Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Security Center Trojaner eingefangen (https://www.trojaner-board.de/112814-windows-security-center-trojaner-eingefangen.html)

LaurenLaw 31.03.2012 22:47
Windows Security Center Trojaner eingefangen
 
Hallo alle zusammen.

Gestern habe ich mir den Windows security center Trojaner eingefangen, der dann den Bildschirm blockierte und nichts mehr ging. Ich habe dann über das Handy versucht rauszubekommen was ich machen kann und habe über die STRL+ALT+Entf den Computer neu gestartet. Mit dem abgesicherten Modus kenne ich mich nicht aus (ehrlich gesagt kenne ich mich mit fast gar nichts aus was mit pcs zu tun hat) also habe ich da nichts gemacht. Nach dem Neustart tauchte natürlich sofort wieder die Windows security Meldung auf. Heute Morgen habe ich dann wieder STRL usw und Abmelden gedrückt und konnte dann wieder auf meinen Desktop zugreifen. Ich habe dann mit dem Antivir Programm einen Suchlauf gestartet und dabei kam folgendes heraus (entschuldigt bitte, ich weiß nicht wie das mit diesem [code] genau funktioniert, deswegen muss ich es jetzt so reinkopieren):


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 31. März 2012 10:46

Es wird nach 3569473 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername :XXX

Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 29.06.2011 08:31:07
AVSCAN.DLL : 10.0.5.0 57192 Bytes 29.06.2011 08:31:07
LUKE.DLL : 10.3.0.5 45416 Bytes 29.06.2011 08:31:07
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 29.06.2011 08:31:07
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 10:47:39
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 06:35:52
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:36:35
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 09:34:19
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 16:46:34
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:32:59
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 17:32:59
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 17:32:59
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 17:32:59
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 17:32:59
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 17:32:59
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 17:32:59
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 17:32:59
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 17:32:59
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 17:33:00
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 08:35:48
VBASE015.VDF : 7.11.26.108 2048 Bytes 30.03.2012 08:35:48
VBASE016.VDF : 7.11.26.109 2048 Bytes 30.03.2012 08:35:48
VBASE017.VDF : 7.11.26.110 2048 Bytes 30.03.2012 08:35:49
VBASE018.VDF : 7.11.26.111 2048 Bytes 30.03.2012 08:35:49
VBASE019.VDF : 7.11.26.112 2048 Bytes 30.03.2012 08:35:50
VBASE020.VDF : 7.11.26.113 2048 Bytes 30.03.2012 08:35:52
VBASE021.VDF : 7.11.26.114 2048 Bytes 30.03.2012 08:35:52
VBASE022.VDF : 7.11.26.115 2048 Bytes 30.03.2012 08:35:52
VBASE023.VDF : 7.11.26.116 2048 Bytes 30.03.2012 08:35:52
VBASE024.VDF : 7.11.26.117 2048 Bytes 30.03.2012 08:35:54
VBASE025.VDF : 7.11.26.118 2048 Bytes 30.03.2012 08:35:54
VBASE026.VDF : 7.11.26.119 2048 Bytes 30.03.2012 08:35:54
VBASE027.VDF : 7.11.26.120 2048 Bytes 30.03.2012 08:35:54
VBASE028.VDF : 7.11.26.121 2048 Bytes 30.03.2012 08:35:56
VBASE029.VDF : 7.11.26.122 2048 Bytes 30.03.2012 08:35:56
VBASE030.VDF : 7.11.26.123 2048 Bytes 30.03.2012 08:35:58
VBASE031.VDF : 7.11.26.142 154624 Bytes 30.03.2012 08:36:03
Engineversion : 8.2.10.34
AEVDF.DLL : 8.1.2.2 106868 Bytes 29.10.2011 10:10:46
AESCRIPT.DLL : 8.1.4.15 442747 Bytes 31.03.2012 08:37:21
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 16:44:33
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 12:36:29
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 11:52:10
AEPACK.DLL : 8.2.16.9 807287 Bytes 31.03.2012 08:37:15
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31.12.2011 11:05:21
AEHEUR.DLL : 8.1.4.10 4551031 Bytes 31.03.2012 08:37:04
AEHELP.DLL : 8.1.19.0 254327 Bytes 20.01.2012 11:43:49
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 15:38:34
AEEXP.DLL : 8.1.0.27 82293 Bytes 31.03.2012 08:37:25
AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 15:07:52
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 12:04:39
AEBB.DLL : 8.1.1.0 53618 Bytes 21.05.2010 22:29:23
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.3.2 44904 Bytes 29.06.2011 08:31:07
AVREP.DLL : 10.0.0.10 174120 Bytes 17.05.2011 15:24:40
AVARKT.DLL : 10.0.26.1 255336 Bytes 29.06.2011 08:31:07
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 29.06.2011 08:31:07
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 29.06.2011 08:31:06
RCTEXT.DLL : 10.0.64.0 98664 Bytes 29.06.2011 08:31:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 31. März 2012 10:46

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'TWebCamera.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaUI.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFProcSRVC.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegistryWriter.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCSUService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\XXX\AppData\Roaming\appconf32.exe
[FUND] Ist das Trojanische Pferd TR/Agent.53248
C:\Users\XXX\AppData\Local\Temp\mor.exe
[FUND] Ist das Trojanische Pferd TR/Barys.253.1

Die Registry wurde durchsucht ( '214' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <WINDOWS>
C:\Users\XXX\AppData\Local\Temp\mor.exe
[FUND] Ist das Trojanische Pferd TR/Barys.253.1
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-67d22ec3
[0] Archivtyp: ZIP
--> a/Test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
--> a/Help.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2a8923fe-19405a1c
[FUND] Ist das Trojanische Pferd TR/Barys.253.1
C:\Users\XXX\AppData\Roaming\appconf32.exe
[FUND] Ist das Trojanische Pferd TR/Agent.53248
Beginne mit der Suche in 'D:\' <Data>

Beginne mit der Desinfektion:
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2a8923fe-19405a1c
[FUND] Ist das Trojanische Pferd TR/Barys.253.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49f8775b.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-67d22ec3
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.D.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '511d58fd.qua' verschoben!
C:\Users\XXX\AppData\Local\Temp\mor.exe
[FUND] Ist das Trojanische Pferd TR/Barys.253.1
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vasja> wurde erfolgreich repariert.
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
[WARNUNG] Die Quelldatei konnte nicht gefunden werden.
[HINWEIS] Die Datei wurde zum Löschen nach einem Neustart markiert.
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
C:\Users\XXX\AppData\Roaming\appconf32.exe
[FUND] Ist das Trojanische Pferd TR/Agent.53248
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit> wurde erfolgreich repariert.
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
[WARNUNG] Die Quelldatei konnte nicht gefunden werden.
[HINWEIS] Die Datei wurde zum Löschen nach einem Neustart markiert.
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.


