming -> C: \ Program Files \ NVIDIA Corporation \ 3D Vision \ npnv3dvstreaming.dll ( NVIDIA Corporation) FF Plugin: @ tools.google.com / Google Update; version = 3 -> C: \ Program Files \ Google \ Update \ 1.3.24.15 \ npGoogleUpdate3.dll (Google Inc.) FF Plugin: @ tools.google .com / Google Update; version = 9 -> C: \ Program Files \ Google \ Update \ 1.3.24.15 \ npGoogleUpdate3.dll (Google Inc.) FF Plugin: @ videolan.org / vlc, version = 2.1.5 -> C: \ Program Files \ VideoLAN \ VLC \ npvlc.dll (VideoLAN) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C: \ Users \ RH2708 \ AppData \ Local \ Program Files \ Amazon \ MP3 Downloader \ npAmazonMP3DownloaderPlugin10181.dll ( Amazon.com, Inc.) FF Plugin ProgramFiles / Appdata: C: \ Program Files \ mo zilla firefox \ plugins \ npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles / Appdata: C: \ Program Files \ mozilla firefox \ plugins \ nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles / Appdata: C: \ Program Files \ mozilla firefox \ plugins \ npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles / Appdata: C: \ Program Files \ mozilla firefox \ plugins \ npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles / Appdata: C: \ Program Files \ mozilla firefox \ plugins \ npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles / Appdata: C: \ Program Files \ mozilla firefox \ plugins \ npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles / Appdata: C: \ Program Files \ mozilla firefox \ plugins \ npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C: \ Program Files \ mozilla firefox \ browser \ searchplugins \ amazondotcom-de.xml FF SearchPlugin: C: \ Program Files \ mozilla firefox \ browser \ searchplugins \ eBay-de.xml FF SearchPlugin: C: \ Program Files \ mozilla firefox \ browser \ searchplugins \ leo_ende_de.xml FF SearchPlugin: C: \ Program Files \ mozilla firefox \ browser \ searchplugins \ sweet-page.xml FF SearchPlugin: C: \ Program Files \ mozilla firefox \ browser \ searchplugins \ yahoo-de.xml FF Extension: Super Start - C: \ Users \ RH2708 \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ n7e6m5r4.default \ Extensions \ [email protected] [2014-09-23] FF Extension: Garmin Communicator - C: \ Users \ RH2708 \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ n7e6m5r4.default \ Extensions \ {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-04-20] FF Extension: DownloadHelper - C: \ Users \ RH2708 \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ n7e6m5r4.default \ Extensions \ {b9db16a4- 6edc-47ec-a1f4-b86292ed211d} [2014-09-20] FF Extension: Media Converter - C: \ Users \ RH2708 \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ n7e6m5r4.default \ Extensions \ {6e764c17-863a-450f -bdd0-6772bd5aaa18} .xpi [2014-05-24] FF Extension: JS Switch - C: \ Users \ RH2708 \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ n7e6m5r4.default \ Extensions \ {88c7b321-2eb8-11da- 8cd6-0800200c9a66} .xpi [2013-09-17] FF HKLM \ ... \ Firefox \ Extensions: [quick_st [email protected]] - C: \ Users \ RH \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ sacvh9xe.default \ extensions \ [email protected] FF Extension: Quick Start - C: \ Users \ RH \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ sacvh9xe.default \ extensions \ [email protected] [2014-04-12] Chrome: ======= CHR HomePage: Default -> hxxp: //www.google.com / CHR StartupUrls: Default -> "hxxp: //www.google.The file will not be moved unless listed separately.) R2 AAV UpdateService; C: \ Program Files \ Akademische Arbeitsgemeinschaft \ AAVUpdateManager \ aavus.exe [128296 2008-10-24] () R2 Bonjour Service; C: \ Program Files \ Bonjour \ mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R2 DragonSvc; C: \ Program Files \ Common Files \ Nuance \ dgnsvc.exe [297392 2011-06-16] (Nuance Communications, Inc.) R3 FLEXnet Licensing