| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SearchPlusNetwork.com Entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.03.2013, 18:21
| #16 |
 |  SearchPlusNetwork.com Entfernen? Ich habe den Haken gesetzt und es funktioniert imemr noch nicht beim Instalieren kommt eine Fehlermeldung und LSPFix funktioniert nicht! |
|
09.03.2013, 23:46
| #17 |
| /// TB-Ausbilder   | SearchPlusNetwork.com Entfernen? Servus,
__________________Rechtsklicke auf LSP-Fix.exe und wähle "Als Administrator ausführen".  Hat es nun funktioniert? |
|
10.03.2013, 10:58
| #18 |
| | SearchPlusNetwork.com Entfernen? ah jetz hats funktioniert xD
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/10/2013 10:53:56 AM - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kev\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.24% Memory free 7.60 Gb Paging File | 6.07 Gb Available in Paging File | 79.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 22.27 Gb Free Space | 22.27% Space Free | Partition Type: NTFS Drive D: | 363.76 Gb Total Space | 308.06 Gb Free Space | 84.69% Space Free | Partition Type: NTFS Drive F: | 618.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe PRC - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/23 12:54:13 | 000,083,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013/02/23 12:53:54 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe ========== Modules (No Company Name) ========== MOD - [2013/02/21 06:23:44 | 000,459,728 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll MOD - [2013/02/21 06:23:42 | 004,050,896 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll MOD - [2013/02/21 06:22:51 | 000,596,944 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\libglesv2.dll MOD - [2013/02/21 06:22:50 | 000,124,368 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\libegl.dll MOD - [2013/02/21 06:22:48 | 001,552,848 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll MOD - [2013/02/15 17:18:27 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\a0a3700b354bf50d6337dfed8ba85837\DeskUpdateNotifier.ni.exe MOD - [2013/02/14 21:35:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/17 16:17:22 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll MOD - [2013/01/15 20:07:10 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/15 20:06:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/15 20:06:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/15 20:06:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/15 20:06:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Disabled | Stopped] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009/12/24 11:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/03/01 20:27:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/01/28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/01/19 20:35:13 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013/01/19 20:35:13 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/08/10 07:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010/08/10 07:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2012/11/16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google%20chrome/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{187989F7-4EFC-4329-A88E-9DF8F62AFF0D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2708eac7-9357-40b8-b05b-f3d095557eac&apn_sauid=78FDFDBF-3CFE-4A88-A02D-E77E6CCC1A49 IE - HKCU\..\SearchScopes\{4AE6D1F9-C8B0-4514-B6E4-35E6F29AF0E7}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{AEFC90FF-1E6E-478F-8FBA-3BCD04BDE2AE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE448 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/19 18:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] [2013/03/05 16:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Messenger Plus Smartbar (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=reimw&t=b0115 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ O1 HOSTS File: ([2013/03/05 20:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CSRFTP] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AIS_MessageForYou] C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe (Fujitsu) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049EF60A-5F53-464A-B5A1-71D48093DF34}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/31 11:24:11 | 000,000,121 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/10 10:51:53 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/08 14:50:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/08 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2013/03/05 20:19:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/03/05 20:06:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/05 20:06:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/05 20:06:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/05 20:06:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/05 20:06:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/05 19:51:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/05 19:51:18 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/05 17:51:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Malwarebytes [2013/03/05 15:51:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/05 15:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/05 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Programs [2013/03/04 18:31:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{09CF8EA5-F325-4434-B8B9-005DE4CCF034} [2013/03/03 10:35:06 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32 [2013/03/02 18:17:54 | 000,000,000 | ---D | C] -- C:\Intel [2013/03/01 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Kev\Desktop\Bob Marley [2013/03/01 19:49:47 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013/03/01 19:49:46 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013/03/01 19:49:46 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013/03/01 19:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013/03/01 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\TuneUp Software [2013/03/01 19:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013/03/01 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013/03/01 19:48:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/03/01 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{A575C9C9-A8F5-439E-A1F3-CE25C4A5C70D} [2013/02/26 15:59:08 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/25 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/02/23 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Avira [2013/02/23 13:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/23 13:01:03 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 13:01:03 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/23 13:01:03 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/02/17 14:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/17 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/02/14 21:34:09 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/02/14 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/02/14 21:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/02/13 18:35:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 18:35:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 18:35:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 18:35:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 18:35:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 18:35:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/13 18:35:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/13 18:35:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/13 18:35:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/13 18:35:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 18:35:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/13 18:35:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 18:35:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/13 18:35:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/13 18:35:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 15:34:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 15:34:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 15:34:19 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 15:34:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 15:34:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 15:34:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 15:34:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 15:34:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 15:34:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 15:34:07 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/13 14:26:18 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Spotify [2013/02/13 14:26:01 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Spotify [2013/02/08 22:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013/03/10 10:56:40 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 10:56:40 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 10:51:49 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/10 10:48:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/10 10:48:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/10 10:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/10 10:48:45 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013/03/09 21:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/09 20:40:43 | 000,000,024 | ---- | M] () -- C:\Users\Kev\random.dat [2013/03/09 18:26:41 | 000,000,024 | ---- | M] () -- C:\Users\Kev\jagexappletviewer.preferences [2013/03/09 18:25:28 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2013/03/08 16:14:34 | 000,217,581 | ---- | M] () -- C:\Windows\hpoins46.dat [2013/03/05 20:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/05 19:43:39 | 000,000,170 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/03/05 18:15:56 | 000,000,000 | ---- | M] () -- C:\Users\Kev\defogger_reenable [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 16:32:52 | 000,000,512 | ---- | M] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/02 19:16:29 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/03/02 19:16:29 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/03/02 19:15:22 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2013/03/02 09:46:39 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/03/01 20:27:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/01 20:27:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/01 20:13:01 | 000,009,913 | ---- | M] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/03/01 19:49:44 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/03/01 19:49:44 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/02/28 17:47:12 | 002,835,278 | ---- | M] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/26 15:59:08 | 000,002,364 | ---- | M] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/02/25 20:06:44 | 000,000,220 | ---- | M] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/24 14:29:03 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013/02/23 13:02:21 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/20 18:55:33 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/20 18:55:33 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/20 18:55:33 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/20 18:55:33 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/20 18:55:33 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/17 14:08:39 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/15 17:28:39 | 000,000,044 | ---- | M] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat [2013/02/14 21:34:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/14 21:28:35 | 000,298,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 14:26:17 | 000,001,801 | ---- | M] () -- C:\Users\Kev\Desktop\Spotify.lnk ========== Files Created - No Company Name ========== [2013/03/08 16:14:18 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp [2013/03/05 20:06:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/05 20:06:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/05 20:06:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/05 20:06:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/05 20:06:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/05 19:43:13 | 000,000,170 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/03/05 18:15:56 | 000,000,000 | ---- | C] () -- C:\Users\Kev\defogger_reenable [2013/03/05 16:32:52 | 000,000,512 | ---- | C] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/02 19:15:22 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2013/03/01 20:13:00 | 000,009,913 | ---- | C] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/03/01 19:49:44 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/03/01 19:49:44 | 000,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013/03/01 19:49:44 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/02/28 17:50:38 | 002,835,278 | ---- | C] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/26 15:59:08 | 000,002,364 | ---- | C] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/02/26 15:58:05 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/02/26 15:58:04 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/02/25 20:06:44 | 000,000,220 | ---- | C] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/23 13:08:07 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/02/23 13:02:21 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/17 14:08:39 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/15 