FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01
Ran by Lenny (administrator) on 13-08-2013 23:53:02
Running from C:\Users\Lenny\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(cake bake) C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech, Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKCU\...\Run: [PC Speed Maximizer] - C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134456 2013-03-09] (Smart PC Solutions)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-13] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9EB937783&ts=1376428437
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM321HI_S26VJ9EB937783&ts=1376428437
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\Tepfel\WebCakeIEClient.dll (Let Them Eat Web-Cake LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File
BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll No File
Toolbar: HKLM-x32 - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\08b8duah.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [superlrcs@svenyor.net] C:\Program Files (x86)\SuperLyrics\FF\
FF Extension: No Name - C:\Program Files (x86)\SuperLyrics\FF\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: ({"name":"Avira SearchFree Toolbar plus Web Protection","version":"20.53263","manifest_version":2,"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/logo/logo_128x.png","32":"config/skin/images/logo/logo_32x.png","24":"config/skin/images/logo/logo_24x.png"},"browser_action":{"default_icon":"config/skin/images/logo/logo_19x.png","default_title":"Control the Avira SearchFree Toolbar","default_popup":"config/skin/chrome-options.html"},"background":{"page":"background/background.html"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"matches":["*://*/*"],"js":["lib/constant.js","lib/default-config.js","config/tb-config.js","lib/protocol.js","lib/tb-message.js","lib/widget-messaging.js","content_script/inline-html.js"],"all_frames":true,"run_at":"document_end"},{"matches":["*://*/*"],"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","config/widget-config.js","lib/protocol.js","lib/tb-message.js","lib/state-machine.js","lib/window-position.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"run_at":"document_start"},{"matches":["*://*.facebook.com/*"],"css":["content_script/hack/facebook.css"]},{"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"css":["content_script/hack/relative.css"],"run_at":"document_start"},{"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"css":["content_script/hack/static.css"],"run_at":"document_start"}],"permissions":["bookmarks","contextMenus","contentSettings","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","webRequest","webRequestBlocking","hxxp://*/*","https://*/*","chrome://favicon/*","bookmarks","contextMenus","contentSettings","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","https://*/*","chrome://favicon/*","webRequest","webRequestBlocking"],"plugins":[{"path":"background/ChromeUtilPlugin.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/everest/partners/AVIRA-V7/YY/update.xml","web_accessible_resources":["config/skin/css/containers.css","config/skin/toolbar.html","widgets/search-suggestion/search-suggestion.html","widgets/options/options.html","widgets/templates/feed.html","widgets/templates/menu.html","config/skin/widgets/com.avira.dnt/widget/background.html","config/skin/widgets/com.avira.dnt/widget/button.html","config/skin/widgets/com.avira.dnt/widget/window.html","config/skin/widgets/com.avira.dnt/widget/blank.html","config/skin/widgets/com.avira.dnt/widget/blank.gif"]}) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263
CHR Extension: (SuperLyrics) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnjcnjlaajofpendibcoodneacalfho\1.114
CHR Extension: (DealPly Shopping ) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0
CHR Extension: (Plus-HD-2.3) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.17_0
CHR Extension: (Delta Toolbar) - C:\Users\Lenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\onpejdpfebeopffobknkodakfphdelnh\1.4