Ende des Suchlaufs: Samstag, 31. März 2012 12:39
Benötigte Zeit: 1:33:34 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

36841 Verzeichnisse wurden überprüft
535020 Dateien wurden geprüft
8 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
535012 Dateien ohne Befall
2377 Archive wurden durchsucht
2 Warnungen
4 Hinweise


Hiervon sind dann 2 (habe irgendwie 4 in Erinnerung, aber hier da oben steht ja es waren nur 2...) in Quarantäne verschoben worden und ich habe sie gelöscht (hätte ich das mit dem Löschen nicht tun sollen?).
Nachdem ich hier im Forum schon ganz viel gelesen hatte, hab ich mir auch noch Malwarebytes runtergeladen und alles scannen lassen. Das war wahrscheinlich überflüssig, weil ich es ja schon mit Antivira gemacht hatte, aber ich dachte sicher ist sicher. Da war dann alles in Ordnung. Nun funktioniert alles wieder, aber ich lese ja hier überall, dass noch ne ganze Menge andere Dinge runtergeladen werden sollen und sämtliche logfiles gepostet werden sollen, also gehe ich davon aus, dass auch bei mir, nicht auf wundersame Weise alles wieder in ordnung ist, auch wenn es den Anschein macht.
Achja, ich habe wie in der Anleitung für Neuanmelder steht auch Defogger und dds runtergeladen. Soll ich die logfiles posten?
Ich wäre sehr sehr dankbar, wenn mir jemand weiterhelfen und sagen kann ob der trojaner nun weg ist und was ich sonst noch tun soll. Und bitte seht mir nach, dass ich absolut keine Ahnung habe und ggf. mal blöd nachfragen muss.
Ich danke euch ganz herzlich im Vorraus!!

cosinus 02.04.2012 13:18
Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

LaurenLaw 02.04.2012 13:35
Code:
1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.31.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ms Lauren Law :: MSLAURENLAW [Administrator]

31.03.2012 11:40:25
mbam-log-2012-03-31 (11-40-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 397305
Laufzeit: 1 Stunde(n), 30 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
und hier die DDS scans

Code:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ms Lauren Law at 23:12:43 on 2012-03-31
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3933.2546 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
Code:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29.01.2010 23:55:48
System Uptime: 31.03.2012 22:58:19 (1 hours ago)
.
Motherboard: TOSHIBA |  | KSWAA
Processor: Pentium(R) Dual-Core CPU      T4400  @ 2.20GHz | U2E1 | 2200/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 78,499 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 142,088 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP227: 23.03.2012 13:08:32 - Windows Update
RP228: 27.03.2012 18:40:03 - Windows Update
RP229: 30.03.2012 13:21:58 - Windows Update
RP230: 31.03.2012 14:01:03 - Removed Before You Know It
RP231: 31.03.2012 14:02:16 - Removed Before You Know It
RP232: 31.03.2012 14:06:48 - Removed Pop Art Studio 6.0
RP233: 31.03.2012 14:08:52 - Removed Pop Art Studio 6.0
RP234: 31.03.2012 14:12:04 - Removed Cisco PEAP Module
RP235: 31.03.2012 14:12:26 - Removed Cisco LEAP Module
RP236: 31.03.2012 14:14:51 - Removed Cisco EAP-FAST Module
RP237: 31.03.2012 14:15:11 - Removed Cisco LEAP Module
RP238: 31.03.2012 14:28:16 - Knausermeister 0.5.1 wird entfernt
.
==== Installed Programs ======================

cosinus 02.04.2012 14:34
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

LaurenLaw 02.04.2012 15:22
Nein, ich habe mir das ja gerade erst runtergeladen, dass das hier imemr gesagt wird. Ich habe nur das Log von Avira, weil ich das normalerweise immer benutze. Der steht ja schon oben aber ich poste ihn nochmal:

Code:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 31. März 2012  10:46

Es wird nach 3569473 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  :XXX

Versionsinformationen:
BUILD.DAT      : 10.2.0.707    36070 Bytes  25.01.2012 12:53:00
AVSCAN.EXE    : 10.3.0.7      484008 Bytes  29.06.2011 08:31:07
AVSCAN.DLL    : 10.0.5.0      57192 Bytes  29.06.2011 08:31:07
LUKE.DLL      : 10.3.0.5      45416 Bytes  29.06.2011 08:31:07
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 10:59:47
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  29.06.2011 08:31:07
AVREG.DLL      : 10.3.0.9      88833 Bytes  13.07.2011 10:47:39
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 06:35:52
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 15:36:35
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 09:34:19
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 16:46:34
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 17:32:59
VBASE005.VDF  : 7.11.26.45      2048 Bytes  28.03.2012 17:32:59
VBASE006.VDF  : 7.11.26.46      2048 Bytes  28.03.2012 17:32:59
VBASE007.VDF  : 7.11.26.47      2048 Bytes  28.03.2012 17:32:59
VBASE008.VDF  : 7.11.26.48      2048 Bytes  28.03.2012 17:32:59
VBASE009.VDF  : 7.11.26.49      2048 Bytes  28.03.2012 17:32:59
VBASE010.VDF  : 7.11.26.50      2048 Bytes  28.03.2012 17:32:59
VBASE011.VDF  : 7.11.26.51      2048 Bytes  28.03.2012 17:32:59
VBASE012.VDF  : 7.11.26.52      2048 Bytes  28.03.2012 17:32:59
VBASE013.VDF  : 7.11.26.53      2048 Bytes  28.03.2012 17:33:00
VBASE014.VDF  : 7.11.26.107  221696 Bytes  30.03.2012 08:35:48
VBASE015.VDF  : 7.11.26.108    2048 Bytes  30.03.2012 08:35:48
VBASE016.VDF  : 7.11.26.109    2048 Bytes  30.03.2012 08:35:48
VBASE017.VDF  : 7.11.26.110    2048 Bytes  30.03.2012 08:35:49
VBASE018.VDF  : 7.11.26.111    2048 Bytes  30.03.2012 08:35:49
VBASE019.VDF  : 7.11.26.112    2048 Bytes  30.03.2012 08:35:50
VBASE020.VDF  : 7.11.26.113    2048 Bytes  30.03.2012 08:35:52
VBASE021.VDF  : 7.11.26.114    2048 Bytes  30.03.2012 08:35:52
VBASE022.VDF  : 7.11.26.115    2048 Bytes  30.03.2012 08:35:52
VBASE023.VDF  : 7.11.26.116    2048 Bytes  30.03.2012 08:35:52
VBASE024.VDF  : 7.11.26.117    2048 Bytes  30.03.2012 08:35:54
VBASE025.VDF  : 7.11.26.118    2048 Bytes  30.03.2012 08:35:54
VBASE026.VDF  : 7.11.26.119    2048 Bytes  30.03.2012 08:35:54
VBASE027.VDF  : 7.11.26.120    2048 Bytes  30.03.2012 08:35:54
VBASE028.VDF  : 7.11.26.121    2048 Bytes  30.03.2012 08:35:56
VBASE029.VDF  : 7.11.26.122    2048 Bytes  30.03.2012 08:35:56
VBASE030.VDF  : 7.11.26.123    2048 Bytes  30.03.2012 08:35:58
VBASE031.VDF  : 7.11.26.142  154624 Bytes  30.03.2012 08:36:03
Engineversion  : 8.2.10.34
AEVDF.DLL      : 8.1.2.2      106868 Bytes  29.10.2011 10:10:46
AESCRIPT.DLL  : 8.1.4.15      442747 Bytes  31.03.2012 08:37:21
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 16:44:33
AESBX.DLL      : 8.2.5.5      606579 Bytes  12.03.2012 12:36:29
AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 11:52:10
AEPACK.DLL    : 8.2.16.9      807287 Bytes  31.03.2012 08:37:15
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  31.12.2011 11:05:21
AEHEUR.DLL    : 8.1.4.10    4551031 Bytes  31.03.2012 08:37:04
AEHELP.DLL    : 8.1.19.0      254327 Bytes  20.01.2012 11:43:49
AEGEN.DLL      : 8.1.5.23      409973 Bytes  08.03.2012 15:38:34
AEEXP.DLL      : 8.1.0.27      82293 Bytes  31.03.2012 08:37:25
AEEMU.DLL      : 8.1.3.0      393589 Bytes  22.11.2010 15:07:52
AECORE.DLL    : 8.1.25.6      201078 Bytes  16.03.2012 12:04:39
AEBB.DLL      : 8.1.1.0        53618 Bytes  21.05.2010 22:29:23
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  14.01.2010 10:59:10
AVPREF.DLL    : 10.0.3.2      44904 Bytes  29.06.2011 08:31:07
AVREP.DLL      : 10.0.0.10    174120 Bytes  17.05.2011 15:24:40
AVARKT.DLL    : 10.0.26.1    255336 Bytes  29.06.2011 08:31:07
AVEVTLOG.DLL  : 10.0.0.9      203112 Bytes  29.06.2011 08:31:07
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54
NETNT.DLL      : 10.0.0.0      11624 Bytes  19.02.2010 13:40:55
RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  29.06.2011 08:31:06
RCTEXT.DLL    : 10.0.64.0      98664 Bytes  29.06.2011 08:31:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 31. März 2012  10:46

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'TWebCamera.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaUI.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFProcSRVC.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegistryWriter.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCSUService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\XXX\AppData\Roaming\appconf32.exe
  [FUND]      Ist das Trojanische Pferd TR/Agent.53248
C:\Users\XXX\AppData\Local\Temp\mor.exe
  [FUND]      Ist das Trojanische Pferd TR/Barys.253.1

Die Registry wurde durchsucht ( '214' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <WINDOWS>
C:\Users\XXX\AppData\Local\Temp\mor.exe
  [FUND]      Ist das Trojanische Pferd TR/Barys.253.1
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-67d22ec3
  [0] Archivtyp: ZIP
  --> a/Test.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  --> a/Help.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2a8923fe-19405a1c
  [FUND]      Ist das Trojanische Pferd TR/Barys.253.1
C:\Users\XXX\AppData\Roaming\appconf32.exe
  [FUND]      Ist das Trojanische Pferd TR/Agent.53248
Beginne mit der Suche in 'D:\' <Data>

Beginne mit der Desinfektion:
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2a8923fe-19405a1c
  [FUND]      Ist das Trojanische Pferd TR/Barys.253.1
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49f8775b.qua' verschoben!
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-67d22ec3
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.D.1
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '511d58fd.qua' verschoben!
C:\Users\XXX\AppData\Local\Temp\mor.exe
  [FUND]      Ist das Trojanische Pferd TR/Barys.253.1
  [HINWEIS]  Der Registrierungseintrag <HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vasja> wurde erfolgreich repariert.
  [WARNUNG]  Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
  [WARNUNG]  Die Quelldatei konnte nicht gefunden werden.
  [HINWEIS]  Die Datei wurde zum Löschen nach einem Neustart markiert.
  [HINWEIS]  Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
C:\Users\XXX\AppData\Roaming\appconf32.exe
  [FUND]      Ist das Trojanische Pferd TR/Agent.53248
  [HINWEIS]  Der Registrierungseintrag <HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit> wurde erfolgreich repariert.
  [WARNUNG]  Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
  [WARNUNG]  Die Quelldatei konnte nicht gefunden werden.
  [HINWEIS]  Die Datei wurde zum Löschen nach einem Neustart markiert.
  [HINWEIS]  Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.


