Hi, sorry but I just want to let you know that I won't be on my PC until tuesday - not that you think that I am gone for good ;-)
thank's for all the help so far!
so long!
Hi, sorry but I just want to let you know that I won't be on my PC until tuesday - not that you think that I am gone for good ;-)
thank's for all the help so far!
so long!
Hi novfan
Ok!! No problem
Hi! I'm back. Here is the first part of the OTL.txt file:
OTL logfile created on: 05.03.2013 09:00:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris Novak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 66,36% Memory free
7,93 Gb Paging File | 6,37 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 68,40 Gb Free Space | 31,35% Space Free | Partition Type: NTFS
Computer Name: CHRISNOVAK-PC | User Name: Chris Novak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Chris Novak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
========== Services (SafeList) ==========
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CryptOSD) -- C:\Windows\SysNative\drivers\CryptOSD.sys (Phoenix Technologies)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?so...6551512134D5A4
IE - HKCU\..\SearchScopes,DefaultScope = {793C1E1A-528F-4323-8EF2-00F4CAC48E8A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{793C1E1A-528F-4323-8EF2-00F4CAC48E8A}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_41: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_41: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.10 12:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.22 09:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 22:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.02.22 13:34:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.10 12:34:08 | 000,000,000 | ---D | M]
[2009.12.27 22:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Extensions
[2009.12.27 22:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.17 19:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions
[2013.02.17 19:51:59 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.02.17 19:52:02 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.02.23 20:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.13 21:07:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.22 10:36:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://securesearch.lavasoft.com/?so...6551512134D5A4
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U41 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 6.0.410.2 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.03.01 17:38:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632DD7E9-34B8-460E-80C0-5646C13BBD4B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.03.02 19:49:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Novak\Desktop\OTL.exe
[2013.03.02 19:37:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.02 09:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.02 09:31:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.02 09:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.01 20:23:08 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Local\adawarebp
[2013.03.01 17:19:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.01 17:19:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.01 17:19:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.01 17:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.01 17:11:02 | 005,035,876 | R--- | C] (Swearware) -- C:\Users\Chris Novak\Desktop\ComboFix.exe
[2013.03.01 16:15:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.01 16:14:04 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.01 15:15:55 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Chris Novak\Desktop\JRT.exe
[2013.03.01 11:06:53 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\tdsskiller
[2013.02.27 16:58:51 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 16:58:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 16:58:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 16:58:51 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 16:58:39 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 16:58:39 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 16:58:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 16:58:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 16:58:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 16:58:28 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 16:58:28 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 16:58:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 16:58:28 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 16:58:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 16:58:28 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 16:58:27 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 16:58:27 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 16:58:26 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 16:58:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 16:58:26 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 16:58:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 16:58:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 16:58:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 16:58:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 16:58:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 16:58:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 16:58:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 16:58:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 16:58:23 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 16:58:23 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 16:58:23 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 16:58:23 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 16:58:23 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 16:58:22 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 16:58:21 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 16:58:21 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 16:58:21 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 16:58:20 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 16:58:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.27 16:58:19 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 16:58:19 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.24 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\dds
[2013.02.24 09:42:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Chris Novak\Desktop\aswMBR.exe
[2013.02.23 20:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.23 19:42:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013.02.23 19:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.02.23 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013.02.23 19:28:40 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris Novak\Desktop\dds.scr
[2013.02.22 10:36:28 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 10:36:28 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 10:36:28 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013.02.22 10:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.22 10:33:52 | 000,544,688 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2013.02.22 10:33:52 | 000,526,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2013.02.22 10:33:52 | 000,193,968 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2013.02.22 10:33:52 | 000,172,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2013.02.22 10:33:52 | 000,172,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2013.02.22 10:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.22 10:25:13 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Local\Secunia PSI
[2013.02.22 10:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.02.22 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\inf
[2013.02.22 09:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.02.22 09:12:19 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.02.22 09:12:16 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.02.22 09:12:09 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.02.22 09:12:07 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.02.22 09:12:04 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.02.22 09:12:02 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.02.22 09:11:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.02.22 09:11:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013.02.21 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Documents\ProcAlyzer Dumps