17:28:39 | 000,000,044 | ---- | C] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat [2013/02/14 21:34:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/13 14:26:17 | 000,001,801 | ---- | C] () -- C:\Users\Kev\Desktop\Spotify.lnk [2013/02/13 14:26:17 | 000,001,787 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013/01/08 16:18:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012/07/14 18:03:36 | 000,000,040 | ---- | C] () -- C:\Users\Kev\matrix_cl_matrix_LIVE.dat [2012/07/09 13:42:37 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012/06/27 17:56:17 | 000,000,047 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE_BETA.dat [2012/06/27 17:56:17 | 000,000,024 | ---- | C] () -- C:\Users\Kev\random.dat [2012/06/21 19:16:03 | 000,369,656 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.07.png [2012/06/21 19:16:03 | 000,334,105 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.37.png [2012/06/02 14:58:48 | 000,007,597 | ---- | C] () -- C:\Users\Kev\AppData\Local\Resmon.ResmonCfg [2012/04/28 16:21:28 | 000,000,218 | ---- | C] () -- C:\Users\Kev\.recently-used.xbel [2012/04/28 16:11:59 | 005,627,420 | ---- | C] () -- C:\Users\Kev\host 5.183.180.97 and udp port 1210 [2012/04/28 16:05:33 | 000,137,940 | ---- | C] () -- C:\Users\Kev\kev_00001_20120428170533 [2012/04/28 16:01:02 | 000,121,348 | ---- | C] () -- C:\Users\Kev\host [2012/03/10 11:07:43 | 000,217,581 | ---- | C] () -- C:\Windows\hpoins46.dat [2012/02/14 14:50:31 | 000,000,024 | ---- | C] () -- C:\Users\Kev\jagexappletviewer.preferences [2012/02/11 20:35:52 | 000,000,000 | ---- | C] () -- C:\Users\Kev\jagex__preferences3.dat [2012/02/07 21:17:48 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE2.dat [2012/01/24 19:13:43 | 000,103,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/10/26 13:39:06 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE1.dat [2011/10/25 18:13:55 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2011/10/05 14:04:50 | 000,377,068 | ---- | C] () -- C:\Users\Kev\Foto 0200.jpg [2011/10/05 14:04:50 | 000,353,106 | ---- | C] () -- C:\Users\Kev\Foto 0199.jpg [2011/10/05 14:04:50 | 000,285,658 | ---- | C] () -- C:\Users\Kev\Foto 0201.jpg [2011/10/05 14:04:50 | 000,263,879 | ---- | C] () -- C:\Users\Kev\Foto 0203.jpg [2011/09/07 11:58:22 | 000,000,129 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences2.dat [2011/09/07 11:57:31 | 000,000,046 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences.dat [2011/09/06 21:47:17 | 000,000,000 | ---- | C] () -- C:\Users\Kev\AppData\Local\{F7FDD026-88CD-4F28-BACB-595C1CCE7543} [2011/08/04 18:32:30 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/08/04 18:32:30 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/08/04 18:32:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/08/04 18:32:30 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/08/04 18:32:29 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/16 11:56:37 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{3D6BBC73-D191-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{3D6BBC73-D191-44B9 [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010/11/21 04:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = %SystemRoot%\System32\wkssvc.dll "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010/11/21 04:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009/07/14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "hpdevmgmt" = hpqcxs08hpqddsvc [binary data] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] < HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010/11/21 04:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009/07/14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "hpdevmgmt" = hpqcxs08hpqddsvc [binary data] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc] < > < End of report > |
|
10.03.2013, 11:03
| #19 |
| | SearchPlusNetwork.com Entfernen? OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/10/2013 10:53:56 AM - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kev\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 63.24% Memory free 7.60 Gb Paging File | 6.07 Gb Available in Paging File | 79.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 22.27 Gb Free Space | 22.27% Space Free | Partition Type: NTFS Drive D: | 363.76 Gb Total Space | 308.06 Gb Free Space | 84.69% Space Free | Partition Type: NTFS Drive F: | 618.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe PRC - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/23 12:54:13 | 000,083,680 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013/02/23 12:53:54 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe ========== Modules (No Company Name) ========== MOD - [2013/02/21 06:23:44 | 000,459,728 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll MOD - [2013/02/21 06:23:42 | 004,050,896 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll MOD - [2013/02/21 06:22:51 | 000,596,944 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\libglesv2.dll MOD - [2013/02/21 06:22:50 | 000,124,368 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\libegl.dll MOD - [2013/02/21 06:22:48 | 001,552,848 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll MOD - [2013/02/15 17:18:27 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\a0a3700b354bf50d6337dfed8ba85837\DeskUpdateNotifier.ni.exe MOD - [2013/02/14 21:35:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/17 16:17:22 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll MOD - [2013/01/15 20:07:10 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/15 20:06:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/15 20:06:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/15 20:06:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/15 20:06:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Disabled | Stopped] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009/12/24 11:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/03/01 20:27:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/01/28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/01/19 20:35:13 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013/01/19 20:35:13 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/08/10 07:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010/08/10 07:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2012/11/16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google%20chrome/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{187989F7-4EFC-4329-A88E-9DF8F62AFF0D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2708eac7-9357-40b8-b05b-f3d095557eac&apn_sauid=78FDFDBF-3CFE-4A88-A02D-E77E6CCC1A49 IE - HKCU\..\SearchScopes\{4AE6D1F9-C8B0-4514-B6E4-35E6F29AF0E7}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{AEFC90FF-1E6E-478F-8FBA-3BCD04BDE2AE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE448 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/19 18:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] [2013/03/05 16:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Messenger Plus Smartbar (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=reimw&t=b0115 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ O1 HOSTS File: ([2013/03/05 20:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CSRFTP] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AIS_MessageForYou] C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe (Fujitsu) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049EF60A-5F53-464A-B5A1-71D48093DF34}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/31 11:24:11 | 000,000,121 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/10 10:51:53 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/08 14:50:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/08 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2013/03/05 20:19:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/03/05 20:06:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/05 20:06:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/05 20:06:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/05 20:06:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/05 20:06:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/05 19:51:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/05 19:51:18 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/05 17:51:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Malwarebytes [2013/03/05 15:51:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/05 15:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/05 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Programs [2013/03/04 18:31:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{09CF8EA5-F325-4434-B8B9-005DE4CCF034} [2013/03/03 10:35:06 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32 [2013/03/02 18:17:54 | 000,000,000 | ---D | C] -- C:\Intel [2013/03/01 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Kev\Desktop\Bob Marley [2013/03/01 19:49:47 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013/03/01 19:49:46 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013/03/01 19:49:46 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013/03/01 19:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013/03/01 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\TuneUp Software [2013/03/01 19:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013/03/01 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013/03/01 19:48:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/03/01 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{A575C9C9-A8F5-439E-A1F3-CE25C4A5C70D} [2013/02/26 15:59:08 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/25 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/02/23 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Avira [2013/02/23 13:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/23 13:01:03 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 13:01:03 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/23 13:01:03 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/02/17 14:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/17 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/02/14 21:34:09 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/02/14 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/02/14 21:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/02/13 18:35:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 18:35:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 18:35:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 18:35:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 18:35:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 18:35:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/13 18:35:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/13 18:35:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/13 18:35:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/13 18:35:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 18:35:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/13 18:35:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 18:35:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/13 18:35:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/13 18:35:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 15:34:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 15:34:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 15:34:19 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 15:34:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 15:34:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 15:34:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 15:34:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 15:34:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 15:34:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 15:34:07 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/13 14:26:18 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Spotify [2013/02/13 14:26:01 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Spotify [2013/02/08 22:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013/03/10 10:56:40 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 10:56:40 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 10:51:49 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/10 10:48:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/10 10:48:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/10 10:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/10 10:48:45 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013/03/09 21:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/09 20:40:43 | 000,000,024 | ---- | M] () -- C:\Users\Kev\random.dat [2013/03/09 18:26:41 | 000,000,024 | ---- | M] () -- C:\Users\Kev\jagexappletviewer.preferences [2013/03/09 18:25:28 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2013/03/08 16:14:34 | 000,217,581 | ---- | M] () -- C:\Windows\hpoins46.dat [2013/03/05 20:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/05 19:43:39 | 000,000,170 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/03/05 18:15:56 | 000,000,000 | ---- | M] () -- C:\Users\Kev\defogger_reenable [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 16:32:52 | 000,000,512 | ---- | M] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/02 19:16:29 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/03/02 19:16:29 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/03/02 19:15:22 