Ende des Suchlaufs: Samstag, 31. März 2012  12:39
Benötigte Zeit:  1:33:34 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  36841 Verzeichnisse wurden überprüft
 535020 Dateien wurden geprüft
      8 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 535012 Dateien ohne Befall
  2377 Archive wurden durchsucht
      2 Warnungen
      4 Hinweise
Malwarebytes hab ich ja erst danach durchlaufen lassen

cosinus 02.04.2012 15:47
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


LaurenLaw 02.04.2012 19:50
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=af5f4d035b30d24d8661e6d4309fa5db
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-02 04:33:46
# local_time=2012-04-02 06:33:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 184514 69915583 1624 0
# compatibility_mode=5893 16776573 100 94 178475 85784398 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=205772
# found=4
# cleaned=0
# scan_time=5699
C:\Users\Ms Lauren Law\AudioConverter.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ms Lauren Law\AppData\Local\Temp\8A3D0C11-BAB0-7891-8B71-B3128C522581\MyBabylonTB.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ms Lauren Law\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\63289592-3a6c299f        a variant of Java/Exploit.CVE-2012-0507.D trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ms Lauren Law\FoxTabAudioConverter\AudioConverter.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I

cosinus 02.04.2012 20:47
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

LaurenLaw 02.04.2012 20:52
Ja, der Modus funktioniert wie immer.
Und soweit ich das sehe ist alles vorhanden.

cosinus 03.04.2012 14:16
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

LaurenLaw 03.04.2012 17:59
OTL Logfile:
Code:
OTL logfile created on: 03.04.2012 18:33:28 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Ms Lauren Law\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,89% Memory free
7,68 Gb Paging File | 6,20 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 78,39 Gb Free Space | 52,59% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 142,09 Gb Free Space | 95,58% Space Free | Partition Type: NTFS
 
Computer Name: MSLAURENLAW | User Name: Ms Lauren Law | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.03 18:30:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
PRC - [2011.06.29 10:31:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:54:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.05 12:22:42 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.08.11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.03.13 14:13:48 | 001,773,568 | ---- | M] (Sitecom Europe BV) -- C:\Program Files (x86)\Sitecom\Common\RaUI.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008.05.13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.06.29 10:31:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:54:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.08.06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.05.13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.29 10:31:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 10:31:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 18:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.28 18:23:34 | 000,888,832 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2007.11.02 13:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 13:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV:64bit: - [2007.11.02 13:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 13:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV:64bit: - [2007.11.02 13:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV:64bit: - [2007.11.02 13:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19948&mntrId=38403924000000000000701a04b0e92f
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{50A3730F-2D72-40FD-A330-5FDA609252E9}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE364
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{97779E92-3072-45F4-AA39-2DCAF9E977FB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=583afb11-5d49-480f-b035-ebf4c71a48c0&apn_sauid=6D3FEF6B-6767-4D3B-AB03-707CD6C1559C
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{F510F7BA-6F5F-499D-B208-858244ECB5BC}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
 