[2013.02.21 15:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.21 15:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.21 15:05:53 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.02.21 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.21 09:43:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.02.21 09:43:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.02.21 09:43:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.02.21 09:43:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.02.21 09:43:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.02.21 09:43:52 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.02.21 09:43:52 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.02.21 09:43:52 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.02.21 09:43:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.02.21 09:43:52 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.02.21 09:43:52 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.02.21 09:43:52 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.02.21 09:43:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.02.21 09:43:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.02.21 09:43:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.02.21 09:43:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.02.21 09:43:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.02.21 09:43:52 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.02.21 09:43:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.02.21 09:43:51 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.02.21 09:43:51 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.02.21 09:43:51 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.02.21 09:43:51 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.02.21 09:43:51 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.02.21 09:18:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.02.21 09:18:32 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.02.21 09:18:30 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.02.20 16:04:58 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013.02.19 17:52:44 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.02.19 17:52:44 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.02.19 17:52:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.02.19 17:52:35 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2013.02.19 17:52:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.02.19 17:52:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.02.19 17:52:26 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.02.19 17:52:26 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.02.19 17:52:26 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.02.19 17:52:26 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.02.19 17:52:26 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.02.19 17:52:26 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.02.19 17:52:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.02.19 17:52:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.02.19 17:52:26 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.02.19 17:52:26 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.02.19 17:52:26 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.02.19 17:52:26 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.02.19 17:52:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.02.19 17:52:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.02.19 17:52:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.02.19 17:52:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.02.19 17:52:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.02.19 17:52:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.02.19 17:52:25 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.02.19 17:52:25 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.02.19 17:52:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.02.19 17:52:25 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.02.19 17:52:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.02.19 17:52:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.02.19 17:52:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.02.19 17:52:23 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.02.19 17:52:23 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.02.19 17:52:23 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.02.19 17:52:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.02.19 17:52:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.02.19 17:52:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013.02.19 17:52:06 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013.02.19 17:52:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.02.19 17:52:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013.02.19 17:52:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013.02.19 17:52:05 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013.02.19 17:52:05 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013.02.19 17:52:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013.02.19 17:51:58 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.02.19 17:51:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.19 17:51:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.19 17:51:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.19 17:51:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.19 17:51:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.19 17:51:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.19 17:51:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.19 17:51:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.19 17:51:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.19 17:51:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.19 17:51:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.19 17:51:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.19 17:51:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.19 17:51:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.19 17:51:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.19 17:51:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.19 17:51:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.19 17:51:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.19 17:51:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.19 17:51:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.19 17:51:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.19 17:51:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.19 17:51:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.19 17:51:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.19 17:51:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.19 17:51:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.19 17:51:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.19 17:51:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.19 17:51:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.19 17:51:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.19 17:51:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.19 17:51:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.19 17:51:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.19 17:51:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.19 17:51:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.19 17:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.19 17:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.19 17:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.19 17:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.19 17:51:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.19 17:51:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.19 17:51:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.19 17:51:21 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.02.19 17:48:45 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2013.02.19 17:47:30 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Roaming\Malwarebytes
[2013.02.19 17:37:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013.02.19 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.19 17:36:58 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Local\Programs
[2013.02.19 11:04:36 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.19 11:04:36 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.17 20:05:39 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys
[2013.02.17 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.02.17 19:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.02.17 19:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.02.17 19:44:20 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.02.17 19:44:20 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Roaming\LavasoftStatistics
