olebowle | 18.06.2013 20:31 | Hi t'john
Danke schonmal :daumenhoc
Logfile von Avira
Exportierte Ereignisse:
18/06/2013 20:49 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\olebowle\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb37ca9-5a9
617a7'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Dermit.GX' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
18/06/2013 14:07 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Spybot - Search &
Destroy\Recovery\CoolWWWSearchCtfmon1.zip'
enthielt einen Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5512d2ab.qua'
verschoben!
18/06/2013 14:06 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search &
Destroy\Recovery\CoolWWWSearchCtfmon1.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
18/06/2013 14:06 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search &
Destroy\Recovery\CoolWWWSearchCtfmon1.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Und Logfile OTLOTL Logfile: Code:
OTL logfile created on: 18/06/2013 21:18:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\olebowle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.49% Memory free
6.19 Gb Paging File | 5.02 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.54 Gb Total Space | 70.98 Gb Free Space | 49.80% Space Free | Partition Type: NTFS
Drive D: | 142.54 Gb Total Space | 133.54 Gb Free Space | 93.68% Space Free | Partition Type: NTFS
Drive F: | 980.72 Mb Total Space | 671.77 Mb Free Space | 68.50% Space Free | Partition Type: FAT
Computer Name: OLEBOWLE-PC | User Name: olebowle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\olebowle\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Verbindungsassistent\WTGService.exe ()
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Users\olebowle\AppData\Roaming\Mobile Partner\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Windows\PLFSetI.exe ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Winmgmt) -- C:\ProgramData\birido.dat (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\WTGService.exe ()
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a6hwntb2) -- File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (ewsercd) -- C:\Windows\System32\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (A5AGU) -- C:\Windows\System32\drivers\AGUx86.sys (D-Link Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {533345A8-F4AF-455A-B5C6-42BC0664B827}
IE - HKU\.DEFAULT\..\SearchScopes\{533345A8-F4AF-455A-B5C6-42BC0664B827}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {533345A8-F4AF-455A-B5C6-42BC0664B827}
IE - HKU\S-1-5-18\..\SearchScopes\{533345A8-F4AF-455A-B5C6-42BC0664B827}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7730g
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\SearchScopes\{57984F6D-7861-4977-AD48-E9A31B8D2F11}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en___DE393
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\olebowle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2010/12/02 14:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Extensions
[2010/12/02 14:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/21 11:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\extensions
[2013/01/02 22:49:52 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\extensions\battlefieldplay4free@ea.com
[2013/04/10 21:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\a4wmpzsa.default\extensions
[2013/04/10 21:38:35 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\olebowle\AppData\Roaming\Mozilla\SeaMonkey\Profiles\a4wmpzsa.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/05/21 11:24:23 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\olebowle\AppData\Roaming\Mozilla\Firefox\Profiles\te9cl4sl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/25 19:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 19:33:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\olebowle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\olebowle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\olebowle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000..\Run: [ctfmon32.exe] C:\ProgramData\birido.dat (Microsoft Corporation)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000..\Run: [HW_OPENEYE_OUC_Mobile Partner] C:\Program Files\Mobile Partner\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1003..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1003..\RunOnce: [AcerScrSav] C:\Windows\ACER\run_NB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0330D446-2A5F-41F3-AB17-26E9B46AF093}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04AEA37E-497E-49F3-A1B0-3FD56130A337}: DhcpNameServer = 194.151.228.34 194.151.228.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A007671-3A50-4BAD-A62F-CD454CAF6B04}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25229ADE-7D40-4227-B2BE-37A5598AFECB}: DhcpNameServer = 62.133.126.28 62.133.126.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{535F4F05-E38E-4803-A46D-173542307F8C}: DhcpNameServer = 62.133.126.28 62.133.126.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E816C3-B677-45F3-BB74-96FD0C873463}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E271686C-CBD6-4E18-96E4-5A5BB31A7538}: DhcpNameServer = 62.133.126.28 62.133.126.29