[2011.08.08 01:00:39 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.196 213.191.74.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FEBA7F-5812-44B6-AFC9-2ACC57EA3837}: DhcpNameServer = 62.109.123.196 213.191.74.18
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 18:30:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
[2012.04.03 18:21:48 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C878A2A9-A72E-4AA2-A6DF-76E01E8595BF}
[2012.04.02 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.02 16:55:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ms Lauren Law\Desktop\esetsmartinstaller_enu.exe
[2012.04.02 14:30:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{F9E44DCF-7B0E-4901-A259-BF7ACD26BB4F}
[2012.04.01 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8B4A1306-3D99-4093-BB5A-A2FCE5AFCDC0}
[2012.03.31 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{09C0A81C-DADF-4A4D-AC18-AF5388C2E713}
[2012.03.31 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\Malwarebytes
[2012.03.31 11:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 11:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 11:38:12 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.31 11:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.30 11:23:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C37C1C2E-7C3C-47F0-8E43-F3B32CA0B72C}
[2012.03.29 18:38:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.03.29 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
[2012.03.29 18:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2012.03.29 16:37:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E563ACED-D7EC-416A-96B1-79EF361C8E9D}
[2012.03.28 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{183243C4-DE5C-4900-8F92-7885071EBD6D}
[2012.03.28 19:28:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8F7902B8-CAE4-4752-AA45-E1EE5A77D172}
[2012.03.27 18:36:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9A4F505E-6EA2-4437-9434-847AFA9E16C5}
[2012.03.27 18:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C9B3E1AC-9999-47A8-A56F-E91CF7A25F3C}
[2012.03.26 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E962CC7F-3024-42C9-B8F5-1E583936E2AE}
[2012.03.26 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{3AAC1363-B6DE-465C-BF95-AE8A0B1E1088}
[2012.03.26 11:28:28 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{FA91CE2F-E6D6-47BE-B028-5C0B97380815}
[2012.03.25 23:24:34 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E6F2BC4A-2F07-4E28-B208-2D1069792578}
[2012.03.25 23:24:21 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{53125AD8-2C70-4AA6-8720-BE22DB3EFB58}
[2012.03.25 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{0A27A64A-879C-4CE7-9BBE-F75D75BEF239}
[2012.03.25 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C65F13BE-FDC3-443F-8734-6D2564D5DF68}
[2012.03.24 21:44:28 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A6A73D65-70CB-4009-94AD-DDE539FEA739}
[2012.03.24 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{CAEE484A-72EA-4A13-8BB3-A04B350098D2}
[2012.03.24 02:08:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E5F20CE6-6740-4ECA-8991-0153FB2D148C}
[2012.03.24 02:08:01 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{BF2EC880-C313-47DD-B234-CAAA3E01576F}
[2012.03.23 14:07:24 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{19EB0A7B-2AD4-4276-A9ED-DEC7B72E21AF}
[2012.03.23 14:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{EE26DBF6-F74E-4388-9196-FBF7448CC60C}
[2012.03.23 09:24:07 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1F1D9C7E-6EB8-4EA4-B6E7-FB930646ACF7}
[2012.03.22 19:56:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{62CA7E7F-5212-4E28-99A4-82AD4222AAC5}
[2012.03.22 16:49:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{80730D55-3309-42D0-AEE7-8DA8E62AEDC4}
[2012.03.22 09:03:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{08263CC1-CA4C-4A57-87D9-5587911E7FD2}
[2012.03.21 15:24:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8D81CDC1-7545-4D50-A8B7-00C4E67E45C9}
[2012.03.20 17:19:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{2EAA5FFD-811C-4ECE-9BE3-2FC29D6BAEAE}
[2012.03.20 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8BCCBC0B-0224-4EE9-9FA4-AD247CDD5984}
[2012.03.19 22:45:19 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{6F0F6708-8B1A-4605-8854-BFCA88A6026C}
[2012.03.19 22:45:07 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{57FD76AC-9719-4F58-90E7-3FD338697C65}
[2012.03.19 22:44:20 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{19C7F24F-63B2-4EA3-B7B1-1D637109F5D6}
[2012.03.19 17:43:56 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{52DEC92F-BBE8-4C4F-AD65-642479AA6484}
[2012.03.18 12:36:47 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{28F7EB4D-2E25-480F-AD56-9BBF9FA914B9}
[2012.03.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{6885241F-0556-4785-BA6F-A5BD9B4CEA2B}
[2012.03.18 01:39:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A6B52356-2024-4AD9-983A-ABCF610CBC4A}
[2012.03.17 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8AA18644-85DD-4AD0-9697-14E2D5FCB75C}
[2012.03.17 19:55:05 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{24ACBAB1-2D9C-4986-9206-BAFCBA2F063F}
[2012.03.17 19:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{0EACE33A-08B5-4090-BDBA-D3FD5437174B}
[2012.03.17 00:32:50 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{CDF122DB-9FE1-4FFC-9054-F72A72A1D145}
[2012.03.16 14:03:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{BD7D72DE-9987-4AD2-BA95-DD3945C75D52}
[2012.03.16 00:49:26 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{AB88906C-429C-4BCD-837B-206086DAAFC8}
[2012.03.16 00:49:15 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1E67E2B3-AD11-4A0E-8724-408DF048A17C}
[2012.03.15 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{23B9A282-A01D-4474-B58A-1AD1437D0ADE}
[2012.03.15 02:59:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{F8E628D9-304B-40C3-9838-2C9D9B54C58C}
[2012.03.15 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5ADD9D01-1353-424E-BEC0-10130BA08D06}
[2012.03.14 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5D809630-9A61-495B-BAD3-A321CB119904}
[2012.03.13 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D9580306-2BAD-41DD-BC81-D4FB310448E3}
[2012.03.12 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{862F2D6A-7677-401B-83A3-9496F531E8F4}
[2012.03.12 21:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{74B9F3E1-AA88-46DC-85B7-E5AA8ED6AA47}
[2012.03.12 14:29:45 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C3B49C07-4B54-4756-92D0-A7BC46210C50}
[2012.03.12 01:44:55 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E6DC3807-8826-47A8-AF65-C0A3C637913C}
[2012.03.12 01:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{22C9099D-60FC-40A7-9AB6-89094511411D}
[2012.03.12 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{2D7EEEF7-A694-491D-A75B-5DEE0EAC49A4}
[2012.03.11 22:10:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{764129B2-565A-45CA-86DA-CFB6483C39B1}
[2012.03.11 14:10:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D6A26495-E03E-4207-9FA2-51D7DEF45AA1}
[2012.03.10 23:54:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{128A3907-C983-4F08-B9CA-9AE3A8A928C3}
[2012.03.10 19:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.10 14:06:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E7296D4E-96F2-4DDF-A409-94B38BBE2D9F}
[2012.03.10 00:29:22 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9446F195-117A-4FF7-8853-8E2D07F866A6}
[2012.03.09 12:29:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{82EE9D67-AE43-45DA-8759-5CEBA48B4079}
[2012.03.08 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C7CDE725-15A1-467B-B670-8B796453E423}
[2012.03.08 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9603C5E7-B40C-4682-8D77-1B3B1BFB9FCD}
[2012.03.07 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{594D2FD7-AFEE-4136-BDC2-994660223C9C}
[2012.03.07 22:21:14 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{370B6739-775A-4FD7-9A12-9033CC9DA447}
[2012.03.07 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1C43745A-04AC-49A0-BE89-BD768FA13C09}
[2012.03.07 12:09:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5430F878-56C1-44B5-A005-28454A242CC1}
[2012.03.06 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D6CC326A-6DFC-4065-94AE-227700729853}
[2012.03.06 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{38091376-3C0C-400A-A93A-044F6296C34C}
[2012.03.06 19:11:08 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C543FB6E-4600-48C3-9793-CD685AD758C2}
[2012.03.06 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A01618A0-6298-4405-89F1-AFB05971377F}
[2012.03.05 20:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{181C4320-A0D2-4120-9909-57DB4D051A59}
[2012.03.05 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{7F872E1E-61C0-444D-BD64-453BF7D50DE3}
[2012.03.05 00:40:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{DDD0A1F7-A6FC-4734-B041-11E92E629A11}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ms Lauren Law\Documents\*.tmp files -> C:\Users\Ms Lauren Law\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 18:30:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
[2012.04.03 18:29:03 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:29:03 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:26:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 18:20:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 18:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 18:19:50 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 16:55:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ms Lauren Law\Desktop\esetsmartinstaller_enu.exe
[2012.04.01 18:45:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.01 18:45:34 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.01 18:45:34 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.01 18:45:34 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.01 18:45:34 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.01 16:12:12 | 001,479,782 | ---- | M] () -- C:\Users\Ms Lauren Law\Desktop\IMG_2240.JPG
[2012.04.01 00:21:42 | 000,000,000 | ---- | M] () -- C:\Users\Ms Lauren Law\defogger_reenable
[2012.03.31 14:36:11 | 000,449,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.31 11:38:14 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.18 01:57:16 | 017,106,508 | ---- | M] () -- C:\Users\Ms Lauren Law\Desktop\JTR#2.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ms Lauren Law\Documents\*.tmp files -> C:\Users\Ms Lauren Law\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.01 16:10:34 | 001,479,782 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\IMG_2240.JPG
[2012.04.01 00:21:42 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\defogger_reenable
[2012.03.31 11:38:14 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 20:45:32 | 000,179,377 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\Sammelmappe1.pdf
[2012.03.18 01:56:18 | 017,106,508 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\JTR#2.pdf
[2011.06.25 20:01:55 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{05E10ECA-E7F4-4700-B7C7-71884D76C15B}
[2011.06.02 00:11:40 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{979EA77D-742A-4474-A196-C940A586055D}
[2011.05.18 12:13:48 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{8998F5C4-7106-43FE-B72D-1DC13F86B9B5}
[2010.11.09 19:23:17 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.08 18:13:06 | 000,006,656 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 21:44:53 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\rt2870.bin
[2010.06.12 21:44:49 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010.06.12 21:44:35 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll
 