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2013/03/02 09:46:39 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/03/01 20:27:23 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/01 20:27:23 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/01 20:13:01 | 000,009,913 | ---- | M] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/03/01 19:49:44 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/03/01 19:49:44 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/02/28 17:47:12 | 002,835,278 | ---- | M] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/26 15:59:08 | 000,002,364 | ---- | M] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/02/25 20:06:44 | 000,000,220 | ---- | M] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/24 14:29:03 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013/02/23 13:02:21 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/20 18:55:33 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/20 18:55:33 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/20 18:55:33 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/20 18:55:33 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/20 18:55:33 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/17 14:08:39 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/15 17:28:39 | 000,000,044 | ---- | M] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat [2013/02/14 21:34:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/14 21:28:35 | 000,298,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 14:26:17 | 000,001,801 | ---- | M] () -- C:\Users\Kev\Desktop\Spotify.lnk ========== Files Created - No Company Name ========== [2013/03/08 16:14:18 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp [2013/03/05 20:06:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/05 20:06:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/05 20:06:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/05 20:06:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/05 20:06:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/05 19:43:13 | 000,000,170 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/03/05 18:15:56 | 000,000,000 | ---- | C] () -- C:\Users\Kev\defogger_reenable [2013/03/05 16:32:52 | 000,000,512 | ---- | C] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/02 19:15:22 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2013/03/01 20:13:00 | 000,009,913 | ---- | C] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/03/01 19:49:44 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/03/01 19:49:44 | 000,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013/03/01 19:49:44 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/02/28 17:50:38 | 002,835,278 | ---- | C] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/26 15:59:08 | 000,002,364 | ---- | C] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/02/26 15:58:05 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/02/26 15:58:04 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/02/25 20:06:44 | 000,000,220 | ---- | C] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/23 13:08:07 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/02/23 13:02:21 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/17 14:08:39 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/15 17:28:39 | 000,000,044 | ---- | C] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat [2013/02/14 21:34:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/13 14:26:17 | 000,001,801 | ---- | C] () -- C:\Users\Kev\Desktop\Spotify.lnk [2013/02/13 14:26:17 | 000,001,787 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013/01/08 16:18:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012/07/14 18:03:36 | 000,000,040 | ---- | C] () -- C:\Users\Kev\matrix_cl_matrix_LIVE.dat [2012/07/09 13:42:37 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012/06/27 17:56:17 | 000,000,047 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE_BETA.dat [2012/06/27 17:56:17 | 000,000,024 | ---- | C] () -- C:\Users\Kev\random.dat [2012/06/21 19:16:03 | 000,369,656 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.07.png [2012/06/21 19:16:03 | 000,334,105 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.37.png [2012/06/02 14:58:48 | 000,007,597 | ---- | C] () -- C:\Users\Kev\AppData\Local\Resmon.ResmonCfg [2012/04/28 16:21:28 | 000,000,218 | ---- | C] () -- C:\Users\Kev\.recently-used.xbel [2012/04/28 16:11:59 | 005,627,420 | ---- | C] () -- C:\Users\Kev\host 5.183.180.97 and udp port 1210 [2012/04/28 16:05:33 | 000,137,940 | ---- | C] () -- C:\Users\Kev\kev_00001_20120428170533 [2012/04/28 16:01:02 | 000,121,348 | ---- | C] () -- C:\Users\Kev\host [2012/03/10 11:07:43 | 000,217,581 | ---- | C] () -- C:\Windows\hpoins46.dat [2012/02/14 14:50:31 | 000,000,024 | ---- | C] () -- C:\Users\Kev\jagexappletviewer.preferences [2012/02/11 20:35:52 | 000,000,000 | ---- | C] () -- C:\Users\Kev\jagex__preferences3.dat [2012/02/07 21:17:48 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE2.dat [2012/01/24 19:13:43 | 000,103,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/10/26 13:39:06 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE1.dat [2011/10/25 18:13:55 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2011/10/05 14:04:50 | 000,377,068 | ---- | C] () -- C:\Users\Kev\Foto 0200.jpg [2011/10/05 14:04:50 | 000,353,106 | ---- | C] () -- C:\Users\Kev\Foto 0199.jpg [2011/10/05 14:04:50 | 000,285,658 | ---- | C] () -- C:\Users\Kev\Foto 0201.jpg [2011/10/05 14:04:50 | 000,263,879 | ---- | C] () -- C:\Users\Kev\Foto 0203.jpg [2011/09/07 11:58:22 | 000,000,129 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences2.dat [2011/09/07 11:57:31 | 000,000,046 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences.dat [2011/09/06 21:47:17 | 000,000,000 | ---- | C] () -- C:\Users\Kev\AppData\Local\{F7FDD026-88CD-4F28-BACB-595C1CCE7543} [2011/08/04 18:32:30 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/08/04 18:32:30 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/08/04 18:32:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/08/04 18:32:30 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/08/04 18:32:29 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/16 11:56:37 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{3D6BBC73-D191-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{3D6BBC73-D191-44B9 [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010/11/21 04:24:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = %SystemRoot%\System32\wkssvc.dll "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010/11/21 04:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009/07/14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "hpdevmgmt" = hpqcxs08hpqddsvc [binary data] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] < HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010/11/21 04:24:08 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009/07/14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "hpdevmgmt" = hpqcxs08hpqddsvc [binary data] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc] < > < End of report > |
|
10.03.2013, 12:52
| #20 |
| /// TB-Ausbilder | SearchPlusNetwork.com Entfernen? Servus, es wird immer besser.  Schritt 1
Schritt 2 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{187989F7-4EFC-4329-A88E-9DF8F62AFF0D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}
IE - HKCU\..\SearchScopes\{4AE6D1F9-C8B0-4514-B6E4-35E6F29AF0E7}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kev\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
[2013/03/05 19:43:39 | 000,000,170 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000000
:commands
[Emptytemp]
Schritt 3 Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Gibt es noch Probleme mit SearchPlusNetwork oder der Autorun-Funktion? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
|
10.03.2013, 16:25
| #21 |
| | SearchPlusNetwork.com Entfernen? All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{187989F7-4EFC-4329-A88E-9DF8F62AFF0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{187989F7-4EFC-4329-A88E-9DF8F62AFF0D}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4AE6D1F9-C8B0-4514-B6E4-35E6F29AF0E7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AE6D1F9-C8B0-4514-B6E4-35E6F29AF0E7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found. C:\Windows\DeleteOnReboot.bat moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:00000000 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gamer ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Journal ->Temp folder emptied: 0 bytes User: Kev ->Temp folder emptied: 518480 bytes ->Temporary Internet Files folder emptied: 10057607 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 192685518 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 343 bytes User: Public ->Temp folder emptied: 0 bytes User: RegBack ->Temp folder emptied: 0 bytes User: systemprofile ->Temp folder emptied: 0 bytes User: TxR ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 47410 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 194.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03102013_162130 Files\Folders moved on Reboot... C:\Users\Kev\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... SystemLook 30.07.11 by jpshortstuff Log created at 16:26 on 10/03/2013 by Kev Administrator - Elevation successful ========== folderfind ========== Searching for "Conduit*" No folders found. Searching for "Ask.com*" No folders found. Searching for "GinyasBrowserCompanion*" No folders found. Searching for "v-Grabber*" No folders found. Searching for "Babylon*" No folders found. Searching for "Search Settings*" No folders found. Searching for "dvdvideosoftiehelpers*" No folders found. Searching for "OpenCandy*" No folders found. Searching for "DVDVideoSoftTB*" No folders found. Searching for "AskToolbar*" No folders found. Searching for "incredibar*" No folders found. ========== regfind ========== Searching for "Conduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966] "AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\AE48807DEC2E935419BD7466CCE1F5F5] "File"="iSyncConduit.dll" Searching for "Ask.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ask.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task] "PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task] "PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDGLO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPAD~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPTY~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPBU~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDWPA~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AVIRAC~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDCOR~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}\LocalServer32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDGLO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPAD~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPTY~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPBU~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDWPA~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AVIRAC~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDCOR~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\CallingIDSDK\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00F1A65D97AD1E11D8D76334268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\demo.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029DEE7E67AD1E113852DB04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03576BC0A7AD1E1188A9A434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\popup.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFD72C0A6D1E1179AC85E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\linkedin.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B0B68797AD1E118A6A4E24268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPTypes.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0828D86187AD1E1129764B14268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088A41FE97AD1E114BD41434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\dntp.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090E991ED42E1E11D93A5C2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\chrome\skin\ ask_32x.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F968E620A6D1E11B999E6D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\notificationManager.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF1D43997AD1E11FA430034268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\bg.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2010C0B997AD1E111983F034268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\blank.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20414E2897AD1E116B041F24268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\autoUpdate.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\241E1DAF97AD1E11CBD65434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\json2.min.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\assets\oobe\b.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5CB10287AD1E112AF1CB14268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41B9E26133CD1E114A4E096D168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\config.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42B7416F0A6D1E112971B6E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\view_report.