[2013.02.16 10:51:28 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013.02.16 10:51:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.02.16 10:50:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013.02.16 10:50:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013.02.16 10:50:27 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013.02.16 10:50:26 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013.02.16 10:49:30 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.02.16 10:49:30 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.02.16 10:49:29 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.02.16 10:49:28 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.02.16 10:49:28 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.02.16 10:49:27 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.02.16 10:49:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.02.16 10:49:26 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.02.16 10:49:26 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.02.16 10:49:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013.02.16 10:49:26 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.02.16 10:49:25 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.02.16 10:49:25 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013.02.16 10:49:21 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2013.02.16 10:46:57 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013.02.16 10:46:57 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013.02.14 00:20:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 00:20:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 00:20:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 00:20:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 00:20:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 00:20:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 00:20:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 00:20:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 00:20:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 00:20:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 00:20:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 00:20:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 00:20:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 00:20:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 00:20:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 21:09:26 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 21:09:24 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 21:09:23 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 21:08:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 21:08:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 21:08:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 21:08:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 21:08:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 21:08:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 21:08:13 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 21:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Roaming\Runscanner.net
[2013.02.13 10:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.13 10:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.10 18:00:58 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\DISS - Workshop
[2009.12.01 00:20:15 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Chris Novak\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Users\Chris Novak\Desktop\*.tmp files -> C:\Users\Chris Novak\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.05 09:08:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.05 08:04:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 08:04:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 07:58:21 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.05 07:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 07:55:32 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 23:24:05 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.04 23:24:05 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.02 19:50:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Novak\Desktop\OTL.exe
[2013.03.02 09:31:08 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.01 23:50:12 | 000,139,264 | ---- | M] () -- C:\Users\Chris Novak\Desktop\SystemLook.exe
[2013.03.01 17:38:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.01 17:11:48 | 005,035,876 | R--- | M] (Swearware) -- C:\Users\Chris Novak\Desktop\ComboFix.exe
[2013.03.01 15:16:24 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Chris Novak\Desktop\JRT.exe
[2013.03.01 14:51:09 | 000,594,019 | ---- | M] () -- C:\Users\Chris Novak\Desktop\AdwCleaner.exe
[2013.03.01 14:12:37 | 468,520,638 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.01 11:23:12 | 000,021,217 | ---- | M] () -- C:\Users\Chris Novak\Desktop\TDSS log file.zip
[2013.03.01 11:05:07 | 002,218,636 | ---- | M] () -- C:\Users\Chris Novak\Desktop\tdsskiller.zip
[2013.02.28 14:59:46 | 000,029,789 | ---- | M] () -- C:\Users\Chris Novak\Desktop\036_dipl_stellungnahme.pdf
[2013.02.27 11:40:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.27 11:40:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.27 11:40:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.27 11:40:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.27 11:40:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.24 17:07:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Chris Novak\Desktop\aswMBR.exe
[2013.02.23 20:14:46 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.23 19:42:16 | 000,000,907 | ---- | M] () -- C:\Users\Chris Novak\Desktop\ERUNT.lnk
[2013.02.23 19:28:43 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris Novak\Desktop\dds.scr
[2013.02.22 17:50:47 | 000,030,863 | ---- | M] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details 1.pdf
[2013.02.22 17:47:51 | 000,064,602 | ---- | M] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details.pdf
[2013.02.22 10:37:52 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 10:36:21 | 000,158,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2013.02.22 10:36:21 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013.02.22 10:36:20 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.22 10:36:20 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.22 10:36:20 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2013.02.22 10:33:42 | 000,544,688 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll
[2013.02.22 10:33:42 | 000,526,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2013.02.22 10:33:42 | 000,193,968 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2013.02.22 10:33:42 | 000,172,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2013.02.22 10:33:42 | 000,172,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2013.02.22 10:19:04 | 000,000,160 | ---- | M] () -- C:\Windows\MyDrivers.ini
[2013.02.22 09:12:20 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.02.22 09:12:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.02.21 15:06:01 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.20 08:50:33 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.20 08:30:04 | 000,431,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.19 10:04:04 | 000,050,039 | ---- | M] () -- C:\Users\Chris Novak\Desktop\asd.adr
[2013.02.17 19:44:20 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2 C:\Users\Chris Novak\Desktop\*.tmp files -> C:\Users\Chris Novak\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.02 09:31:08 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.01 23:50:08 | 000,139,264 | ---- | C] () -- C:\Users\Chris Novak\Desktop\SystemLook.exe
[2013.03.01 17:19:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.01 17:19:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.01 17:19:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.01 17:19:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.01 17:19:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.01 14:50:57 | 000,594,019 | ---- | C] () -- C:\Users\Chris Novak\Desktop\AdwCleaner.exe
[2013.03.01 11:22:48 | 000,021,217 | ---- | C] () -- C:\Users\Chris Novak\Desktop\TDSS log file.zip
[2013.03.01 11:04:59 | 002,218,636 | ---- | C] () -- C:\Users\Chris Novak\Desktop\tdsskiller.zip
[2013.02.28 14:59:45 | 000,029,789 | ---- | C] () -- C:\Users\Chris Novak\Desktop\036_dipl_stellungnahme.pdf
[2013.02.23 20:14:46 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.23 19:42:16 | 000,000,907 | ---- | C] () -- C:\Users\Chris Novak\Desktop\ERUNT.lnk
[2013.02.22 17:50:46 | 000,030,863 | ---- | C] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details 1.pdf
[2013.02.22 10:37:52 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 10:25:05 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.02.22 10:19:04 | 000,000,160 | ---- | C] () -- C:\Windows\MyDrivers.ini
[2013.02.22 09:12:20 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.02.21 15:06:01 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.21 15:06:01 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.20 16:36:11 | 000,064,602 | ---- | C] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details.pdf
[2013.02.20 08:50:33 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.20 08:50:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.19 10:04:04 | 000,050,039 | ---- | C] () -- C:\Users\Chris Novak\Desktop\asd.adr
[2013.02.16 10:51:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.16 10:50:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.20 23:24:02 | 000,000,362 | ---- | C] () -- C:\Users\Chris Novak\AppData\Roaming\wklnhst.dat
[2012.11.10 20:55:11 | 000,033,930 | ---- | C] () -- C:\Users\Chris Novak\Tractatus.png