========== LOP Check ==========
 
[2011.08.08 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Babylon
[2011.02.24 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DAEMON Tools Lite
[2011.08.13 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoft
[2012.03.31 14:03:42 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.05 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\GetRightToGo
[2012.01.31 23:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\gtk-2.0
[2012.03.29 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2011.08.11 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy
[2010.11.06 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenOffice.org
[2011.02.24 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\SoftGrid Client
[2010.02.01 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Toshiba
[2010.11.09 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\TP
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.02.10 00:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Vso
[2010.12.26 04:05:53 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WildTangent
[2011.08.12 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Windows Live Writer
[2012.01.30 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WordToPDF
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
[2012.02.14 14:56:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.30 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Adobe
[2011.11.25 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Apple Computer
[2010.05.22 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Avira
[2011.08.08 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Babylon
[2011.02.24 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DAEMON Tools Lite
[2011.08.13 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoft
[2012.03.31 14:03:42 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.05 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\GetRightToGo
[2010.01.30 01:03:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Google
[2012.01.31 23:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\gtk-2.0
[2010.01.30 01:00:09 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Identities
[2012.03.29 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2009.09.08 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Macromedia
[2012.03.31 11:38:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Media Center Programs
[2012.03.31 14:28:31 | 000,000,000 | --SD | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft
[2011.08.11 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy
[2010.11.06 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenOffice.org
[2012.03.26 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Skype
[2012.03.26 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\skypePM
[2011.02.24 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\SoftGrid Client
[2010.02.01 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Toshiba
[2010.11.09 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\TP
[2010.07.08 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\U3
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.02.10 00:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Vso
[2010.12.26 04:05:53 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WildTangent
[2011.08.12 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Windows Live Writer
[2012.01.30 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WordToPDF
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2009.08.05 18:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Ms Lauren Law\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.11 14:10:49 | 000,416,160 | ---- | M] () -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy\OpenCandy_959A1C094B2143DAB6E4BFA66810C16D\LatestDLMgr.exe
[2011.08.02 00:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy\OpenCandy_959A1C094B2143DAB6E4BFA66810C16D\pcspeedup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

LaurenLaw 03.04.2012 18:03
OTL Logfile:
Code:
OTL logfile created on: 03.04.2012 18:33:28 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Ms Lauren Law\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,89% Memory free
7,68 Gb Paging File | 6,20 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 78,39 Gb Free Space | 52,59% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 142,09 Gb Free Space | 95,58% Space Free | Partition Type: NTFS
 
Computer Name: MSLAURENLAW | User Name: Ms Lauren Law | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.03 18:30:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
PRC - [2011.06.29 10:31:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:54:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.05 12:22:42 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.08.11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.03.13 14:13:48 | 001,773,568 | ---- | M] (Sitecom Europe BV) -- C:\Program Files (x86)\Sitecom\Common\RaUI.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008.05.13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.06.29 10:31:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:54:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.08.06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.05.13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.29 10:31:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 10:31:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 18:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.28 18:23:34 | 000,888,832 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2007.11.02 13:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 13:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV:64bit: - [2007.11.02 13:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 13:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV:64bit: - [2007.11.02 13:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV:64bit: - [2007.11.02 13:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19948&mntrId=38403924000000000000701a04b0e92f
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{50A3730F-2D72-40FD-A330-5FDA609252E9}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE364
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{97779E92-3072-45F4-AA39-2DCAF9E977FB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=583afb11-5d49-480f-b035-ebf4c71a48c0&apn_sauid=6D3FEF6B-6767-4D3B-AB03-707CD6C1559C
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{F510F7BA-6F5F-499D-B208-858244ECB5BC}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
 