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\435ED11E0A6D1E1138C146E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\settings.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\466B1A160A6D1E11DAFD1AD3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_global.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\600642CA97AD1E11EB30A134268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\config.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C07F78D42E1E113849882F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638A55350A6D1E114AE6C9D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_alert.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63C6A3960A6D1E1199A78AD3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\popup.css" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BE09BB77AD1E1129594214268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\view_alert.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F9C62077AD1E11BA0CBC04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\socialButtons.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6967575E4ADD1E11E9E591AF068807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\btn-bg.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0601CF0A6D1E11EA66D6E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\all.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D34269C97AD1E11DAE42334268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\content.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DE790BA0A6D1E111B7A93E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top-plain.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F874FC077AD1E11FB2CCC04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\view.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72D3312E1E95E8C4AAA81BADB30D5FC0] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E6A1B4EEAA8A942B405B51643FD2FC] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\800967B40A6D1E1129B8C8D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DDE340A6D1E11B833B8D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\template.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818F60F20A6D1E1149E987D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\optout.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8225E07F67AD1E1138657C04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\common.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83011A2A97AD1E1139DD6134268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\config.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D3F53D0A6D1E112BC9F5E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plus-minus.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860F3B99848D1E119B5569D6168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\plugins\npAviraC allingID.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87B1CC30A7AD1E117BC59434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\license.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8849E84D67AD1E11A8881B04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\images\demoRestricted.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A7FEEA8848D1E11D8ABF7D6168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B065BD72ADD1E116B25978F068807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\config.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B58DAA50A6D1E11C924D9D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_allowed_sites.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8DC47DD42E1E119948EB2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCF643B0A6D1E113A80C4E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\like.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C52E23087AD1E11BB364914268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980D2637EBB4E31449BDFE2D7447AE03] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\TaskScheduler.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A301910E5ADD1E11CBD5C1BF068807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off-knob.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A51CAA4F77AD1E116923D714268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\ContentPolicy.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\UpdateTask.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6EA75AD0A6D1E116B9506E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plusone.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81E6B410A6D1E11B98E66D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\common.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD31AEF90A6D1E112B67A2E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF79D8530A6D1E11296968D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\rules.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA82713BF2918244BB38D4D3626E2F31] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\defaults\prefere nces\defaults.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A5C56BD42E1E11AA061B2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C61425DC0A6D1E11488AE5E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D6135E97AD1E11783A0434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\demoRestricted.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D68CEE0A6D1E1129B096E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\logger.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5F24F10A6D1E118B7AD6D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\events.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBE5FFA897AD1E11CA349F24268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\background.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC46BC9AD42E1E11B93ADA2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\searchplugins\as kcom.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0B84F7CD42E1E113A65AB2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0C668D287AD1E117AAAFB14268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E318FDD30A6D1E115956A8D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\socialButtons.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58C26300A6D1E11EBCF16D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\BadgeManager.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81243990A6D1E117B9C52E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\footer.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90A558E0A6D1E111A4356E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\tweet.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E942FF4ABC342DA42A4C40617E8ADC8C] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF874E5B67AD1E113A7B2A04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\css\popup-ie.css" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\chrome\content\a bout.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}] "AppPath"="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4e63-8AC7-94335D6DA231}] "AppPath"="C:\Program Files (x86)\Ask.com\CallingIDSDK\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}] "AppPath"="C:\Program Files (x86)\Ask.com\CallingIDSDK\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48f1-99C2-A712C21F8D5F}] "AppPath"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run-] "ApnUpdater"=""C:\Program Files (x86)\Ask.com\Updater\Updater.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}\LocalServer32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDGLO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPAD~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPTY~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPBU~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDWPA~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AVIRAC~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDCOR~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Internet Explorer\DOMStorage\ask.com] [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] Searching for "GinyasBrowserCompanion" No data found. Searching for "v-Grabber" No data found. Searching for "Babylon" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8da617e8_0] @="{0.0.0.00000000}.{09ea8b5a-8256-4062-9d50-7d9591762c9b}|\Device\HarddiskVolume2\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}\LocalServer32] @=""C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] "DllName"="BabylonToolbarTlbr.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] "DllName"="BabylonToolbarTlbr.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8da617e8_0] @="{0.0.0.00000000}.{09ea8b5a-8256-4062-9d50-7d9591762c9b}|\Device\HarddiskVolume2\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe%b{00000000-0000-0000-0000-000000000000}" Searching for "Search Settings" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] "6B44B0DEF67D1764F878629CAF5C48BC"="C?\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9] "6B44B0DEF67D1764F878629CAF5C48BC"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\" Searching for "dvdvideosoftiehelpers" No data found. Searching for "OpenCandy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce] Searching for "DVDVideoSoftTB" No data found. Searching for "AskToolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" Searching for "incredibar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmbgdmijgopggjaelphhajpjldacbnba] "path"="C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibar.crx" Searching for " " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=""C:\Program Files (x86)\Steam\Steam.exe" -silent " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"=""C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=""C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun " [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2BF49C34-CAB2-4300-8663-2E4BBB5B0689}] "RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"> <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"> <Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/> <Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/> <Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/> <Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/> <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/> </Rating> <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}"> <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/> </Rating> <Rati [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{5371C3EE-500F-4EC5-B50B-5CD4233A1F3A}] "RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"> <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}"> <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/> </Rating> <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/> <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{997B7D18-2AFA-49dc-847B-0E8A69723040}"/> <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"> <Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/> <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/> </Rating> <R [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{EF647E0A-A4E2-4E6E-9B02-DACC3FC19CE9}] "RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"> <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"> <Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/> <Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/> <Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/> <Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/> <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/> </Rating> <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/> <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PfNet"=""C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CSRSkype"="C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CSRFTP"="C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UCam_Menu"=""C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "YouCam Mirror Tray icon"=""C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LogMeIn Hamachi Ui"=""C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32] "ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA0401290000 7475&0#] "DeviceDesc"="USB " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA0401290000 7475&0#] "DeviceDesc"="USB " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA040129 00007475&0#] "DeviceDesc"="USB " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=""C:\Program Files (x86)\Steam\Steam.exe" -silent " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"=""C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=""C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager " -= EOF =- SystemLook 30.07.11 by jpshortstuff Log created at 16:26 on 10/03/2013 by Kev Administrator - Elevation successful ========== folderfind ========== Searching for "Conduit*" No folders found. Searching for "Ask.com*" No folders found. Searching for "GinyasBrowserCompanion*" No folders found. Searching for "v-Grabber*" No folders found. Searching for "Babylon*" No folders found. Searching for "Search Settings*" No folders found. Searching for "dvdvideosoftiehelpers*" No folders found. Searching for "OpenCandy*" No folders found. Searching for "DVDVideoSoftTB*" No folders found. Searching for "AskToolbar*" No folders found. Searching for "incredibar*" No folders found. ========== regfind ========== Searching for "Conduit" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966] "AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\AE48807DEC2E935419BD7466CCE1F5F5] "File"="iSyncConduit.dll" Searching for "Ask.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ask.