[2012.09.20 12:13:15 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2012.09.20 11:31:41 | 000,186,071 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012.09.20 11:31:41 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012.08.11 14:43:56 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012.08.08 13:00:06 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012.08.08 12:41:07 | 000,245,234 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.08.08 12:41:07 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.02.18 09:19:42 | 023,360,000 | ---- | C] () -- C:\Users\Chris Novak\Livestation-3.2.0.msi
[2012.01.11 09:43:33 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.08.08 22:34:19 | 000,026,812 | ---- | C] () -- C:\Users\Chris Novak\North America.torrent
[2011.06.21 18:09:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2011.06.09 21:23:13 | 000,037,196 | ---- | C] () -- C:\Users\Chris Novak\Wohnzimmer1.jpg
[2011.06.09 21:23:13 | 000,032,634 | ---- | C] () -- C:\Users\Chris Novak\U-Schrank3.jpg
[2011.06.09 21:23:12 | 000,035,160 | ---- | C] () -- C:\Users\Chris Novak\TVklein1.jpg
[2011.06.09 21:23:11 | 000,030,867 | ---- | C] () -- C:\Users\Chris Novak\Spiegelschränke.jpg
[2011.06.09 21:23:11 | 000,028,203 | ---- | C] () -- C:\Users\Chris Novak\Rollschrank.jpg
[2011.06.09 21:23:10 | 000,035,312 | ---- | C] () -- C:\Users\Chris Novak\Nachtk.2.jpg
[2011.06.09 21:23:09 | 000,034,996 | ---- | C] () -- C:\Users\Chris Novak\Essgarnitur1.jpg
[2011.06.09 21:23:09 | 000,033,883 | ---- | C] () -- C:\Users\Chris Novak\Kniesessel.jpg
[2011.06.09 21:23:08 | 000,035,447 | ---- | C] () -- C:\Users\Chris Novak\Eckgarnitur2.jpg
[2011.06.09 21:23:08 | 000,034,726 | ---- | C] () -- C:\Users\Chris Novak\Eckgarnitur1.jpg
[2011.06.09 21:23:07 | 000,032,361 | ---- | C] () -- C:\Users\Chris Novak\Betten1.jpg
[2011.06.09 21:23:07 | 000,029,681 | ---- | C] () -- C:\Users\Chris Novak\Büro1.jpg
[2011.06.09 21:23:06 | 000,043,113 | ---- | C] () -- C:\Users\Chris Novak\Bad.JPG
[2011.06.09 21:22:26 | 000,039,324 | ---- | C] () -- C:\Users\Chris Novak\Wohnzimmer3.jpg
[2011.05.27 10:01:46 | 000,181,012 | ---- | C] () -- C:\Windows\hpoins13.dat
[2011.05.27 10:01:46 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2011.05.10 12:29:26 | 000,221,022 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011.05.10 12:29:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011.05.08 09:36:16 | 001,033,347 | ---- | C] () -- C:\Users\Chris Novak\Leviathan_1.jpg
[2010.01.02 00:10:09 | 029,816,832 | ---- | C] () -- C:\Users\Chris Novak\VeraFarmiga_DownToTheBone_DVD_.01.nn.avi
[2009.12.31 15:19:52 | 000,041,628 | ---- | C] () -- C:\Users\Chris Novak\etp-pin1.jpg
[2009.12.31 13:06:32 | 000,032,699 | ---- | C] () -- C:\Users\Chris Novak\obama symbol.jpg
[2009.12.30 16:37:53 | 000,675,615 | ---- | C] () -- C:\Users\Chris Novak\Obama_portrait_crop.jpg
[2009.12.30 16:37:04 | 000,029,727 | ---- | C] () -- C:\Users\Chris Novak\obama.jpg
[2009.12.15 17:51:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.11.11 15:43:43 | 000,007,653 | ---- | C] () -- C:\Users\Chris Novak\AppData\Local\Resmon.ResmonCfg
[2009.10.31 12:17:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Chris Novak\AppData\Roaming\MafiaSetup.exe
========== ZeroAccess Check ==========
[2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.06.23 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Audacity
[2009.11.15 11:09:59 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\DAEMON Tools Lite
[2013.02.16 10:43:56 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Dropbox
[2011.10.23 13:06:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Exif Viewer
[2012.06.23 09:08:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\FreeAudioPack
[2009.12.27 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Livestation
[2009.12.27 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Mchid
[2012.07.15 18:52:27 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\MxBoost
[2012.06.16 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Need for Speed World
[2013.02.02 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Opera
[2011.05.08 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\PCDr
[2011.08.09 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\ROUTE 66 Sync
[2013.02.13 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Runscanner.net
[2012.11.05 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Swiss Academic Software
[2012.12.20 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Template
[2009.12.06 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\The Creative Assembly
[2009.12.27 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Thunderbird
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009.08.03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SERVICES.EXE >
[2009.07.14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009.07.14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010.11.20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500BEVT-75ZCT2 ATA Device
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39,00MB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15,00GB
Starting Offset: 41126400
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 218,00GB
Starting Offset: 15769766400
Hidden sectors: 0
< End of report >
Extras.txt
OTL Extras logfile created on: 05.03.2013 09:00:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris Novak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 66,36% Memory free
7,93 Gb Paging File | 6,37 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 68,40 Gb Free Space | 31,35% Space Free | Partition Type: NTFS
Computer Name: CHRISNOVAK-PC | User Name: Chris Novak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDC7AEE-881B-48DF-8449-96E35CF548E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{0FB619EE-929E-4949-BBA1-00065C902ED5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{155B763A-8B5F-427B-9EE9-9672DB53FD15}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F94125F-4706-4F3F-8A03-A7F5AEE929DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{22798D04-136C-4098-8941-1AE0B72CF14F}" = lport=138 | protocol=17 | dir=in | app=system |
"{254F127A-F29E-4672-8061-2C4BC96037A8}" = lport=137 | protocol=17 | dir=in | app=system |
"{2BFE9AF9-3867-4273-B668-A154F5A07D18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D8DE75C-8AE4-4D2F-9401-D9F923C7B961}" = rport=445 | protocol=6 | dir=out | app=system |
"{3344D9B6-D4F1-4BFB-89E7-811357AFE003}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3CB6A8C6-AA59-4EBC-A848-494AD913E5B6}" = rport=139 | protocol=6 | dir=out | app=system |
"{40388CEB-8FBC-44C7-BBED-99D750916607}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BCC23D0-824E-4F15-BFA9-487A01B26ED0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69C328F1-AA5E-48B5-B733-6E36E8E91235}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A8703DE-BBF6-4B58-8911-D1E42E27C3F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{791940DB-E6C7-49B4-B5E3-AD27541833A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{864EF917-C9C7-4EB5-9D12-EAE62A4CE911}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F840B20-948C-4630-A592-71F673BE1141}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A907513B-2955-433B-9E79-D9CF24ED2F5A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AFC207A1-057E-4852-9662-D96906C6039E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAE9374F-3AAC-45A5-B87B-955FD8BA1EF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC21E51B-916E-44F3-B3D8-4F1C2BD0B20C}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB56FC98-5F1C-4876-BE56-91EBACA73C8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6C9F88C-C2FE-4276-BF0A-C9857C6EAE97}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{F03AC7AC-583F-475B-BCA9-0F5AD88D9D92}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC0796FD-074F-43C2-8DB4-A9FC74C42829}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0357E180-1EB5-4823-8DF9-FB4BDD1654BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0A36BD93-E64D-4D24-AAA2-11CE808F4248}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{0A709832-296D-450B-8557-D9C4801B84E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B9CD836-8629-4642-A2F4-949C4B21F5D7}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{0BFEDD24-37C2-4C61-8EB1-B94AB3C77FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0F101210-4FE2-4B04-BE5F-9015FD09F61C}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{12F0177C-443F-49D3-A0C8-0A6404A33F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{15071301-26FA-4BF7-9CA3-69A509DC17A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{15B83E89-BE07-4F3A-9178-AED024B1D902}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{18651C38-755D-4D9A-82F8-34BD84D54FBA}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{1950F767-8A1B-472C-A44D-FAE5CC5DC9D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D0DAB26-D7CB-4708-81C4-15576556C606}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{20A14A04-8443-4958-8797-E407401B47B8}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper.exe |