Service; C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe [654848 2013-04-21] (Macrovision Europe Ltd.) [File not signed] R2 Garmin Core Update Service; C: \ Program Files \ Garmin \ Core Update Service \ Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R3 hpqcxs08; C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C: \ Program Files \ HP \ Digital Imaging \ bin \ HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed] S3 IDriverT; C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 lmhosts; C: \ Windows \ system32 \ svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 MsMpSvc; C: \ Program Files \ Microsoft Security Client \ MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R2 NAUpdate; C: \ Program Files \ Nero \ Update \ NASvc.exe [769432 2012-07-13] (Nero AG) R2 Net Driver HPZ12; C: \ Windows \ system32 \ HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R3 NisSrv; C: \ Program Files \ Microsoft Security Client \ NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 NlaSvc; C: \ Windows \ System32 \ svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C: \ Windows \ system32 \ svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 NvNetworkService; C: \ Program Files \ NVIDIA Corporation \ NetService \ NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation) R2 Pml Driver HPZ12; C: \ Windows \ system32 \ HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] ===================== Drivers ( Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry.The file will not be moved unless listed separately.) R0 MpFilter; C: \ Windows \ System32 \ DRIVERS \ MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MpKsl80ded898; C: \ ProgramData \ Microsoft \ Microsoft Antimalware \ Definition Updates \ {2AE21B5C-0DAD-4C51-9204-1C9E0C8A81BE} \ MpKsl80ded898.sys [39464 2014-10-06] (Microsoft Corporation) R3 NvStreamKms; C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C: \ Windows \ System32 \ drivers \ nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation) S3 USB_RNDIS; C: \ Windows \ System32 \ DRIVERS \ usb8023.sys [15872 2013-02-12] (Microsoft Corporation) R1 {16d667ee-6782-4b21-81df-8ded8ebc3868} Gw; C: \ Windows \ System32 \ drivers \ {16d667ee-6782-4b21-81df-8ded8ebc3868} Gw.sys [39096 2014-09-21] (StdLib) S3 VGPU; System32 \ drivers \ rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) ================ === (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ================= === One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file \ folder will be moved.) 2014-10-06 11:37 - 2014-10-06 11:37 - 00019032 _____ () C: \ Users \ RH2708 \ Desktop \ FRST.txt 2014-10-06 11:37 - 2014-10-06 11:37 - 00000000 ____D () C: \ Users \ RH2708 \ Desktop \ FRST-OlderVersion 2014-10-06 07:37 - 2014-10-06 11:37 - 00000000 ____D () C: \ FRST 2014-10-06 07:35 - 2014-10-06 11:37 - 01101312 _____ (Farbar) C: \ Users \ RH2708 \ Desktop \ FRST.exe 2014-10-04 17:03 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C: \ Windows \ system32 \ qdvd.dll 2014 -09-27 17:10 - 2014-09-27 17:13 - 1413324831 _____ () C: \ Users \ RH2708 \ Desktop \ Bundesratespiel.zip 2014-09-27 17:08 - 2014-09-27 17:08 - 00000000 ____D () C: \ Users \ RH2708 \ Desktop \ Bundesratpiel 2014-09-26 18:54 - 2014-09-26 18:54 - 00000000 ____D () C: \ Users \ RH2708 \ dwhelper 2014-09-23 20:15 - 2014-09-09 23 : 47 - 00002048 _____ (Microsoft Corporation) C: \ Windows \ system32 \ tzres.dll 2014-09-21 14:44 - 2014-09-21 14:44 - 00002011 _____ () C: \ Users \ Public \ Desktop \ MyPhoneExplorer.lnk 2014-09-21 14:44 - 2014-09-21 14:44 - 00000000 ____D () C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ MyPhoneExplorer 2014-09-21 14:43 - 2014 -09-21 14:43 - 00000000 ____D () C: \ Users \ RH \ AppData \ Roaming \ Opera Software 2014-09-21 14:43 - 2014-09-21 14:43 - 00000000 ____D () C: \ Users \ RH \ AppData \ Local \ Opera