[2011.08.08 01:00:39 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.196 213.191.74.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FEBA7F-5812-44B6-AFC9-2ACC57EA3837}: DhcpNameServer = 62.109.123.196 213.191.74.18
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 18:30:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
[2012.04.03 18:21:48 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C878A2A9-A72E-4AA2-A6DF-76E01E8595BF}
[2012.04.02 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.02 16:55:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ms Lauren Law\Desktop\esetsmartinstaller_enu.exe
[2012.04.02 14:30:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{F9E44DCF-7B0E-4901-A259-BF7ACD26BB4F}
[2012.04.01 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8B4A1306-3D99-4093-BB5A-A2FCE5AFCDC0}
[2012.03.31 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{09C0A81C-DADF-4A4D-AC18-AF5388C2E713}
[2012.03.31 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\Malwarebytes
[2012.03.31 11:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 11:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 11:38:12 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.31 11:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.30 11:23:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C37C1C2E-7C3C-47F0-8E43-F3B32CA0B72C}
[2012.03.29 18:38:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.03.29 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
[2012.03.29 18:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2012.03.29 16:37:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E563ACED-D7EC-416A-96B1-79EF361C8E9D}
[2012.03.28 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{183243C4-DE5C-4900-8F92-7885071EBD6D}
[2012.03.28 19:28:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8F7902B8-CAE4-4752-AA45-E1EE5A77D172}
[2012.03.27 18:36:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9A4F505E-6EA2-4437-9434-847AFA9E16C5}
[2012.03.27 18:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C9B3E1AC-9999-47A8-A56F-E91CF7A25F3C}
[2012.03.26 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E962CC7F-3024-42C9-B8F5-1E583936E2AE}
[2012.03.26 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{3AAC1363-B6DE-465C-BF95-AE8A0B1E1088}
[2012.03.26 11:28:28 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{FA91CE2F-E6D6-47BE-B028-5C0B97380815}
[2012.03.25 23:24:34 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E6F2BC4A-2F07-4E28-B208-2D1069792578}
[2012.03.25 23:24:21 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{53125AD8-2C70-4AA6-8720-BE22DB3EFB58}
[2012.03.25 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{0A27A64A-879C-4CE7-9BBE-F75D75BEF239}
[2012.03.25 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C65F13BE-FDC3-443F-8734-6D2564D5DF68}
[2012.03.24 21:44:28 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A6A73D65-70CB-4009-94AD-DDE539FEA739}
[2012.03.24 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{CAEE484A-72EA-4A13-8BB3-A04B350098D2}
[2012.03.24 02:08:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E5F20CE6-6740-4ECA-8991-0153FB2D148C}
[2012.03.24 02:08:01 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{BF2EC880-C313-47DD-B234-CAAA3E01576F}
[2012.03.23 14:07:24 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{19EB0A7B-2AD4-4276-A9ED-DEC7B72E21AF}
[2012.03.23 14:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{EE26DBF6-F74E-4388-9196-FBF7448CC60C}
[2012.03.23 09:24:07 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1F1D9C7E-6EB8-4EA4-B6E7-FB930646ACF7}
[2012.03.22 19:56:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{62CA7E7F-5212-4E28-99A4-82AD4222AAC5}
[2012.03.22 16:49:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{80730D55-3309-42D0-AEE7-8DA8E62AEDC4}
[2012.03.22 09:03:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{08263CC1-CA4C-4A57-87D9-5587911E7FD2}
[2012.03.21 15:24:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8D81CDC1-7545-4D50-A8B7-00C4E67E45C9}
[2012.03.20 17:19:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{2EAA5FFD-811C-4ECE-9BE3-2FC29D6BAEAE}
[2012.03.20 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8BCCBC0B-0224-4EE9-9FA4-AD247CDD5984}
[2012.03.19 22:45:19 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{6F0F6708-8B1A-4605-8854-BFCA88A6026C}
[2012.03.19 22:45:07 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{57FD76AC-9719-4F58-90E7-3FD338697C65}
[2012.03.19 22:44:20 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{19C7F24F-63B2-4EA3-B7B1-1D637109F5D6}
[2012.03.19 17:43:56 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{52DEC92F-BBE8-4C4F-AD65-642479AA6484}
[2012.03.18 12:36:47 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{28F7EB4D-2E25-480F-AD56-9BBF9FA914B9}
[2012.03.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{6885241F-0556-4785-BA6F-A5BD9B4CEA2B}
[2012.03.18 01:39:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A6B52356-2024-4AD9-983A-ABCF610CBC4A}
[2012.03.17 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8AA18644-85DD-4AD0-9697-14E2D5FCB75C}
[2012.03.17 19:55:05 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{24ACBAB1-2D9C-4986-9206-BAFCBA2F063F}
[2012.03.17 19:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{0EACE33A-08B5-4090-BDBA-D3FD5437174B}
[2012.03.17 00:32:50 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{CDF122DB-9FE1-4FFC-9054-F72A72A1D145}
[2012.03.16 14:03:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{BD7D72DE-9987-4AD2-BA95-DD3945C75D52}
[2012.03.16 00:49:26 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{AB88906C-429C-4BCD-837B-206086DAAFC8}
[2012.03.16 00:49:15 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1E67E2B3-AD11-4A0E-8724-408DF048A17C}
[2012.03.15 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{23B9A282-A01D-4474-B58A-1AD1437D0ADE}
[2012.03.15 02:59:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{F8E628D9-304B-40C3-9838-2C9D9B54C58C}
[2012.03.15 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5ADD9D01-1353-424E-BEC0-10130BA08D06}
[2012.03.14 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5D809630-9A61-495B-BAD3-A321CB119904}
[2012.03.13 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D9580306-2BAD-41DD-BC81-D4FB310448E3}
[2012.03.12 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{862F2D6A-7677-401B-83A3-9496F531E8F4}
[2012.03.12 21:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{74B9F3E1-AA88-46DC-85B7-E5AA8ED6AA47}
[2012.03.12 14:29:45 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C3B49C07-4B54-4756-92D0-A7BC46210C50}
[2012.03.12 01:44:55 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E6DC3807-8826-47A8-AF65-C0A3C637913C}
[2012.03.12 01:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{22C9099D-60FC-40A7-9AB6-89094511411D}
[2012.03.12 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{2D7EEEF7-A694-491D-A75B-5DEE0EAC49A4}
[2012.03.11 22:10:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{764129B2-565A-45CA-86DA-CFB6483C39B1}
[2012.03.11 14:10:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D6A26495-E03E-4207-9FA2-51D7DEF45AA1}
[2012.03.10 23:54:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{128A3907-C983-4F08-B9CA-9AE3A8A928C3}
[2012.03.10 19:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.10 14:06:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E7296D4E-96F2-4DDF-A409-94B38BBE2D9F}
[2012.03.10 00:29:22 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9446F195-117A-4FF7-8853-8E2D07F866A6}
[2012.03.09 12:29:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{82EE9D67-AE43-45DA-8759-5CEBA48B4079}
[2012.03.08 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C7CDE725-15A1-467B-B670-8B796453E423}
[2012.03.08 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9603C5E7-B40C-4682-8D77-1B3B1BFB9FCD}
[2012.03.07 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{594D2FD7-AFEE-4136-BDC2-994660223C9C}
[2012.03.07 22:21:14 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{370B6739-775A-4FD7-9A12-9033CC9DA447}
[2012.03.07 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1C43745A-04AC-49A0-BE89-BD768FA13C09}
[2012.03.07 12:09:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5430F878-56C1-44B5-A005-28454A242CC1}
[2012.03.06 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D6CC326A-6DFC-4065-94AE-227700729853}
[2012.03.06 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{38091376-3C0C-400A-A93A-044F6296C34C}
[2012.03.06 19:11:08 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C543FB6E-4600-48C3-9793-CD685AD758C2}
[2012.03.06 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A01618A0-6298-4405-89F1-AFB05971377F}
[2012.03.05 20:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{181C4320-A0D2-4120-9909-57DB4D051A59}
[2012.03.05 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{7F872E1E-61C0-444D-BD64-453BF7D50DE3}
[2012.03.05 00:40:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{DDD0A1F7-A6FC-4734-B041-11E92E629A11}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ms Lauren Law\Documents\*.tmp files -> C:\Users\Ms Lauren Law\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 18:30:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
[2012.04.03 18:29:03 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:29:03 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:26:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 18:20:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 18:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 18:19:50 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 16:55:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ms Lauren Law\Desktop\esetsmartinstaller_enu.exe
[2012.04.01 18:45:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.01 18:45:34 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.01 18:45:34 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.01 18:45:34 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.01 18:45:34 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.01 16:12:12 | 001,479,782 | ---- | M] () -- C:\Users\Ms Lauren Law\Desktop\IMG_2240.JPG
[2012.04.01 00:21:42 | 000,000,000 | ---- | M] () -- C:\Users\Ms Lauren Law\defogger_reenable
[2012.03.31 14:36:11 | 000,449,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.31 11:38:14 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.18 01:57:16 | 017,106,508 | ---- | M] () -- C:\Users\Ms Lauren Law\Desktop\JTR#2.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ms Lauren Law\Documents\*.tmp files -> C:\Users\Ms Lauren Law\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.01 16:10:34 | 001,479,782 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\IMG_2240.JPG
[2012.04.01 00:21:42 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\defogger_reenable
[2012.03.31 11:38:14 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 20:45:32 | 000,179,377 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\Sammelmappe1.pdf
[2012.03.18 01:56:18 | 017,106,508 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\JTR#2.pdf
[2011.06.25 20:01:55 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{05E10ECA-E7F4-4700-B7C7-71884D76C15B}
[2011.06.02 00:11:40 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{979EA77D-742A-4474-A196-C940A586055D}
[2011.05.18 12:13:48 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{8998F5C4-7106-43FE-B72D-1DC13F86B9B5}
[2010.11.09 19:23:17 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.08 18:13:06 | 000,006,656 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 21:44:53 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\rt2870.bin
[2010.06.12 21:44:49 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010.06.12 21:44:35 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll
 