"{261F9C1C-D129-4600-8D11-CBAB31F17D9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{2AABC5A8-B370-4C47-BB70-BB55DCF755C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{30290194-39ED-4191-814A-A4AE8405F14C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{307E7220-1657-47A7-B044-7599753C9C3B}" = protocol=17 | dir=in | app=c:\users\chris novak\appdata\local\temp\7zs2a33\hppiw.exe |
"{31B5543F-B07B-4452-B937-3F8BF091E5C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31BAB83B-A6FC-4AD1-AF9E-3351B4560DE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{37A64E20-3F4F-4C8E-B297-10D7858A6E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{386DEC60-0475-4F01-8C2E-89CCC1552C93}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3E502B65-B066-41C6-85F4-4680418F49BA}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{3F1B7BFD-66A9-4C72-9EA1-5F91E8FFB4A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{436698AB-6E43-4EB0-BF91-CBBE174FBE74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{aa6f009f-0ccd-4dd6-a462-28419c101d54}\setup\hpznui40.exe |
"{46CECF51-167E-4C9D-AAD3-2359C49040B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4CFBF4AB-3A5A-46B7-86E7-72CE7543D161}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4E3715BB-97FD-4131-9ADC-E1E7C1D14C5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{587B72F7-964C-4E85-8A61-25CE75382F19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F14D3D3-AEC3-4193-8B67-6E10305D7888}" = protocol=6 | dir=out | app=system |
"{63792210-5EE9-46DC-BAF3-AF2AD90BD3EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{6405CCCC-3CF5-4887-8D5A-D1379228CE63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6C192B7F-5808-438A-8AEA-7BF58ADB7BD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{706DAD22-1F71-401A-A23D-66643EF79802}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{7A1EF966-EAB6-40C0-95A2-69DE0DEE47D3}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{7ECC5ED9-1294-49DE-B988-549A18A8AF01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{809F8DE5-E97B-4516-BA20-1E4AEE45A742}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{81691EFC-47C3-4648-A738-44E8B714C48C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{88761702-8EF8-41FD-8E98-45D3F6CC1138}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{8AE78723-3BAA-4AC5-8712-EB411BB2A3BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{94C3DA5A-02E9-412A-AFEC-8CA3901DCDA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94F866EB-0100-44EF-8A6D-3F80A3E22FDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{96505291-7980-4F95-8CD1-1D3AC9E83E0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{97B317DD-7CD1-4FFD-B133-8213DEFBC511}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{981A554E-FD9E-4C38-A84F-F52EC228C34C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A1D1086-A67B-4859-BECF-3E58F09F5DC0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB502200-4996-4453-B9C5-D87770F776AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2948D65-0F75-43C7-AB34-DFCFAE5700C9}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{B7A53DB9-4A61-434C-B4D9-FFC9D7E13E82}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD87DD33-CEA6-4A0B-8A51-DEDFF6682BFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{C02C20A0-88F5-44E1-9807-A22D815FF077}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{C5418746-5BB5-461C-A0BD-CF1604E2A1A5}" = protocol=6 | dir=in | app=c:\users\chris novak\appdata\local\temp\7zs2a33\hppiw.exe |
"{C68CF271-9A74-4807-8B75-C11CFE7A2679}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C917F1F1-DF32-49BB-B0A9-C89F8C4FF6A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C9F50667-FBE2-4B5C-AF9F-FB9605C1368C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CDCE1802-3B1A-4FF7-807D-CB01FC78342C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D055CBAD-BAAD-440A-9EC9-4775852E69DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D0D7862D-4E05-4F54-ADB6-81412B32C5B0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D10E785C-BE8C-470B-9724-2C4B92E16770}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\opera.exe |
"{D49680B2-9C09-41E2-BABF-0BEED677D344}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D6279283-5DAF-4D2D-9198-3CB6351F18DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDCE2F62-01B4-48F8-8D0A-7CBAFE0FCCE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{E04FADD4-6218-408C-80D3-9523AE74DFF3}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper_32.exe |
"{E4F6F6A9-A416-4EBA-9898-E360FBFACC8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBA63CA2-8D75-46D4-9954-52BB12903666}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EBCAA67B-4015-4812-8EDB-56111B7DFDD6}" = protocol=6 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper.exe |
"{F129D79C-C269-4022-9754-EA497E8F45EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3EF1E1B-4F22-4AF9-9E9C-ED403B6DD26A}" = protocol=17 | dir=in | app=c:\program files (x86)\operanew\pluginwrapper\opera_plugin_wrapper_32.exe |
"{F5DCA2BD-1AFE-49EC-B1AF-7DA4F2D28EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F8CD931B-85D2-4B90-8810-5E39966771EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{FA9EFF7B-CB58-44D7-8E11-13B7181D4E81}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{FC024F60-943D-42F4-B987-FB73DA1299B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD1EB5A0-5C7E-400C-BFF8-D8605E46A3BF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FD655F00-ACFC-4753-A993-A01F6BE61351}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{EF3B5A7F-9665-4D34-96B1-F8D4FD67FED8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1166F75F-7B18-47FC-9F80-E69906FE7156}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{26A24AE4-039D-4CA4-87B4-2F86416041FF}" = Java(TM) 6 Update 41 (64-bit)
"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216041FF}" = Java(TM) 6 Update 41
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"7-Zip" = 7-Zip 9.20
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"Diablo II" = Diablo II
"EAX Unified" = EAX Unified
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Forte 3 Free" = Forte 3 - Free Edition
"Google Chrome" = Google Chrome
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"OpenAL" = OpenAL
"ScanToPDF" = ScanToPDF 3.2.0
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"VLC media player" = VLC media player 2.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.03.2013 16:22:53 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: hpqddcmn.dll, Version: 130.0.465.0,
Zeitstempel: 0x4ab6811f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000ede7 ID des fehlerhaften
Prozesses: 0x6f8 Startzeit der fehlerhaften Anwendung: 0x01ce16ba72e01a8e Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls:
c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll Berichtskennung: cb5129ae-82ad-11e2-b5e5-0026b90b12fb
Error - 01.03.2013 17:32:56 | Computer Name = ChrisNovak-PC | Source = RasClient | ID = 20227
Description =
Error - 01.03.2013 17:32:56 | Computer Name = ChrisNovak-PC | Source = RasClient | ID = 20227
Description =
Error - 01.03.2013 17:44:51 | Computer Name = ChrisNovak-PC | Source = RasClient | ID = 20227
Description =
Error - 01.03.2013 17:45:44 | Computer Name = ChrisNovak-PC | Source = RasClient | ID = 20227
Description =
Error - 02.03.2013 05:39:05 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2dfec Ausnahmecode: 0xc0000006 Fehleroffset: 0x00000000002f4737
ID
des fehlerhaften Prozesses: 0x548 Startzeit der fehlerhaften Anwendung: 0x01ce1727e521cef6
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\SHELL32.dll Berichtskennung: 05985461-831d-11e2-b550-0026b90b12fb
Error - 02.03.2013 05:39:05 | Computer Name = ChrisNovak-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\shell32.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern,
oder der Datenträger fehlt. Das Programm Windows-Explorer wurde wegen dieses Fehlers
geschlossen. Programm: Windows-Explorer Datei: C:\Windows\System32\shell32.dll Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
Error - 02.03.2013 14:29:35 | Computer Name = ChrisNovak-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 04.03.2013 19:31:59 | Computer Name = ChrisNovak-PC | Source = Windows Backup | ID = 4103
Description =
[ Dell Events ]
Error - 02.07.2011 07:39:21 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.07.2011 18:17:39 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 03.07.2011 18:17:40 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:16:40 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:16:40 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:21:27 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.10.2011 15:21:27 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 18.11.2011 10:57:56 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 18.11.2011 10:57:56 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 22.11.2011 18:07:58 | Computer Name = ChrisNovak-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ OSession Events ]
Error - 31.05.2011 09:55:54 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6625
seconds with 2880 seconds of active time. This session ended with a crash.