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task] "PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task] "PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDGLO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPAD~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPTY~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPBU~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDWPA~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AVIRAC~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDCOR~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}\LocalServer32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDGLO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPAD~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPTY~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPBU~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDWPA~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AVIRAC~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDCOR~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\CallingIDSDK\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00F1A65D97AD1E11D8D76334268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\demo.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029DEE7E67AD1E113852DB04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03576BC0A7AD1E1188A9A434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\popup.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFD72C0A6D1E1179AC85E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\linkedin.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B0B68797AD1E118A6A4E24268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPTypes.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0828D86187AD1E1129764B14268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088A41FE97AD1E114BD41434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\dntp.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090E991ED42E1E11D93A5C2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\chrome\skin\ ask_32x.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F968E620A6D1E11B999E6D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\notificationManager.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF1D43997AD1E11FA430034268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\bg.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2010C0B997AD1E111983F034268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\blank.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20414E2897AD1E116B041F24268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\autoUpdate.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\241E1DAF97AD1E11CBD65434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\json2.min.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\assets\oobe\b.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5CB10287AD1E112AF1CB14268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41B9E26133CD1E114A4E096D168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\config.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42B7416F0A6D1E112971B6E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\view_report.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\435ED11E0A6D1E1138C146E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\settings.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\466B1A160A6D1E11DAFD1AD3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_global.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\600642CA97AD1E11EB30A134268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\config.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C07F78D42E1E113849882F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638A55350A6D1E114AE6C9D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_alert.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63C6A3960A6D1E1199A78AD3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\popup.css" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BE09BB77AD1E1129594214268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\view_alert.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F9C62077AD1E11BA0CBC04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\socialButtons.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6967575E4ADD1E11E9E591AF068807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\btn-bg.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0601CF0A6D1E11EA66D6E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\all.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D34269C97AD1E11DAE42334268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\content.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DE790BA0A6D1E111B7A93E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top-plain.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F874FC077AD1E11FB2CCC04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\view.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72D3312E1E95E8C4AAA81BADB30D5FC0] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E6A1B4EEAA8A942B405B51643FD2FC] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\800967B40A6D1E1129B8C8D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DDE340A6D1E11B833B8D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\template.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818F60F20A6D1E1149E987D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\optout.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8225E07F67AD1E1138657C04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\common.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83011A2A97AD1E1139DD6134268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\config.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D3F53D0A6D1E112BC9F5E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plus-minus.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860F3B99848D1E119B5569D6168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\plugins\npAviraC allingID.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87B1CC30A7AD1E117BC59434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\license.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8849E84D67AD1E11A8881B04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\images\demoRestricted.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A7FEEA8848D1E11D8ABF7D6168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B065BD72ADD1E116B25978F068807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\config.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B58DAA50A6D1E11C924D9D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_allowed_sites.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8DC47DD42E1E119948EB2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCF643B0A6D1E113A80C4E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\like.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C52E23087AD1E11BB364914268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980D2637EBB4E31449BDFE2D7447AE03] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\TaskScheduler.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A301910E5ADD1E11CBD5C1BF068807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off-knob.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A51CAA4F77AD1E116923D714268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\ContentPolicy.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\UpdateTask.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6EA75AD0A6D1E116B9506E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plusone.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81E6B410A6D1E11B98E66D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\common.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD31AEF90A6D1E112B67A2E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF79D8530A6D1E11296968D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\rules.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA82713BF2918244BB38D4D3626E2F31] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\defaults\prefere nces\defaults.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A5C56BD42E1E11AA061B2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C61425DC0A6D1E11488AE5E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D6135E97AD1E11783A0434268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\demoRestricted.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D68CEE0A6D1E1129B096E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\logger.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5F24F10A6D1E118B7AD6D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\events.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBE5FFA897AD1E11CA349F24268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\background.html" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC46BC9AD42E1E11B93ADA2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\searchplugins\as kcom.xml" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0B84F7CD42E1E113A65AB2F168807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\messages.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0C668D287AD1E117AAAFB14268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E318FDD30A6D1E115956A8D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\socialButtons.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58C26300A6D1E11EBCF16D3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\BadgeManager.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81243990A6D1E117B9C52E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\footer.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90A558E0A6D1E111A4356E3268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\tweet.png" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E942FF4ABC342DA42A4C40617E8ADC8C] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF874E5B67AD1E113A7B2A04268807B9] "A28B4D68DEBAA244EB686953B7074FEF"="C?\Program Files (x86)\Ask.com\AbineSDK\IE\css\popup-ie.css" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\3dpb09nz.default\extensions\toolbar@ask.com\chrome\content\a bout.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}] "AppPath"="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4e63-8AC7-94335D6DA231}] "AppPath"="C:\Program Files (x86)\Ask.com\CallingIDSDK\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}] "AppPath"="C:\Program Files (x86)\Ask.com\CallingIDSDK\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48f1-99C2-A712C21F8D5F}] "AppPath"="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run-] "ApnUpdater"=""C:\Program Files (x86)\Ask.com\Updater\Updater.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}\LocalServer32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}\LocalServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}\InprocServer32] @="C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}\InprocServer32] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDGLO~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPAD~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPTY~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPBU~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDWPA~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AVIRAC~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\CALLIN~1\CIDCOR~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\0\win32] @="C:\PROGRA~2\Ask.com\AbineSDK\IE\DNTPSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}\1.0\HELPDIR] @="C:\Program Files (x86)\Ask.com\AbineSDK\IE\" [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Internet Explorer\DOMStorage\ask.com] [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com] Searching for "GinyasBrowserCompanion" No data found. Searching for "v-Grabber" No data found. Searching for "Babylon" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8da617e8_0] @="{0.0.0.00000000}.{09ea8b5a-8256-4062-9d50-7d9591762c9b}|\Device\HarddiskVolume2\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}\LocalServer32] @=""C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] "DllName"="BabylonToolbarTlbr.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}] "DllName"="BabylonToolbar.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] "DllName"="BabylonToolbarTlbr.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] @="BabylonHelper" [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8da617e8_0] @="{0.0.0.00000000}.{09ea8b5a-8256-4062-9d50-7d9591762c9b}|\Device\HarddiskVolume2\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe%b{00000000-0000-0000-0000-000000000000}" Searching for "Search Settings" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] "6B44B0DEF67D1764F878629CAF5C48BC"="C?