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\olebowle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\olebowle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00996a1a-40f2-11e0-aa6e-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{00996a1a-40f2-11e0-aa6e-00238b7dd409}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{00996a4f-40f2-11e0-aa6e-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{00996a4f-40f2-11e0-aa6e-001e101fb45e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{12fad846-94e7-11e0-a77b-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{12fad846-94e7-11e0-a77b-00238b7dd409}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{256752c4-b6aa-11df-8f8a-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{256752c4-b6aa-11df-8f8a-00238b7dd409}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35b7de2c-bb45-11df-a840-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{35b7de2c-bb45-11df-a840-00238b7dd409}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35b7de2d-bb45-11df-a840-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{35b7de2d-bb45-11df-a840-00238b7dd409}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4962b907-37b7-11e0-b1e5-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{4962b907-37b7-11e0-b1e5-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4962b909-37b7-11e0-b1e5-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{4962b909-37b7-11e0-b1e5-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{577b5d27-3ab6-11e0-ae47-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{577b5d27-3ab6-11e0-ae47-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{577b5d3a-3ab6-11e0-ae47-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{577b5d3a-3ab6-11e0-ae47-00238b7dd409}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6f7cac3d-731a-11e0-a77f-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{6f7cac3d-731a-11e0-a77f-001e101f82a7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{83a72d71-7be1-11e0-85c2-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{83a72d71-7be1-11e0-85c2-00a0c6000000}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{87a8028a-4b34-11e0-a204-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{87a8028a-4b34-11e0-a204-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e1a2f4be-2d4c-11e0-a367-00238b7dd409}\Shell - "" = AutoRun
O33 - MountPoints2\{e1a2f4be-2d4c-11e0-a367-00238b7dd409}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/18 15:45:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/06/18 11:58:11 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\birido.dat
[2013/06/13 17:22:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/13 17:22:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/13 17:22:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/13 17:22:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/13 17:22:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/13 17:22:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/13 17:22:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/13 17:22:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/12 12:02:27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/12 12:02:14 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 12:02:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 12:02:09 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/12 12:02:09 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/06 14:04:37 | 000,000,000 | ---D | C] -- C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy
[2013/05/25 19:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/09 15:24:55 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr80.dll
[2012/01/09 15:24:55 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp80.dll
[2003/09/10 20:51:38 | 001,626,172 | ---- | C] (Albert L Faber) -- C:\Program Files\CDex.exe
[2003/09/10 20:48:56 | 000,083,456 | ---- | C] (Albert L Faber) -- C:\Program Files\CDRip.dll
[2002/08/07 22:07:22 | 000,071,680 | ---- | C] (Matthew T. Ashland) -- C:\Program Files\MACDll.dll
[2002/04/20 13:07:30 | 000,069,632 | ---- | C] (Illustrate) -- C:\Program Files\WMA8Connect.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/18 21:04:25 | 000,000,852 | ---- | M] () -- C:\Users\olebowle\Desktop\OTL.lnk
[2013/06/18 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/18 20:40:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065798087-2607588636-1036883106-1001UA.job
[2013/06/18 19:25:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/18 19:25:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/18 19:25:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/18 19:25:21 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 19:17:30 | 095,023,320 | ---- | M] () -- C:\ProgramData\odirib.pad