CHR HKLM-x32\...\Chrome\Extension: [bgnjcnjlaajofpendibcoodneacalfho] - C:\Program Files (x86)\SuperLyrics\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-13] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R4 WebCakeUpdater; C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe [51992 2013-08-10] (cake bake)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-13] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-10] (Windows (R) 2003 DDK 3790 provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-13 23:52 - 2013-08-13 23:52 - 00000000 ____D C:\FRST
2013-08-13 23:48 - 2013-08-13 23:48 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\MusicNet
2013-08-13 23:47 - 2013-08-13 23:47 - 00000000 ____D C:\Users\Lenny\Documents\My Received Files
2013-08-13 23:44 - 2013-08-13 23:44 - 01333552 _____ (iMesh Inc) C:\Users\Lenny\Downloads\iMeshSetup-r1487-w-bf(1).exe
2013-08-13 23:42 - 2013-08-13 23:42 - 01333552 _____ (iMesh Inc) C:\Users\Lenny\Downloads\iMeshSetup-r1487-w-bf.exe
2013-08-13 23:27 - 2013-08-13 23:33 - 00000000 ____D C:\AdwCleaner
2013-08-13 23:23 - 2013-08-13 23:23 - 00800594 _____ C:\Users\Lenny\Downloads\adwcleaner.exe
2013-08-13 23:17 - 2013-08-13 23:17 - 00000000 ____D C:\Program Files\7-Zip
2013-08-13 23:16 - 2013-08-13 23:16 - 01376768 _____ C:\Users\Lenny\Downloads\7z920-x64.msi
2013-08-13 23:08 - 2013-08-13 23:08 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Tepfel
2013-08-13 23:08 - 2013-08-13 23:08 - 00000000 ____D C:\Program Files (x86)\Tepfel
2013-08-13 21:22 - 2013-08-13 21:22 - 00714352 _____ C:\Users\Lenny\Downloads\ZipOpenerSetup.exe
2013-08-13 20:45 - 2013-08-13 20:45 - 01067456 _____ (Solid State Networks) C:\Users\Lenny\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-08-13 18:56 - 2013-08-13 18:56 - 00003260 _____ C:\windows\System32\Tasks\{3F58E398-DF51-40DB-BA03-0C212FF1F9AF}
2013-08-13 18:53 - 2013-08-13 18:53 - 00003260 _____ C:\windows\System32\Tasks\{FA9280D6-0460-46DF-9583-2CFD347029F6}
2013-08-13 17:43 - 2013-08-13 17:43 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Malwarebytes
2013-08-13 17:42 - 2013-08-13 17:42 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-13 17:42 - 2013-08-13 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-13 17:42 - 2013-08-13 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-13 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-13 17:41 - 2013-08-13 17:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-13 17:14 - 2013-08-13 17:14 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Avira
2013-08-13 17:10 - 2013-08-13 17:10 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-08-13 17:08 - 2013-08-13 17:08 - 00001954 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:08 - 2013-08-13 17:08 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 17:08 - 2013-08-13 17:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-08-13 17:08 - 2013-08-13 17:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-13 17:08 - 2013-08-13 17:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-08-04 08:40 - 2013-08-04 09:40 - 00000074 _____ C:\Users\Lenny\AppData\Roaming\WB.CFG
2013-07-19 23:10 - 2013-07-20 06:38 - 00000000 ____D C:\windows\system32\MRT
2013-07-19 12:40 - 2013-08-04 09:40 - 00002313 _____ C:\Users\Lenny\Desktop\Qtrax Player.lnk
2013-07-15 14:40 - 2013-08-04 09:45 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-07-15 14:40 - 2013-07-15 14:40 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-15 14:40 - 2013-07-15 14:40 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-07-15 14:40 - 2011-10-04 22:43 - 00087552 _____ C:\windows\system32\custmon64i.dll
==================== One Month Modified Files and Folders =======
2013-08-13 23:52 - 2013-08-13 23:52 - 01575274 _____ (Farbar) C:\Users\Lenny\Downloads\FRST64.exe
2013-08-13 23:52 - 2013-08-13 23:52 - 00000000 ____D C:\FRST
2013-08-13 23:49 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 23:49 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 23:48 - 2013-08-13 23:48 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\MusicNet
2013-08-13 23:47 - 2013-08-13 23:47 - 00000000 ____D C:\Users\Lenny\Documents\My Received Files
2013-08-13 23:46 - 2012-04-01 20:46 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 23:44 - 2013-08-13 23:44 - 01333552 _____ (iMesh Inc) C:\Users\Lenny\Downloads\iMeshSetup-r1487-w-bf(1).exe