Error - 02.06.2011 06:57:44 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9081
seconds with 6540 seconds of active time. This session ended with a crash.
Error - 02.06.2011 07:00:24 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 139
seconds with 120 seconds of active time. This session ended with a crash.
Error - 26.08.2011 16:00:58 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 98381
seconds with 10260 seconds of active time. This session ended with a crash.
Error - 14.10.2011 11:32:42 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8933
seconds with 3840 seconds of active time. This session ended with a crash.
Error - 03.02.2013 06:31:28 | Computer Name = ChrisNovak-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 21.02.2013 11:42:29 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 21.02.2013 12:54:54 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 21.02.2013 18:47:53 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 22.02.2013 07:23:57 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 22.02.2013 10:48:48 | Computer Name = ChrisNovak-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 05.03.2013 05:30:12 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 05:30:12 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 05:30:12 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 06:03:22 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 06:03:22 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 06:03:22 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 06:03:22 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 06:18:51 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 06:18:51 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 05.03.2013 06:18:51 | Computer Name = ChrisNovak-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
< End of report >
Hi novfan
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::OTL O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. [2009.10.31 12:17:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat :Files ipconfig /flushdns /c :Commands [EMPTYFLASH] [REBOOT] [RESETHOSTS] [CREATERESTOREPOINT]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
Please let me know how your machine is running and if there are any outstanding issues
what should I run after reboot (the last point)? "Run Scan"?! with the default settings or the one's you've given me before (minimal output [which seems to be set as default now], LOP Check , Purity Check)...
Hi novfan
Ok, follow this;
- Open OTL again and click the Quick Scan button (don't check the boxes beside LOP Check or Purity this time)
- Post the OTL.txt log it produces in your next reply.
with this step i had some problems at first - when running it for the first time I realized that after hitting "quick scan" LOP and Purity were checked - I tried to uncheck them (didn't work) and abort the scan through closing OTL (didn't react either), however the scan went on. After a few minutes (I wasn't at the PC) I heard that it did a reboot - which it did after a blue screen as I found out. I wasn't sure if my attempts to close OTL etc. caused it so I restarted OTL and performed the scan again (at that time I realized that LOP and Purity were unchecked but became checked automatically after hitting quick scan - can't do nothing about it). This time, OTL was frequently "not repsonding" and finally crashed (no bluescreen; OS remained responsive) while checking Windows\SysWow64\appidapi.dll (it didn't react for about ten minutes).
However, I tried it again but this time I disabled avast and closed the running spybot processes - this time it worked without being "not responding" and was quite fast.
long story short: OTL.txt
OTL logfile created on: 06.03.2013 09:00:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris Novak\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,32% Memory free
7,93 Gb Paging File | 6,56 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 67,97 Gb Free Space | 31,15% Space Free | Partition Type: NTFS
Computer Name: CHRISNOVAK-PC | User Name: Chris Novak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Chris Novak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
========== Services (SafeList) ==========
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CryptOSD) -- C:\Windows\SysNative\drivers\CryptOSD.sys (Phoenix Technologies)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?so...6551512134D5A4
IE - HKCU\..\SearchScopes,DefaultScope = {793C1E1A-528F-4323-8EF2-00F4CAC48E8A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{793C1E1A-528F-4323-8EF2-00F4CAC48E8A}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=29F0915CBB3CB490816551512134D5A4"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_41: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_41: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.10 12:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.22 09:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 22:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.02.22 13:34:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.10 12:34:08 | 000,000,000 | ---D | M]
[2009.12.27 22:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Extensions
[2009.12.27 22:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.17 19:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions
[2013.02.17 19:51:59 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.02.17 19:52:02 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Chris Novak\AppData\Roaming\mozilla\Firefox\Profiles\lvhxxpoq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.02.23 20:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.13 21:07:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.22 10:36:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://securesearch.lavasoft.com/?so...6551512134D5A4
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U41 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 6.0.410.2 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Users\Chris Novak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.03.05 22:04:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_41)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632DD7E9-34B8-460E-80C0-5646C13BBD4B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EE49B25-97D6-4050-9F09-581613FFA54C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.05 22:04:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.02 19:49:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Novak\Desktop\OTL.exe
[2013.03.02 19:37:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.02 09:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.02 09:31:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.02 09:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.01 20:23:08 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Local\adawarebp