\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9] "6B44B0DEF67D1764F878629CAF5C48BC"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\" Searching for "dvdvideosoftiehelpers" No data found. Searching for "OpenCandy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce] Searching for "DVDVideoSoftTB" No data found. Searching for "AskToolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] "A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" Searching for "incredibar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmbgdmijgopggjaelphhajpjldacbnba] "path"="C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibar.crx" Searching for " " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=""C:\Program Files (x86)\Steam\Steam.exe" -silent " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"=""C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=""C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun " [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{2BF49C34-CAB2-4300-8663-2E4BBB5B0689}] "RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"> <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"> <Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/> <Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/> <Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/> <Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/> <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/> </Rating> <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}"> <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/> </Rating> <Rati [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{5371C3EE-500F-4EC5-B50B-5CD4233A1F3A}] "RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"> <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}"> <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/> </Rating> <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/> <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{997B7D18-2AFA-49dc-847B-0E8A69723040}"/> <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"> <Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/> <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/> </Rating> <R [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{EF647E0A-A4E2-4E6E-9B02-DACC3FC19CE9}] "RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1"> <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"> <Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/> <Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/> <Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/> <Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/> <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/> </Rating> <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/> <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PfNet"=""C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CSRSkype"="C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CSRFTP"="C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UCam_Menu"=""C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "YouCam Mirror Tray icon"=""C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LogMeIn Hamachi Ui"=""C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start " [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32] "ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA0401290000 7475&0#] "DeviceDesc"="USB " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA0401290000 7475&0#] "DeviceDesc"="USB " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB&REV_1100#AA040129 00007475&0#] "DeviceDesc"="USB " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=""C:\Program Files (x86)\Steam\Steam.exe" -silent " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"=""C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=""C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager " [HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"="FreeStudioManager " -= EOF =- Ja ich habe noch fragen und zwar wichtige wenn ich eine CD ins cd Laufwerk lege, tut soch garniichts und wenn ich sie instalieren will ohne Autorund blockt windows ab uns sagt iwie sowas mit no location |
|
11.03.2013, 17:36
| #22 |
| /// TB-Ausbilder | SearchPlusNetwork.com Entfernen? Servus, Folge dem Pfad: Start > Systemsteuerung > Hardware und Sound > Automatische Wiedergabe Setze einen Haken bei Automatische Wiedergabe für alle Medien und Geräte verwenden Darunter kannst du auswählen, wie entsprechende CDs, DVDs, etc. gestartet werden sollen Klicken rechts unten auf Speichern. Schritt 1 Fixen mit OTL
Code:
ATTFilter :reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9]
"6B44B0DEF67D1764F878629CAF5C48BC"=-
"6B44B0DEF67D1764F878629CAF5C48BC"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296]
"A28B4D68DEBAA244EB686953B7074FEF"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmbgdmijgopggjaelphhajpjldacbnba]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}]
[-HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]
[-HKEY_USERS\S-1-5-21-4198297669-3172748106-3339997324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ask.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000001
:Commands
[Reboot]
Schritt 2 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Gibt es immer noch Probleme mit der AutoRun Funktion? Wie sieht es mit SearchPlusNetwork aus? Bitte poste mit deiner nächsten Antwort
|
|
11.03.2013, 22:23
| #23 |
| | SearchPlusNetwork.com Entfernen? Hi Searchplusnetwork macht kein problem mehr daher in dieser Hinsicht schon mal vielen dank für alles auserdem sind auf meinem Desktop 3 Datein aufgetaucht seit dem letzten fix mit OTL und zwar: desktop.ini dann nochmal desktop.ini und Thumbs.db was bedeuten die und nach dem fix hat OTL keine Logdatei erstellt ich habe auch auf den ihnen gennnanten Systemlink nachgesehn der Ordner war leer OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/11/2013 10:17:12 PM - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kev\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 65.09% Memory free 7.60 Gb Paging File | 6.13 Gb Available in Paging File | 80.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 22.17 Gb Free Space | 22.17% Space Free | Partition Type: NTFS Drive D: | 363.76 Gb Total Space | 308.06 Gb Free Space | 84.69% Space Free | Partition Type: NTFS Drive F: | 618.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe PRC - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013/02/23 12:53:54 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe ========== Modules (No Company Name) ========== MOD - [2013/02/21 06:23:44 | 000,459,728 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll MOD - [2013/02/21 06:23:42 | 004,050,896 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll MOD - [2013/02/21 06:22:51 | 000,596,944 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\libglesv2.dll MOD - [2013/02/21 06:22:50 | 000,124,368 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\libegl.dll MOD - [2013/02/21 06:22:48 | 001,552,848 | ---- | M] () -- C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll MOD - [2013/02/15 17:18:27 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\a0a3700b354bf50d6337dfed8ba85837\DeskUpdateNotifier.ni.exe MOD - [2013/02/14 21:35:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/17 16:17:22 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll MOD - [2013/01/15 20:07:10 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/15 20:06:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/15 20:06:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/15 20:06:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/15 20:06:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Disabled | Stopped] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009/12/24 11:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/03/01 20:27:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/01/28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/01/19 20:35:13 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013/01/19 20:35:13 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/08/10 07:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010/08/10 07:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2012/11/16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google%20chrome/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{AEFC90FF-1E6E-478F-8FBA-3BCD04BDE2AE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE448 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/19 18:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] [2013/03/05 16:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ O1 HOSTS File: ([2013/03/05 20:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CSRFTP] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AIS_MessageForYou] C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe (Fujitsu) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049EF60A-5F53-464A-B5A1-71D48093DF34}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/31 11:24:11 | 000,000,121 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/10 10:51:53 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/08 14:50:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/08 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2013/03/05 20:19:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/03/05 20:06:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/05 20:06:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/05 20:06:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/05 20:06:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/05 20:06:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/05 19:51:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/05 19:51:18 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/05 17:51:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Malwarebytes [2013/03/05 15:51:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/05 15:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/05 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Programs [2013/03/04 18:31:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{09CF8EA5-F325-4434-B8B9-005DE4CCF034} [2013/03/03 10:35:06 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32 [2013/03/02 18:17:54 | 000,000,000 | ---D | C] -- C:\Intel [2013/03/01 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Kev\Desktop\Bob Marley [2013/03/01 19:49:47 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013/03/01 19:49:46 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013/03/01 19:49:46 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013/03/01 19:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013/03/01 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\TuneUp Software [2013/03/01 19:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013/03/01 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013/03/01 19:48:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/03/01 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{A575C9C9-A8F5-439E-A1F3-CE25C4A5C70D} [2013/02/26 15:59:08 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/25 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/02/23 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Avira [2013/02/23 13:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/23 13:01:03 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 13:01:03 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/23 13:01:03 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/02/17 14:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/02/17 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/02/17 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/02/14 21:34:09 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/02/14 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/02/14 21:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/02/13 14:26:18 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Spotify [2013/02/13 14:26:01 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Spotify ========== Files - Modified Within 30 Days ========== [2013/03/11 22:13:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/11 22:13:40 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013/03/11 22:12:49 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/11 22:12:49 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/11 06:56:59 | 000,000,024 | ---- | M] () -- C:\Users\Kev\random.dat [2013/03/11 06:45:32 | 000,000,024 | ---- | M] () -- C:\Users\Kev\jagexappletviewer.preferences [2013/03/11 06:44:56 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2013/03/10 23:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/10 16:26:26 | 000,165,376 | ---- | M] () -- C:\Users\Kev\Desktop\SystemLook_x64.exe [2013/03/10 10:51:49 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/10 10:48:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/10 10:48:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/08 16:14:34 | 000,217,581 | ---- | M] () -- C:\Windows\hpoins46.dat [2013/03/05 20:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/05 18:15:56 | 000,000,000 | ---- | M] () -- C:\Users\Kev\defogger_reenable [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 16:32:52 | 000,000,512 | ---- | M] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/02 19:16:29 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/03/02 19:16:29 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/03/02 09:46:39 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/03/01 20:13:01 | 000,009,913 | ---- | M] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/03/01 19:49:44 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/03/01 19:49:44 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/02/28 17:47:12 | 002,835,278 | ---- | M] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/26 15:59:08 | 000,002,364 | ---- | M] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/02/25 20:06:44 | 000,000,220 | ---- | M] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/24 14:29:03 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013/02/23 13:02:21 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/20 18:55:33 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/20 18:55:33 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/20 