2013-08-13 23:42 - 2013-08-13 23:42 - 01333552 _____ (iMesh Inc) C:\Users\Lenny\Downloads\iMeshSetup-r1487-w-bf.exe
2013-08-13 23:33 - 2013-08-13 23:27 - 00000000 ____D C:\AdwCleaner
2013-08-13 23:27 - 2011-12-11 21:37 - 00001009 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-13 23:27 - 2011-12-11 18:26 - 00000995 _____ C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-13 23:23 - 2013-08-13 23:23 - 00800594 _____ C:\Users\Lenny\Downloads\adwcleaner.exe
2013-08-13 23:17 - 2013-08-13 23:17 - 00000000 ____D C:\Program Files\7-Zip
2013-08-13 23:16 - 2013-08-13 23:16 - 01376768 _____ C:\Users\Lenny\Downloads\7z920-x64.msi
2013-08-13 23:08 - 2013-08-13 23:08 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Tepfel
2013-08-13 23:08 - 2013-08-13 23:08 - 00000000 ____D C:\Program Files (x86)\Tepfel
2013-08-13 22:33 - 2012-03-11 15:10 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-08-13 21:22 - 2013-08-13 21:22 - 00714352 _____ C:\Users\Lenny\Downloads\ZipOpenerSetup.exe
2013-08-13 20:47 - 2011-07-29 17:44 - 01441283 _____ C:\windows\WindowsUpdate.log
2013-08-13 20:45 - 2013-08-13 20:45 - 01067456 _____ (Solid State Networks) C:\Users\Lenny\Downloads\install_flashplayer11x32au_mssa_aaa_aih.exe
2013-08-13 20:42 - 2010-11-21 05:47 - 00336908 _____ C:\windows\PFRO.log
2013-08-13 20:42 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-13 20:42 - 2009-07-14 06:51 - 00110219 _____ C:\windows\setupact.log
2013-08-13 19:00 - 2012-04-05 11:33 - 00000000 ____D C:\ProgramData\Origin
2013-08-13 18:56 - 2013-08-13 18:56 - 00003260 _____ C:\windows\System32\Tasks\{3F58E398-DF51-40DB-BA03-0C212FF1F9AF}
2013-08-13 18:53 - 2013-08-13 18:53 - 00003260 _____ C:\windows\System32\Tasks\{FA9280D6-0460-46DF-9583-2CFD347029F6}
2013-08-13 17:55 - 2013-07-13 10:31 - 00000005 _____ C:\Users\Lenny\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-08-13 17:55 - 2013-07-07 09:22 - 00000005 _____ C:\Users\Lenny\AppData\Roaming\WBPU-TTL.DAT
2013-08-13 17:43 - 2013-08-13 17:43 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Malwarebytes
2013-08-13 17:42 - 2013-08-13 17:42 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-13 17:42 - 2013-08-13 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-13 17:42 - 2013-08-13 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-13 17:42 - 2013-08-13 17:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-13 17:14 - 2013-08-13 17:14 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\Avira
2013-08-13 17:10 - 2013-08-13 17:10 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-08-13 17:08 - 2013-08-13 17:08 - 00001954 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-13 17:08 - 2013-08-13 17:08 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-13 17:08 - 2011-12-11 19:09 - 00000000 ____D C:\ProgramData\Avira
2013-08-13 17:03 - 2013-08-13 17:08 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-08-13 17:03 - 2013-08-13 17:08 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-13 17:03 - 2013-08-13 17:08 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-08-05 11:49 - 2013-01-24 20:38 - 00000000 ____D C:\Users\Lenny\AppData\Roaming\.minecraft
2013-08-04 09:45 - 2013-07-15 14:40 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-04 09:40 - 2013-08-04 08:40 - 00000074 _____ C:\Users\Lenny\AppData\Roaming\WB.CFG
2013-08-04 09:40 - 2013-07-19 12:40 - 00002313 _____ C:\Users\Lenny\Desktop\Qtrax Player.lnk
2013-08-04 09:40 - 2013-07-06 19:21 - 00002343 _____ C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-24 10:19 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-20 15:35 - 2013-07-06 19:22 - 00000000 ____D C:\Program Files (x86)\SuperLyrics
2013-07-20 06:38 - 2013-07-19 23:10 - 00000000 ____D C:\windows\system32\MRT
2013-07-18 19:21 - 2011-12-25 09:53 - 00000000 ____D C:\Users\Lenny\AppData\Local\CrashDumps
2013-07-15 14:40 - 2013-07-15 14:40 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-15 14:40 - 2013-07-15 14:40 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-07-15 14:40 - 2013-07-06 19:21 - 00003800 _____ C:\windows\System32\Tasks\QtraxPlayer
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-10 21:28
==================== End Of Log ============================ --- --- --- |