[2013.03.01 17:19:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.01 17:19:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.01 17:19:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.01 17:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.01 17:11:02 | 005,035,876 | R--- | C] (Swearware) -- C:\Users\Chris Novak\Desktop\ComboFix.exe
[2013.03.01 16:15:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.01 16:14:04 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.01 15:15:55 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Chris Novak\Desktop\JRT.exe
[2013.03.01 11:06:53 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\tdsskiller
[2013.02.24 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\dds
[2013.02.24 09:42:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Chris Novak\Desktop\aswMBR.exe
[2013.02.23 20:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.23 19:42:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013.02.23 19:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013.02.23 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013.02.23 19:28:40 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris Novak\Desktop\dds.scr
[2013.02.22 10:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.22 10:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.22 10:25:13 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Local\Secunia PSI
[2013.02.22 10:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.02.22 10:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\inf
[2013.02.22 09:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.02.22 09:12:19 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.02.22 09:12:16 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.02.22 09:12:09 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.02.22 09:12:07 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.02.22 09:12:04 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.02.22 09:12:02 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.02.22 09:11:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.02.22 09:11:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013.02.21 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Documents\ProcAlyzer Dumps
[2013.02.21 15:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.21 15:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.21 15:05:53 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.02.21 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.20 16:04:58 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013.02.19 17:47:30 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Roaming\Malwarebytes
[2013.02.19 17:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.19 17:36:58 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Local\Programs
[2013.02.17 20:05:39 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys
[2013.02.17 19:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.02.17 19:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.02.17 19:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.02.17 19:44:20 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.02.17 19:44:20 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Roaming\LavasoftStatistics
[2013.02.13 21:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.13 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\AppData\Roaming\Runscanner.net
[2013.02.13 10:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.13 10:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.10 18:00:58 | 000,000,000 | ---D | C] -- C:\Users\Chris Novak\Desktop\DISS - Workshop
[2009.12.01 00:20:15 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Chris Novak\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Users\Chris Novak\Desktop\*.tmp files -> C:\Users\Chris Novak\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.06 08:37:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 08:37:43 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 08:31:17 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.06 08:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 08:29:39 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.06 08:29:38 | 488,369,726 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.06 08:08:11 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.05 22:04:52 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.03.02 19:50:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Novak\Desktop\OTL.exe
[2013.03.02 09:31:08 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.01 23:50:12 | 000,139,264 | ---- | M] () -- C:\Users\Chris Novak\Desktop\SystemLook.exe
[2013.03.01 17:11:48 | 005,035,876 | R--- | M] (Swearware) -- C:\Users\Chris Novak\Desktop\ComboFix.exe
[2013.03.01 15:16:24 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Chris Novak\Desktop\JRT.exe
[2013.03.01 14:51:09 | 000,594,019 | ---- | M] () -- C:\Users\Chris Novak\Desktop\AdwCleaner.exe
[2013.03.01 11:23:12 | 000,021,217 | ---- | M] () -- C:\Users\Chris Novak\Desktop\TDSS log file.zip
[2013.03.01 11:05:07 | 002,218,636 | ---- | M] () -- C:\Users\Chris Novak\Desktop\tdsskiller.zip
[2013.02.28 14:59:46 | 000,029,789 | ---- | M] () -- C:\Users\Chris Novak\Desktop\036_dipl_stellungnahme.pdf
[2013.02.27 11:40:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.27 11:40:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.27 11:40:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.27 11:40:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.27 11:40:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.24 17:07:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Chris Novak\Desktop\aswMBR.exe
[2013.02.23 20:14:46 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.23 19:42:16 | 000,000,907 | ---- | M] () -- C:\Users\Chris Novak\Desktop\ERUNT.lnk
[2013.02.23 19:28:43 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris Novak\Desktop\dds.scr
[2013.02.22 17:50:47 | 000,030,863 | ---- | M] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details 1.pdf
[2013.02.22 17:47:51 | 000,064,602 | ---- | M] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details.pdf
[2013.02.22 10:37:52 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 10:19:04 | 000,000,160 | ---- | M] () -- C:\Windows\MyDrivers.ini
[2013.02.22 09:12:20 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.02.22 09:12:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.02.21 15:06:01 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.20 08:50:33 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.20 08:30:04 | 000,431,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.19 10:04:04 | 000,050,039 | ---- | M] () -- C:\Users\Chris Novak\Desktop\asd.adr
[2013.02.17 19:44:20 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2 C:\Users\Chris Novak\Desktop\*.tmp files -> C:\Users\Chris Novak\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.02 09:31:08 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.01 23:50:08 | 000,139,264 | ---- | C] () -- C:\Users\Chris Novak\Desktop\SystemLook.exe