[2013/06/18 15:45:07 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/06/18 15:03:27 | 000,009,258 | ---- | M] () -- C:\Users\olebowle\Documents\cc_20130618_150321.reg
[2013/06/18 11:58:53 | 000,000,870 | ---- | M] () -- C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/18 11:58:30 | 000,002,670 | ---- | M] () -- C:\ProgramData\odirib.js
[2013/06/18 11:58:11 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\birido.dat
[2013/06/18 11:03:16 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/18 11:03:16 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/18 06:57:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/12 09:56:08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/12 09:56:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/09 16:39:59 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065798087-2607588636-1036883106-1001Core.job
[2013/06/06 14:16:51 | 000,002,573 | ---- | M] () -- C:\Users\olebowle\Desktop\ICM Trainer.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/18 21:04:25 | 000,000,852 | ---- | C] () -- C:\Users\olebowle\Desktop\OTL.lnk
[2013/06/18 19:25:21 | 3215,843,328 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/18 15:03:24 | 000,009,258 | ---- | C] () -- C:\Users\olebowle\Documents\cc_20130618_150321.reg
[2013/06/18 11:58:53 | 000,000,870 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/18 11:58:30 | 000,002,670 | ---- | C] () -- C:\ProgramData\odirib.js
[2013/06/18 11:58:28 | 095,023,320 | ---- | C] () -- C:\ProgramData\odirib.pad
[2013/06/06 14:04:37 | 000,002,573 | ---- | C] () -- C:\Users\olebowle\Desktop\ICM Trainer.lnk
[2013/02/23 22:58:37 | 021,748,128 | ---- | C] () -- C:\Users\olebowle\AppData\Local\TempFullTiltPokerEuSetup.exe
[2012/10/23 19:52:11 | 000,003,516 | ---- | C] () -- C:\Program Files\Default.prf.ini
[2012/10/14 17:46:56 | 000,024,206 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\UserTile.png
[2012/08/13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012/08/13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012/08/13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012/08/13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini
[2012/03/02 17:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/01/09 15:24:55 | 006,438,912 | ---- | C] () -- C:\Program Files\QtGui4.dll
[2012/01/09 15:24:55 | 001,581,056 | ---- | C] () -- C:\Program Files\QtCore4.dll
[2012/01/09 15:24:55 | 000,536,576 | ---- | C] () -- C:\Program Files\QtSql4.dll
[2012/01/09 15:24:55 | 000,516,096 | ---- | C] () -- C:\Program Files\ohc.exe
[2012/01/09 15:24:55 | 000,356,352 | ---- | C] () -- C:\Program Files\QtXml4.dll
[2012/01/09 15:24:55 | 000,348,160 | ---- | C] () -- C:\Program Files\QtNetwork4.dll
[2012/01/09 15:24:55 | 000,106,496 | ---- | C] () -- C:\Program Files\libpq.dll
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/07/17 12:00:07 | 000,001,633 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/16 10:28:32 | 000,000,090 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\wklnhst.dat
[2010/12/30 17:29:37 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/11/29 19:50:10 | 000,000,632 | RHS- | C] () -- C:\Users\olebowle\ntuser.pol
[2010/09/07 19:13:02 | 000,138,056 | ---- | C] () -- C:\Users\olebowle\AppData\Roaming\PnkBstrK.sys
[2010/08/18 22:36:10 | 000,017,408 | ---- | C] () -- C:\Users\olebowle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 22:24:03 | 000,048,668 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/18 22:20:15 | 000,048,668 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/18 21:35:23 | 000,000,680 | ---- | C] () -- C:\Users\olebowle\AppData\Local\d3d9caps.dat
[2003/09/10 20:49:34 | 000,096,768 | ---- | C] ( ) -- C:\Program Files\libsndfile.dll
[2001/07/15 23:14:12 | 000,003,516 | ---- | C] () -- C:\Program Files\CDex.ini
========== ZeroAccess Check ==========
[2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/01/09 23:38:15 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Acer GameZone Console
[2013/01/10 17:02:04 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\APP_NAME_NON_STRING
[2010/10/30 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Canneverbe Limited
[2010/09/06 17:21:59 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/12 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\DAEMON Tools Lite
[2010/11/15 15:51:27 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2013/02/15 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\DVDVideoSoft
[2013/02/15 14:54:15 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/03/01 16:49:48 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Epson
[2012/11/11 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\GlarySoft
[2011/06/26 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\HEM Data
[2011/03/17 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\HoldemManager
[2013/06/17 19:57:29 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Microgaming