18:55:33 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/20 18:55:33 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/20 18:55:33 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/17 14:08:39 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/15 17:28:39 | 000,000,044 | ---- | M] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat [2013/02/14 21:34:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/14 21:28:35 | 000,298,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/13 14:26:17 | 000,001,801 | ---- | M] () -- C:\Users\Kev\Desktop\Spotify.lnk ========== Files Created - No Company Name ========== [2013/03/10 16:26:29 | 000,165,376 | ---- | C] () -- C:\Users\Kev\Desktop\SystemLook_x64.exe [2013/03/08 16:14:18 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp [2013/03/05 20:06:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/05 20:06:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/05 20:06:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/05 20:06:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/05 20:06:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/05 18:15:56 | 000,000,000 | ---- | C] () -- C:\Users\Kev\defogger_reenable [2013/03/05 16:32:52 | 000,000,512 | ---- | C] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/01 20:13:00 | 000,009,913 | ---- | C] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/03/01 19:49:44 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013/03/01 19:49:44 | 000,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013/03/01 19:49:44 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013/02/28 17:50:38 | 002,835,278 | ---- | C] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/26 15:59:08 | 000,002,364 | ---- | C] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/02/26 15:58:05 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/02/26 15:58:04 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/02/25 20:06:44 | 000,000,220 | ---- | C] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/23 13:08:07 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/02/23 13:02:21 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/17 14:08:39 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/02/15 17:28:39 | 000,000,044 | ---- | C] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat [2013/02/14 21:34:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/13 14:26:17 | 000,001,801 | ---- | C] () -- C:\Users\Kev\Desktop\Spotify.lnk [2013/02/13 14:26:17 | 000,001,787 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013/01/08 16:18:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012/07/14 18:03:36 | 000,000,040 | ---- | C] () -- C:\Users\Kev\matrix_cl_matrix_LIVE.dat [2012/07/09 13:42:37 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012/06/27 17:56:17 | 000,000,047 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE_BETA.dat [2012/06/27 17:56:17 | 000,000,024 | ---- | C] () -- C:\Users\Kev\random.dat [2012/06/21 19:16:03 | 000,369,656 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.07.png [2012/06/21 19:16:03 | 000,334,105 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.37.png [2012/06/02 14:58:48 | 000,007,597 | ---- | C] () -- C:\Users\Kev\AppData\Local\Resmon.ResmonCfg [2012/04/28 16:21:28 | 000,000,218 | ---- | C] () -- C:\Users\Kev\.recently-used.xbel [2012/04/28 16:11:59 | 005,627,420 | ---- | C] () -- C:\Users\Kev\host 5.183.180.97 and udp port 1210 [2012/04/28 16:05:33 | 000,137,940 | ---- | C] () -- C:\Users\Kev\kev_00001_20120428170533 [2012/04/28 16:01:02 | 000,121,348 | ---- | C] () -- C:\Users\Kev\host [2012/03/10 11:07:43 | 000,217,581 | ---- | C] () -- C:\Windows\hpoins46.dat [2012/02/14 14:50:31 | 000,000,024 | ---- | C] () -- C:\Users\Kev\jagexappletviewer.preferences [2012/02/11 20:35:52 | 000,000,000 | ---- | C] () -- C:\Users\Kev\jagex__preferences3.dat [2012/02/07 21:17:48 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE2.dat [2012/01/24 19:13:43 | 000,103,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/10/26 13:39:06 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE1.dat [2011/10/25 18:13:55 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2011/10/05 14:04:50 | 000,377,068 | ---- | C] () -- C:\Users\Kev\Foto 0200.jpg [2011/10/05 14:04:50 | 000,353,106 | ---- | C] () -- C:\Users\Kev\Foto 0199.jpg [2011/10/05 14:04:50 | 000,285,658 | ---- | C] () -- C:\Users\Kev\Foto 0201.jpg [2011/10/05 14:04:50 | 000,263,879 | ---- | C] () -- C:\Users\Kev\Foto 0203.jpg [2011/09/07 11:58:22 | 000,000,129 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences2.dat [2011/09/07 11:57:31 | 000,000,046 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences.dat [2011/09/06 21:47:17 | 000,000,000 | ---- | C] () -- C:\Users\Kev\AppData\Local\{F7FDD026-88CD-4F28-BACB-595C1CCE7543} [2011/08/04 18:32:30 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/08/04 18:32:30 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/08/04 18:32:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/08/04 18:32:30 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/08/04 18:32:29 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/16 11:56:37 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/02/03 15:52:20 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\.minecraft [2011/09/07 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\AIS Connect [2012/11/09 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Audacity [2013/01/08 16:21:47 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Canneverbe Limited [2012/11/26 21:17:42 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\DVDVideoSoft [2013/01/18 19:10:55 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FreeBurner [2011/09/06 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Fujitsu [2012/04/28 16:17:18 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\gtk-2.0 [2012/10/24 18:57:03 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Image-Line [2011/09/10 19:30:17 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Leadertech [2012/06/02 15:02:23 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\matrixCache11 [2012/07/02 17:20:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\OpenOffice.org [2012/10/03 11:03:20 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Origin [2011/12/27 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\redsn0w [2011/11/08 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Rune-X-Scape [2013/01/19 19:29:16 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Sony [2013/02/28 17:52:09 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Spotify [2011/09/13 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Thunderbird [2013/01/15 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TS3Client [2013/03/08 15:55:55 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TuneUp Software [2011/09/18 00:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Unity [2012/04/28 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Aber der autorun und das instalieren der CD funktioniert leider immer noch nicht  |
|
12.03.2013, 16:28
| #24 |
| /// TB-Ausbilder | SearchPlusNetwork.com Entfernen? Servus, Schritt 1 Downloade bitte Grinlers unhide.exe auf deinem Desktop
Schritt 2 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Bitte poste mit deiner nächsten Antwort
|
|
12.03.2013, 17:26
| #25 |
| | SearchPlusNetwork.com Entfernen? Unhide by Lawrence Abrams (Grinler) Bleeping Computer - Technical Support and Computer Help Copyright 2008-2013 BleepingComputer.com More Information about Unhide.exe can be found at this link: Unhide.exe - A introduction as to what this program does - BleepingComputer.com Program started at: 03/12/2013 05:14:20 PM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 246418 files processed. Processing the D:\ drive Finished processing the D:\ drive. 69270 files processed. The C:\Users\Kev\AppData\Local\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: Unhide.exe - A introduction as to what this program does - BleepingComputer.com Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Program finished at: 03/12/2013 05:24:44 PM Execution time: 0 hours(s), 10 minute(s), and 24 seconds(s) Farbar Service Scanner Version: 03-03-2013 Ran by Kev (administrator) on 12-03-2013 at 17:27:44 Running from "C:\Users\Kev\Downloads" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** |
|
12.03.2013, 18:09
| #26 | |
| /// TB-Ausbilder | SearchPlusNetwork.com Entfernen? Servus, Du hast folgendes geschrieben: Zitat:
"iwie sowas mit location" hilft mir wenig. Sag mir bitte die genaue Fehlermeldung, die erscheint. Von den Einstellungen sollte es eigentlich so passen. Werden die drei "neuen" Dateien immer noch auf dem Desktop angezeigt? |
|
13.03.2013, 14:28
| #27 |
| | SearchPlusNetwork.com Entfernen? Ich hab es jetzt mit15 anderen CDs ausprobiert es passiert immer noch nichts. ja die 3 Datein sind noch am Desktop |
|
13.03.2013, 16:28
| #28 |
| /// TB-Ausbilder | SearchPlusNetwork.com Entfernen? Servus, wegen den drei Dateien: Gehe bitte auf Start --> Systemsteuerung --> Extras --> Ordneroptionen. Wechsle auf den Reiter Ansicht.
Lösche keinesfalls Ordner oder Dateien ohne Anweisung Wegen der AutoRun Funktion TuneUp Utilities deinstallieren und OTL nochmal starten: Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall TuneUp Utilities. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Geändert von M-K-D-B (13.03.2013 um 16:35 Uhr) |
|
16.03.2013, 11:51
| #29 |
| /// TB-Ausbilder | SearchPlusNetwork.com Entfernen? Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
16.03.2013, 20:55
| #30 |
| | SearchPlusNetwork.com Entfernen? Bin in den nächsten Tagen beschäftigt und kann daher nicht gleich die datein senden OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/17/2013 5:24:15 PM - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kev\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 59.79% Memory free 7.60 Gb Paging File | 5.84 Gb Available in Paging File | 76.78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100.00 Gb Total Space | 20.52 Gb Free Space | 20.52% Space Free | Partition Type: NTFS Drive D: | 363.76 Gb Total Space | 308.06 Gb Free Space | 84.69% Space Free | Partition Type: NTFS Drive F: | 6.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe PRC - [2013/02/25 07:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe PRC - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013/02/23 12:53:54 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/02/13 14:26:16 | 001,199,000 | ---- | M] (Spotify Ltd) -- C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010/10/13 12:04:22 | 000,097,560 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2010/03/18 09:00:08 | 001,965,056 | ---- | M] (Fujitsu) -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe PRC - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/10/09 20:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/10/08 19:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe ========== Modules (No Company Name) ========== MOD - [2013/02/25 07:39:32 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013/02/19 11:48:10 | 020,340,648 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013/02/15 17:18:27 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\a0a3700b354bf50d6337dfed8ba85837\DeskUpdateNotifier.ni.exe MOD - [2013/02/14 21:35:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/17 16:17:22 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\199e1121526944a4d9dc77e5867fc774\log4net.ni.dll MOD - [2013/01/15 20:07:10 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/15 20:06:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/15 20:06:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/15 20:06:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/15 20:06:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/12/18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012/11/09 21:51:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/24 01:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2009/12/24 11:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009/07/30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/03/13 14:27:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/02/23 12:54:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/23 12:53:57 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/02/23 12:53:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/11/01 17:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/11/01 17:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 16:49:00 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fujitsu\AIS Connect\bin\qsaMain.exe -- (AISConnect) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/01/19 20:35:13 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2013/01/19 20:35:13 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/08/10 07:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010/08/10 07:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/12/18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/11/27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/01 17:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/08 08:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/11/01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google%20chrome/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{AEFC90FF-1E6E-478F-8FBA-3BCD04BDE2AE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKCU\..