[2013.03.01 17:19:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.01 17:19:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.01 17:19:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.01 17:19:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.01 17:19:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.01 14:50:57 | 000,594,019 | ---- | C] () -- C:\Users\Chris Novak\Desktop\AdwCleaner.exe
[2013.03.01 11:22:48 | 000,021,217 | ---- | C] () -- C:\Users\Chris Novak\Desktop\TDSS log file.zip
[2013.03.01 11:04:59 | 002,218,636 | ---- | C] () -- C:\Users\Chris Novak\Desktop\tdsskiller.zip
[2013.02.28 14:59:45 | 000,029,789 | ---- | C] () -- C:\Users\Chris Novak\Desktop\036_dipl_stellungnahme.pdf
[2013.02.23 20:14:46 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.23 19:42:16 | 000,000,907 | ---- | C] () -- C:\Users\Chris Novak\Desktop\ERUNT.lnk
[2013.02.22 17:50:46 | 000,030,863 | ---- | C] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details 1.pdf
[2013.02.22 10:37:52 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.22 10:25:05 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.02.22 10:19:04 | 000,000,160 | ---- | C] () -- C:\Windows\MyDrivers.ini
[2013.02.22 09:12:20 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.02.21 15:06:01 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.21 15:06:01 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.02.20 16:36:11 | 000,064,602 | ---- | C] () -- C:\Users\Chris Novak\Desktop\English - Journey Planner route details.pdf
[2013.02.20 08:50:33 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.20 08:50:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.19 10:04:04 | 000,050,039 | ---- | C] () -- C:\Users\Chris Novak\Desktop\asd.adr
[2013.02.16 10:51:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.16 10:50:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.20 23:24:02 | 000,000,362 | ---- | C] () -- C:\Users\Chris Novak\AppData\Roaming\wklnhst.dat
[2012.11.10 20:55:11 | 000,033,930 | ---- | C] () -- C:\Users\Chris Novak\Tractatus.png
[2012.09.20 12:13:15 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2012.09.20 11:31:41 | 000,186,071 | ---- | C] () -- C:\Windows\hpoins14.dat
[2012.09.20 11:31:41 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2012.08.11 14:43:56 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012.08.08 13:00:06 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012.08.08 12:41:07 | 000,245,234 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.08.08 12:41:07 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.02.18 09:19:42 | 023,360,000 | ---- | C] () -- C:\Users\Chris Novak\Livestation-3.2.0.msi
[2012.01.11 09:43:33 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.08.08 22:34:19 | 000,026,812 | ---- | C] () -- C:\Users\Chris Novak\North America.torrent
[2011.06.21 18:09:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2011.06.09 21:23:13 | 000,037,196 | ---- | C] () -- C:\Users\Chris Novak\Wohnzimmer1.jpg
[2011.06.09 21:23:13 | 000,032,634 | ---- | C] () -- C:\Users\Chris Novak\U-Schrank3.jpg
[2011.06.09 21:23:12 | 000,035,160 | ---- | C] () -- C:\Users\Chris Novak\TVklein1.jpg
[2011.06.09 21:23:11 | 000,030,867 | ---- | C] () -- C:\Users\Chris Novak\Spiegelschränke.jpg
[2011.06.09 21:23:11 | 000,028,203 | ---- | C] () -- C:\Users\Chris Novak\Rollschrank.jpg
[2011.06.09 21:23:10 | 000,035,312 | ---- | C] () -- C:\Users\Chris Novak\Nachtk.2.jpg
[2011.06.09 21:23:09 | 000,034,996 | ---- | C] () -- C:\Users\Chris Novak\Essgarnitur1.jpg
[2011.06.09 21:23:09 | 000,033,883 | ---- | C] () -- C:\Users\Chris Novak\Kniesessel.jpg
[2011.06.09 21:23:08 | 000,035,447 | ---- | C] () -- C:\Users\Chris Novak\Eckgarnitur2.jpg
[2011.06.09 21:23:08 | 000,034,726 | ---- | C] () -- C:\Users\Chris Novak\Eckgarnitur1.jpg
[2011.06.09 21:23:07 | 000,032,361 | ---- | C] () -- C:\Users\Chris Novak\Betten1.jpg
[2011.06.09 21:23:07 | 000,029,681 | ---- | C] () -- C:\Users\Chris Novak\Büro1.jpg
[2011.06.09 21:23:06 | 000,043,113 | ---- | C] () -- C:\Users\Chris Novak\Bad.JPG
[2011.06.09 21:22:26 | 000,039,324 | ---- | C] () -- C:\Users\Chris Novak\Wohnzimmer3.jpg
[2011.05.27 10:01:46 | 000,181,012 | ---- | C] () -- C:\Windows\hpoins13.dat
[2011.05.27 10:01:46 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2011.05.10 12:29:26 | 000,221,022 | ---- | C] () -- C:\Windows\hpoins30.dat
[2011.05.10 12:29:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2011.05.08 09:36:16 | 001,033,347 | ---- | C] () -- C:\Users\Chris Novak\Leviathan_1.jpg
[2010.01.02 00:10:09 | 029,816,832 | ---- | C] () -- C:\Users\Chris Novak\VeraFarmiga_DownToTheBone_DVD_.01.nn.avi
[2009.12.31 15:19:52 | 000,041,628 | ---- | C] () -- C:\Users\Chris Novak\etp-pin1.jpg
[2009.12.31 13:06:32 | 000,032,699 | ---- | C] () -- C:\Users\Chris Novak\obama symbol.jpg
[2009.12.30 16:37:53 | 000,675,615 | ---- | C] () -- C:\Users\Chris Novak\Obama_portrait_crop.jpg
[2009.12.30 16:37:04 | 000,029,727 | ---- | C] () -- C:\Users\Chris Novak\obama.jpg
[2009.12.15 17:51:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.11.11 15:43:43 | 000,007,653 | ---- | C] () -- C:\Users\Chris Novak\AppData\Local\Resmon.ResmonCfg
[2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Chris Novak\AppData\Roaming\MafiaSetup.exe
========== ZeroAccess Check ==========
[2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.06.23 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Audacity
[2009.11.15 11:09:59 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\DAEMON Tools Lite
[2013.02.16 10:43:56 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Dropbox
[2011.10.23 13:06:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Exif Viewer
[2012.06.23 09:08:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\FreeAudioPack
[2009.12.27 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Livestation
[2009.12.27 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Mchid
[2012.07.15 18:52:27 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\MxBoost
[2012.06.16 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Need for Speed World
[2013.02.02 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Opera
[2011.05.08 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\PCDr
[2011.08.09 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\ROUTE 66 Sync
[2013.02.13 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Runscanner.net
[2012.11.05 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Swiss Academic Software
[2012.12.20 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Template
[2009.12.06 20:24:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\The Creative Assembly
[2009.12.27 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Novak\AppData\Roaming\Thunderbird
========== Purity Check ==========
< End of report >
Hi novfan
As regards those problems, do not worry, surely, you have forced the closure of the program during the scan.with this step i had some problems
Next
I need some information
Please navigate to the following folder and advise if it is empty, if it contain files, please list the content (if there are lots of files, just give an estimate of the number rather than list them out)
C:\ProgramData\inf
Thanks
Posting Permissions