Software 2014-09-21 14:43 - 2014-09-21 02:05 - 00039096 _____ (StdLib) C: \ Windows \ system32 \ Drivers \ {16d667ee-6782-4b21-81df -8ded8ebc3868} Gw.sys 2014-09-21 14:42 - 2014-09-26 16:46 - 00000000 ____D () C: \ Program Files \ Opera 2014-09-21 14:42 - 2014-09-21 14 : 42 - 00001089 _____ () C: \ Users \ Public \ Desktop \ Opera.lnk 2014-09-21 14:42 - 2014-09-21 14:42 - 00001089 _____ () C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Opera.lnk 2014-09-21 14:41 - 2014-10-06 07:43 - 00000000 ____D () C: \ Program Files \ Yawtix 2014-09- 21 14:39 - 2014-09-21 14:40 - 07300840 _____ () C: \ Users \ RH2708 \ Desktop \ MyPhoneExplorer_Setup_1.8.6.exe 2014-09-21 14:39 - 2014-09-21 14:39 - 00002189 _____ () C: \ Users \ RH \ Desktop \ Google Chrome.lnk 2014-09-21 14:37 - 2014-10-06 07:42 - 00000000 ____D () C: \ Program Files \ SearchProtect 2014-09- 21 08:10 - 2014-09-26 18:41 - 00000000 ____D () C: \ Users \ RH \ AppData \ Local \ Adobe 2014-09-20 17:33 - 2014-09-26 16:37 - 00000000 ____D () C: \ Program Files \ Mozilla Firefox 2014-09-17 18:04 - 2014-09-17 18:04 - 00000000 ____D () C: \ Windows \ system32 \ Garmin 2014-09-17 18:02 - 2014 -08-19 19:39 - 00327872 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iedkcs32.dll 2014-09-17 18:02 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtml.dll 2014-09-17 18:02 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C: \ Window s \ system32 \ jscript9.dll 2014-09-17 18:02 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtml.tlb 2014-09-17 18:02 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieetwcollectorres.dll 2014-09-17 18:02 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C : \ Windows \ system32 \ vbscript.dll 2014-09-17 18:02 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iesetup.dll 2014-09-17 18: 02 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MshtmlDac.dll 2014-09-17 18:02 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation ) C: \ Windows \ system32 \ ieetwproxystub.dll 2014-09-17 18:02 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iertutil.dll 2014-09-17 18:02 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C: \ Windows \ system32 \ jsproxy.dll 2014-09-17 18:02 - 2014-08-18 23:39 - 00032768 _____ ( Microsoft Corporation) C: \ Wind ows \ system32 \ iernonce.dll 2014-09-17 18:02 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieui.dll 2014-09-17 18:02 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieUnatt.exe 2014-09-17 18:02 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C : \ Windows \ system32 \ ieetwcollector.exe 2014-09-17 18:02 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C: \ Windows \ system32 \ jscript9diag.dll 2014-09-17 18: 02 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MsSpellCheckingFacility.exe 2014-09-17 18:02 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation ) C: \ Windows \ system32 \ dxtmsft.dll 2014-09-17 18:02 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C: \ Windows \ system32 \ JavaScriptCollectionAgent.dll 2014-09-17 18:02 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msrating.dll 2014-09-17 18:02 - 2014-08-18 23:17 - 00243200 _____ ( Micr osoft Corporation) C: \ Windows \ system32 \ dxtrans.dll 2014-09-17 18:02 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtmled.dll 2014-09 -17 18:02 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieframe.dll 2014-09-17 18:02 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msfeeds.dll 2014-09-17 18:02 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C: \ Windows \ system32 \ inetcpl.cpl 2014 -09-17 18:02 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ie4uinit.exe 2014-09-17 18:02 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtmlmedia.dll 2014-09-17 18:02 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wininet. dll 2014-09-17 18:02 