[2011/03/12 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Mobile Partner
[2013/03/26 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Notepad++
[2012/02/09 15:27:38 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\OpenOffice.org
[2013/03/28 16:51:33 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Opera
[2012/10/04 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Party
[2012/11/22 17:21:55 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\PCCUStubInstaller
[2013/01/11 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\PDF Architect
[2013/02/22 15:52:27 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\pdfforge
[2012/10/14 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\PeerNetworking
[2012/07/24 10:21:29 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Philipp Winterberg
[2010/10/04 19:34:19 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Propellerhead Software
[2011/03/19 22:10:20 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Roaming
[2011/12/20 15:56:38 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Samsung
[2011/12/20 16:28:55 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Temp
[2011/01/16 10:29:03 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Template
[2011/12/17 18:16:50 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Thunderbird
[2010/12/02 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\TomTom
[2011/03/24 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\uTorrent
[2012/04/12 18:13:45 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Verbindungsassistent
[2010/09/02 17:59:43 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\Vodafone
[2012/08/06 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\olebowle\AppData\Roaming\XMedia Recode
========== Purity Check ==========
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 18/06/2013 21:18:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\olebowle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.49% Memory free
6.19 Gb Paging File | 5.02 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.54 Gb Total Space | 70.98 Gb Free Space | 49.80% Space Free | Partition Type: NTFS
Drive D: | 142.54 Gb Total Space | 133.54 Gb Free Space | 93.68% Space Free | Partition Type: NTFS
Drive F: | 980.72 Mb Total Space | 671.77 Mb Free Space | 68.50% Space Free | Partition Type: FAT
Computer Name: OLEBOWLE-PC | User Name: olebowle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3065798087-2607588636-1036883106-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014D938E-9917-4436-95CC-4B1CDA97096B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{121EF7AB-0FBA-4DA2-99F0-ECCA8F064CC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{407BD833-AC24-40B0-A909-07701F7AC98C}" = rport=139 | protocol=6 | dir=out | app=system |
"{4223A72A-11C0-4CFC-8246-036634E9A1B3}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{471672B3-48AB-4AB3-8799-B2DAEE145160}" = lport=137 | protocol=17 | dir=in | app=system |
"{49CC6845-746F-4D04-A7CA-B8495F03F980}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{504C76EE-3148-49CA-A778-9F14C1281B0E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{526BD496-3CE9-40CC-A31E-E906124ACA13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E1B0F66-2E6F-4CFB-BDC5-4F53F767A609}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{754838B1-D554-4012-8ACD-FC097272E95A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7EB39CF1-94EF-44DA-8E1C-91DDD98A9836}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{99BBB3ED-5094-41B0-A775-D365B95E87C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C4DB353-63C9-42AB-8F8D-2B9FF14FF7E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{B19B6744-D726-4136-AE68-409901E93C82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3ECE180-4540-4619-8A1D-D6DE373C03A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{CC64ACFC-D78D-4651-9656-81EF54117E71}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC427D93-0B37-48D4-A97A-5B6565919D4F}" = rport=137 | protocol=17 | dir=out | app=system |
"{DED4F147-0A4A-40A8-8A3B-20DF21F53716}" = rport=138 | protocol=17 | dir=out | app=system |
"{E20F0B2E-654E-4F22-83EA-86CD70F0FAC0}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0464C4F1-298A-4CCA-9746-FF4396F2A6AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3054E346-0D02-444D-AECA-088E8B6B3C16}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{3B3E5E85-B7F1-4014-97FB-E1742FCB91E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B3FCC52-AC5E-44B7-9655-00046FDD8887}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4B85D961-CBC8-4CC1-AD23-1C3671C65C49}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{561852CF-CB76-4D47-9E54-AFD0D8270E4B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{70EC3706-55D8-4380-8110-962700E3B273}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7E6A83FA-FE85-4CA4-9C00-6851E7335C65}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{905C8335-C266-4306-83D2-78ACECC1E4BC