\SearchScopes\{DCD4C831-3BF0-4086-A480-CB35F88AF37A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG_deDE448 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kev\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/19 18:43:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/10 11:17:08 | 000,000,000 | ---D | M] [2013/03/05 16:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kev\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Kev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Kev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ O1 HOSTS File: ([2013/03/05 20:17:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.1\iobitToolbarIE.dll (Spigot, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CSRFTP] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AIS_MessageForYou] C:\Program Files (x86)\Fujitsu\AIS Connect\bin\AISMessageForYou.exe (Fujitsu) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DeskUpdateNotifier] c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Kev\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049EF60A-5F53-464A-B5A1-71D48093DF34}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/24 06:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2011/09/07 02:00:07 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ] O32 - AutoRun File - [2011/09/07 01:08:12 | 000,032,783 | R--- | M] () - F:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2011/09/07 02:00:07 | 000,000,132 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/17 17:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/03/17 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/03/17 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/03/17 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/03/17 17:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/03/13 15:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013/03/13 15:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013/03/13 15:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013/03/13 15:36:48 | 000,000,000 | ---D | C] -- C:\Users\Kev\Documents\Sony [2013/03/10 10:51:53 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/08 14:50:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/08 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2013/03/05 20:19:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/03/05 20:06:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/05 20:06:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/05 20:06:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/05 20:06:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/05 20:06:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/05 19:51:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/05 19:51:18 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/05 17:51:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Malwarebytes [2013/03/05 15:51:12 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/05 15:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/05 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Programs [2013/03/04 18:31:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{09CF8EA5-F325-4434-B8B9-005DE4CCF034} [2013/03/03 10:35:06 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32 [2013/03/02 18:17:54 | 000,000,000 | ---D | C] -- C:\Intel [2013/03/01 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Kev\Desktop\Bob Marley [2013/03/01 19:48:43 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\TuneUp Software [2013/03/01 19:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013/03/01 19:48:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/03/01 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{A575C9C9-A8F5-439E-A1F3-CE25C4A5C70D} [2013/02/26 15:59:08 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/25 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/02/23 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Avira [2013/02/23 13:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/23 13:01:03 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 13:01:03 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/23 13:01:03 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/23 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira ========== Files - Modified Within 30 Days ========== [2013/03/17 17:28:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/17 17:28:02 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/17 17:28:02 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/17 17:20:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/17 17:19:47 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/17 17:19:47 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/03/17 17:19:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/17 17:19:24 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2013/03/17 17:17:48 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/03/17 17:11:32 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/03/17 17:11:31 | 000,002,364 | ---- | M] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/03/13 15:13:56 | 000,000,024 | ---- | M] () -- C:\Users\Kev\random.dat [2013/03/13 14:56:45 | 000,000,024 | ---- | M] () -- C:\Users\Kev\jagexappletviewer.preferences [2013/03/13 14:29:31 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2013/03/10 16:26:26 | 000,165,376 | ---- | M] () -- C:\Users\Kev\Desktop\SystemLook_x64.exe [2013/03/10 10:51:49 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Kev\Desktop\LSPFix (3).exe [2013/03/08 16:14:34 | 000,217,581 | ---- | M] () -- C:\Windows\hpoins46.dat [2013/03/05 20:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/05 18:15:56 | 000,000,000 | ---- | M] () -- C:\Users\Kev\defogger_reenable [2013/03/05 17:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe [2013/03/05 16:32:52 | 000,000,512 | ---- | M] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/02 09:46:39 | 000,000,042 | ---- | M] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/03/01 20:13:01 | 000,009,913 | ---- | M] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/02/28 17:47:12 | 002,835,278 | ---- | M] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/25 20:06:44 | 000,000,220 | ---- | M] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/24 14:29:03 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013/02/23 13:02:21 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/23 12:54:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/23 12:54:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/23 12:54:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/20 18:55:33 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/20 18:55:33 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/20 18:55:33 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/20 18:55:33 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/20 18:55:33 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/15 17:28:39 | 000,000,044 | ---- | M] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat ========== Files Created - No Company Name ========== [2013/03/17 17:17:48 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/03/10 16:26:29 | 000,165,376 | ---- | C] () -- C:\Users\Kev\Desktop\SystemLook_x64.exe [2013/03/08 16:14:18 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp [2013/03/05 20:06:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/05 20:06:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/05 20:06:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/05 20:06:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/05 20:06:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/05 18:15:56 | 000,000,000 | ---- | C] () -- C:\Users\Kev\defogger_reenable [2013/03/05 16:32:52 | 000,000,512 | ---- | C] () -- C:\Users\Kev\Documents\MBR.dat [2013/03/05 15:51:13 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/01 20:13:00 | 000,009,913 | ---- | C] () -- C:\Users\Kev\Documents\Mein Film.wlmp [2013/02/28 17:50:38 | 002,835,278 | ---- | C] () -- C:\Users\Kev\Desktop\Roider Jackl s' boarische Bier.mp3 [2013/02/26 15:59:08 | 000,002,364 | ---- | C] () -- C:\Users\Kev\Desktop\Google Chrome.lnk [2013/02/26 15:58:05 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000UA.job [2013/02/26 15:58:04 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4198297669-3172748106-3339997324-1000Core.job [2013/02/25 20:06:44 | 000,000,220 | ---- | C] () -- C:\Users\Kev\Desktop\Call of Duty 4 Modern Warfare.url [2013/02/23 13:08:07 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_oldschool_LIVE.dat [2013/02/23 13:02:21 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/15 17:28:39 | 000,000,044 | ---- | C] () -- C:\Users\Kev\jagex_cl_loginapplet_LIVE.dat [2013/01/08 16:18:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012/07/14 18:03:36 | 000,000,040 | ---- | C] () -- C:\Users\Kev\matrix_cl_matrix_LIVE.dat [2012/07/09 13:42:37 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012/06/27 17:56:17 | 000,000,047 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE_BETA.dat [2012/06/27 17:56:17 | 000,000,024 | ---- | C] () -- C:\Users\Kev\random.dat [2012/06/21 19:16:03 | 000,369,656 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.07.png [2012/06/21 19:16:03 | 000,334,105 | ---- | C] () -- C:\Users\Kev\2012-06-21_20.06.37.png [2012/06/02 14:58:48 | 000,007,597 | ---- | C] () -- C:\Users\Kev\AppData\Local\Resmon.ResmonCfg [2012/04/28 16:21:28 | 000,000,218 | ---- | C] () -- C:\Users\Kev\.recently-used.xbel [2012/04/28 16:11:59 | 005,627,420 | ---- | C] () -- C:\Users\Kev\host 5.183.180.97 and udp port 1210 [2012/04/28 16:05:33 | 000,137,940 | ---- | C] () -- C:\Users\Kev\kev_00001_20120428170533 [2012/04/28 16:01:02 | 000,121,348 | ---- | C] () -- C:\Users\Kev\host [2012/03/10 11:07:43 | 000,217,581 | ---- | C] () -- C:\Windows\hpoins46.dat [2012/02/14 14:50:31 | 000,000,024 | ---- | C] () -- C:\Users\Kev\jagexappletviewer.preferences [2012/02/11 20:35:52 | 000,000,000 | ---- | C] () -- C:\Users\Kev\jagex__preferences3.dat [2012/02/07 21:17:48 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE2.dat [2012/01/24 19:13:43 | 000,103,700 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/10/26 13:39:06 | 000,000,043 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE1.dat [2011/10/25 18:13:55 | 000,000,042 | ---- | C] () -- C:\Users\Kev\jagex_cl_runescape_LIVE.dat [2011/10/05 14:04:50 | 000,377,068 | ---- | C] () -- C:\Users\Kev\Foto 0200.jpg [2011/10/05 14:04:50 | 000,353,106 | ---- | C] () -- C:\Users\Kev\Foto 0199.jpg [2011/10/05 14:04:50 | 000,285,658 | ---- | C] () -- C:\Users\Kev\Foto 0201.jpg [2011/10/05 14:04:50 | 000,263,879 | ---- | C] () -- C:\Users\Kev\Foto 0203.jpg [2011/09/07 11:58:22 | 000,000,129 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences2.dat [2011/09/07 11:57:31 | 000,000,046 | ---- | C] () -- C:\Users\Kev\jagex_runescape_preferences.dat [2011/09/06 21:47:17 | 000,000,000 | ---- | C] () -- C:\Users\Kev\AppData\Local\{F7FDD026-88CD-4F28-BACB-595C1CCE7543} [2011/08/04 18:32:30 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/08/04 18:32:30 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011/08/04 18:32:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011/08/04 18:32:30 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/08/04 18:32:29 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/04/16 11:56:37 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/02/03 15:52:20 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\.minecraft [2011/09/07 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\AIS Connect [2012/11/09 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Audacity [2013/01/08 16:21:47 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Canneverbe Limited [2012/11/26 21:17:42 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\DVDVideoSoft [2013/01/18 19:10:55 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\FreeBurner [2011/09/06 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Fujitsu [2012/04/28 16:17:18 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\gtk-2.0 [2012/10/24 18:57:03 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Image-Line [2011/09/10 19:30:17 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Leadertech [2012/06/02 15:02:23 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\matrixCache11 [2012/07/02 17:20:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\OpenOffice.org [2012/10/03 11:03:20 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Origin [2011/12/27 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\redsn0w [2011/11/08 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Rune-X-Scape [2013/01/19 19:29:16 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Sony [2013/02/28 17:52:09 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Spotify [2011/09/13 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Thunderbird [2013/01/15 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TS3Client [2013/03/08 15:55:55 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\TuneUp Software [2011/09/18 00:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Unity [2012/04/28 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\Kev\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > |
|
| Themen zu SearchPlusNetwork.com Entfernen? |
| befolgt, board, browser, entferne, entfernen, firefox, folge, folgendes, geholfen, google, hallo zusammen, inter, interne, internet, nichts, problem, seite, startseite, thema, troja, trojaner, versuch, versucht, zusammen, öffnet |
Textbox. 
Linear-Darstellung