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C: \ Windows \ system32 \ urlmon.dll 2014-09-17 18:02 - 2014-08-18 22 : 36 - 00678400 _____ (Microsoft Corporat ion) C: \ Windows \ system32 \ ieapfltr.dll 2014-09-17 18:00 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msmpeg2vdec.dll 2014-09- 17 17:40 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C: \ Windows \ system32 \ lsasrv.dll 2014-09-17 17:40 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C: \ Windows \ system32 \ kerberos.dll 2014-09-17 17:37 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C: \ Windows \ system32 \ TSWorkspace.dll 2014- 09-17 17:37 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C: \ Windows \ system32 \ d3d10warp.dll 2014-09-06 08:38 - 2014-09-06 08:38 - 00001171 _____ () C: \ Users \ RH2708 \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ WavePad Audio-Editor.lnk 2014-09-06 08:38 - 2014-09-06 08:38 - 00001167 _____ () C: \ Users \ RH2708 \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ MixPad Audiodatei-Mixer.lnk 2014-09-06 08:38 - 2014-09-06 08:38 - 00001159 _____ () C: \ Users \ RH2708 \ AppData \ Roaming \ Microsoft \ Wind ows \ Start Menu \ Programs \ Prism Video File Converter.lnk 2014-09-06 08:38 - 2014-09-06 08:38 - 00000000 ____D () C: \ Users \ RH2708 \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Video-Related Programs 2014-09-06 08:38 - 2014-09-06 08:38 - 00000000 ____D () C: \ ProgramData \ NCH Software 2014-09-06 08:37 - 2014-09-06 08:45 - 00000000 ____D () C: \ Users \ RH2708 \ AppData \ Roaming \ NCH Software 2014-09-06 08:37 - 2014-09-06 08:37 - 00001175 _____ () C: \ Users \ RH2708 \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Switch Audiodatei-Converter.lnk 2014-09-06 08:37 - 2014-09-06 08:37 - 00000000 ____D () C: \ Users \ RH2708 \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ NCH Software product range 2014-09-06 08:37 - 2014-09-06 08:37 - 00000000 ____D () C: \ Users \ RH2708 \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Audio Related Programs ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist , the file \ folder will be moved.) 2014 -10-06 11:05 - 2014-05-18 16:47 - 00000884 _____ () C: \ Windows \ Tasks \ Adobe Flash Player Updater.job 2014-10-06 10:48 - 2014-02-13 19: 48 - 00000296 _____ () C: \ Windows \ Tasks \ Digital Sites.job 2014-10-06 10:46 - 2013-07-02 04:46 - 00000290 _____ () C: \ Windows \ Tasks \ DSite.job 2014 -10-06 10:42 - 2014-08-19 11:32 - 00001090 _____ () C: \ Windows \ Tasks \ GoogleUpdateTaskMachineUA.job 2014-10-06 06:22 - 2013-07-29 17:46 - 00000204 _____ () C: \ Users \ RH2708 \ AppData \ Roaming \ WB.CFG 2014-10-06 05:00 - 2009-07-14 04:04 - 00000615 _____ () C: \ Windows \ win.ini 2014-10 -06 04:58 - 2010-11-20 23:01 - 01619284 _____ () C: \ Windows \ system32 \ PerfStringBackup.INI 2014-10-06 04:58 - 2009-07-14 06:34 - 00021648 ____H ( ) C: \ Windows \ system32 \ 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-06 04:58 - 2009-07-14 06:34 - 00021648 ____H () C: \ Windows \ system32 \ 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-06 04:55 - 2013-04-20 18:33 - 01905385 _____ () C: \ Windows \ WindowsUpdate.log 2014-10-06 04:50 - 2014-08-19 11:32 - 00001086 _____ () C: \ Windows \ Tasks \ GoogleUpdateTaskMachineCore.job 2014-10-06 04: 50 - 2014-01-05 14:20 - 00042769 _____ () C: \ Windows \ setupact.log 2014-10-06 04:50 - 2013-04-20 20:13 - 00000000 ____D () C: \ ProgramData \ NVIDIA 2014-10-06 04:50 - 2010-11-20 23:48 - 00100016 _____ () C: \ Windows \ PFRO.log 2014-10-06 04:50 - 2009-07-14 06:53 - 00032632 _____ () C: \ Windows \ Tasks \ SCHEDLGU.TXT 2014-10-06 04:50 - 2009-07-14 06:53 - 00000006 ____H () C: \ Windows \ Tasks \ SA.DAT 2014-10-05 20:05 - 2013-05-17 22:16 - 00000000 ____D () C: \ Users \ RH2708 \ AppData \ Roaming \ MyPhoneExplorer 2014-09-27 19:18 - 2009-07-14 04:37 - 00000000 ____D ( ) C: \ Windows \ rescache 2014-09-27 15:50 - 2013-10-26 19:18 - 00000000 ____D () C: \ Users \ RH2708 \ AppData \ Roaming \ vlc 2014-09-26 18:54 - 2013-04-21 10:46 - 00000000 ____D () C: \ Users \ RH2708 2014-09-26 18:41 - 2013-05-24 05:46 - 00000000 ____D () C: \ Program Files \ Common Files \ Adobe AIR 2014-09-26 16:37 - 2014-02-02 14:19 - 00000000 ____D () C: \ Program Files \ Mozilla Maintenance Service 2014-09-26 11:05 - 2014-04-04 19:14 - 00701104 _____ (Adobe Systems Incorporated) C: \ Windows \ system32 \ FlashPlayerApp.exe 2014-09-26 11:05 - 2014-04-04 19:14 - 00071344 _____ (Adobe Systems Incorporated) C: \ Windows \ system32 \ FlashPlayerCPLApp.cpl 2014-09-23 20: 37 - 2009-07-14 04:37 - 00000000 ____D () C: \ Windows \ system32 \ de-DE 2014-09-22 08:41 - 2013-04-20 18:45 - 00231568 ____N (Microsoft Corporation) C : \ Windows \ system32 \ MpSigStub.exe 2014-09-21 14:44 - 2013-05-17 22:16 - 00000000 ____D () C: \ Program Files \ MyPhoneExplorer 2014-09-21 14:39 - 2014-08 -19 11:32 - 00000000 ____D () C: \ Users \ RH \ AppData \ Local \ Google 2014-09-18 18:08 - 2009-07-14 04:37 - 00000000 ____D () C: \ Windows \ Microsoft .NET 2014-09-17 19:38 - 2013-04-21 01:06 - 00000000 ____D () C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Microsoft Office 2013 2014-09-17 19:38 - 2013-04-21 01:00 - 00000000 ____D () C: \ ProgramData \ Microsoft Help 2 014-09-17 17:59 - 2013-08-24 09:35 - 00000000 ____D () C: \ Windows \ system32 \ MRT 2014-09-17 17:48 - 2013-04-20 19:22 - 98758480 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MRT.exe 2014-09-17 17:48 - 2013-04-20 18:43 - 00002117 _____ () C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Microsoft Security Essentials.lnk 2014-09-17 17:48 - 2013-04-20 18:43 - 00001912 _____ () C: \ Windows \ epplauncher.mif 2014-09-17 17:47 - 2013-04-20 18 : 43 - 00000000 ____D () C: \ Program Files \ Microsoft Security Client 2014-09-10 20:19 - 2013-04-28 07:47 - 00000000 ____D () C: \ ProgramData \ TEMP 2014-09-10 19 : 26 - 2013-10-29 10:22 - 00002834 _____ () C: \ Users \ RH2708 \ AppData \ Roaming \ SAS7_000.DAT Some content of TEMP: =============== ===== C: \ Users \ RH \ AppData \ Local \ Temp \ ICReinstall_clonedvd.exe C: \ Users \ RH \ AppData \ Local \ Temp \ nsdE9F7.exe C: \ Users \ RH \ AppData \ Local \ Temp \ nse1B80.exe C: \ Users \ RH \ AppData \ Local \ Temp \ nseBAEA.exe C: \ Users \ RH \ AppData \ Local \ Temp \ nseBD03.exe C: \ Users \ RH \ AppData \ Local \ Temp \ nsj2428. exe C: \ Users \ RH \ AppData \ Local \ Temp \ nsjB1DB.exe C: \ Users \ RH \ AppData \ Local \ Temp \ nvSCPAPI.dll C: \ Users \ RH \ AppData \ Local \ Temp \ nvStInst.exe C: \ Users \ RH \ AppData \ Local \ Temp \ nvstlink.exe C: \ Users \ RH2708 \ AppData \ Local \ Temp \ mp3el.exe C: \ Users \ RH2708 \ AppData \ Local \ Temp \ mpsetup.exe C: \ Users \ RH2708 \ AppData \ Local \ Temp \ oggenc.exe C: \ Users \ RH2708 \ AppData \ Local \ Temp \ prismsetup.exe C: \ Users \ RH2708 \ AppData \ Local \ Temp \ vlc-2.1.5-win32.exe C: \ Users \ RH2708 \ AppData \ Local \ Temp \ wpsetup.exe ==================== Bamital & volsnap Check ========== ======= (There is no automatic fix for files that do not pass verification.) C: \ Windows \ explorer.exe => File is digitally signed C: \ Windows \ system32 \ winlogon.exe => File is digitally signed C: \ Windows \ system32 \ wininit.exe => File is digitally signed C: \ Windows \ system32 \ svchost.exe => File is digitally signed C: \ Windows \ system32 \ services.exe => File is digitally signed C: \ Windows \ system32 \ User32.dll => File is digitally signed C: \ Windows \ system32 \ userinit.exe => File is d igitally signed C: \ Windows \ system32 \ rpcss.dll => File is digitally signed C: \ Windows \ system32 \ Drivers \ volsnap.sys => File is digitally signed ============== ====== End Of Log =============================
--- --- ---

--- --- ---