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9FF25D41-5FF8-4508-9EF1-470CA6AA589A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C581D9EE-55F7-453F-BA1F-0B3C62847001}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D130F18C-8884-45CF-9AD0-9D680ADC3008}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D1981763-5E20-4688-B744-B64CE9367159}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D2505365-950E-4210-9952-A68725338CC0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E13B6ADB-8996-426B-A357-C3F18D4311E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F11C6F0B-87E9-4FE4-9CD3-EC0E8BB8AB88}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F2FC6687-9653-46B3-B497-94D2E2C18F83}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{0E82A74A-21F5-4F8A-B18B-1AB20888B1CC}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{C60F31EC-605E-4282-AAB1-91DAC6D1DF36}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{D40721DC-67E2-4F6B-86FA-B169C67B971D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{488B1C0C-0F00-4ADE-B237-67122BB1A942}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{7B6CBFD9-E9ED-4499-ABA2-8C1AEA3DB8F1}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{7D836694-72A2-4673-BF0E-C6A0B70B4DF8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{38B746B5-44EE-4FFA-B987-581B5CF4A097}" = PokerStrategy.com Equilab - Omaha
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D09F48-CDAB-4B4C-8806-F6C16F17935A}" = PokerStrategy.com Equilab
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"24hPoker (Poker)" = 24hPoker
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Manual
"Everest Casino" = Everest Casino (Remove Only)
"EverestPoker.com" = EverestPoker.com
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"GridVista" = Acer GridVista
"HoldemManager" = Holdem Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PKR" = PKR
"PostgreSQL 8.4" = PostgreSQL 8.4
"sl.GameLauncher" = sl.GameLauncher
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 2.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3065798087-2607588636-1036883106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18/06/2013 07:40:21 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 13:40:20 CESTFATAL: the database system is starting up
Error - 18/06/2013 07:46:38 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 13:46:38 CESTFATAL: the database system is starting up
Error - 18/06/2013 09:44:58 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 15:44:58 CESTFATAL: the database system is starting up
Error - 18/06/2013 11:37:46 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 17:37:46 CESTFATAL: the database system is starting up
Error - 18/06/2013 11:44:30 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 17:44:30 CESTFATAL: the database system is starting up
Error - 18/06/2013 12:27:49 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 18:27:49 CESTFATAL: the database system is starting up
Error - 18/06/2013 12:51:23 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 18:51:23 CESTFATAL: the database system is starting up
Error - 18/06/2013 13:01:24 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 19:01:24 CESTFATAL: the database system is starting up
Error - 18/06/2013 13:07:57 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 19:07:57 CESTFATAL: the database system is starting up
Error - 18/06/2013 13:17:13 | Computer Name = olebowle-PC | Source = EventSystem | ID = 4609
Description =
Error - 18/06/2013 13:25:40 | Computer Name = olebowle-PC | Source = PostgreSQL | ID = 0
Description = 2013-06-18 19:25:40 CESTFATAL: the database system is starting up
[ Media Center Events ]
Error - 15/02/2011 12:58:38 | Computer Name = olebowle-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 15/08/2011 06:42:15 | Computer Name = olebowle-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide
Error - 23/10/2012 13:31:43 | Computer Name = olebowle-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 18/06/2013 13:02:10 | Computer Name = olebowle-PC | Source = DCOM | ID = 10010
Description =
Error - 18/06/2013 13:08:43 | Computer Name = olebowle-PC | Source = DCOM | ID = 10010
Description =
Error - 18/06/2013 13:16:11 | Computer Name = olebowle-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 18/06/2013 13:17:01 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description =
Error - 18/06/2013 13:17:13 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description =
Error - 18/06/2013 13:17:15 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description =
Error - 18/06/2013 13:17:15 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description =
Error - 18/06/2013 13:17:15 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description =
Error - 18/06/2013 13:17:38 | Computer Name = olebowle-PC | Source = DCOM | ID = 10005
Description =
Error - 18/06/2013 13:26:30 | Computer Name = olebowle-PC | Source = DCOM | ID = 10010
Description =
< End of report > --- --- --- |