========== LOP Check ==========
 
[2011.08.08 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Babylon
[2011.02.24 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DAEMON Tools Lite
[2011.08.13 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoft
[2012.03.31 14:03:42 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.05 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\GetRightToGo
[2012.01.31 23:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\gtk-2.0
[2012.03.29 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2011.08.11 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy
[2010.11.06 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenOffice.org
[2011.02.24 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\SoftGrid Client
[2010.02.01 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Toshiba
[2010.11.09 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\TP
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.02.10 00:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Vso
[2010.12.26 04:05:53 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WildTangent
[2011.08.12 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Windows Live Writer
[2012.01.30 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WordToPDF
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
[2012.02.14 14:56:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.30 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Adobe
[2011.11.25 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Apple Computer
[2010.05.22 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Avira
[2011.08.08 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Babylon
[2011.02.24 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DAEMON Tools Lite
[2011.08.13 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoft
[2012.03.31 14:03:42 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.05 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\GetRightToGo
[2010.01.30 01:03:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Google
[2012.01.31 23:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\gtk-2.0
[2010.01.30 01:00:09 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Identities
[2012.03.29 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2009.09.08 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Macromedia
[2012.03.31 11:38:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Media Center Programs
[2012.03.31 14:28:31 | 000,000,000 | --SD | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft
[2011.08.11 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy
[2010.11.06 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenOffice.org
[2012.03.26 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Skype
[2012.03.26 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\skypePM
[2011.02.24 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\SoftGrid Client
[2010.02.01 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Toshiba
[2010.11.09 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\TP
[2010.07.08 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\U3
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.02.10 00:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Vso
[2010.12.26 04:05:53 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WildTangent
[2011.08.12 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Windows Live Writer
[2012.01.30 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WordToPDF
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2009.08.05 18:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Ms Lauren Law\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.11 14:10:49 | 000,416,160 | ---- | M] () -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy\OpenCandy_959A1C094B2143DAB6E4BFA66810C16D\LatestDLMgr.exe
[2011.08.02 00:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy\OpenCandy_959A1C094B2143DAB6E4BFA66810C16D\pcspeedup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

LaurenLaw 03.04.2012 18:22
Heute ist mein Internet extrem langsam, aber das hat wohl eher nichts mit dem ganzen hier zu tun oder?

Also hier der Inhalt von OTL:

OTL Logfile:
Code:
OTL logfile created on: 03.04.2012 18:33:28 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Ms Lauren Law\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 65,89% Memory free
7,68 Gb Paging File | 6,20 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 78,39 Gb Free Space | 52,59% Space Free | Partition Type: NTFS
Drive D: | 148,65 Gb Total Space | 142,09 Gb Free Space | 95,58% Space Free | Partition Type: NTFS
 
Computer Name: MSLAURENLAW | User Name: Ms Lauren Law | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.03 18:30:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
PRC - [2011.06.29 10:31:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:54:05 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.05 12:22:42 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.08.11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009.03.13 14:13:48 | 001,773,568 | ---- | M] (Sitecom Europe BV) -- C:\Program Files (x86)\Sitecom\Common\RaUI.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008.05.13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.06.29 10:31:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:54:05 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.08.06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.05.13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.29 10:31:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 10:31:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.30 18:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009.07.20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 07:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.28 18:23:34 | 000,888,832 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2007.11.02 13:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 13:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
DRV:64bit: - [2007.11.02 13:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 13:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
DRV:64bit: - [2007.11.02 13:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV:64bit: - [2007.11.02 13:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19948&mntrId=38403924000000000000701a04b0e92f
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{50A3730F-2D72-40FD-A330-5FDA609252E9}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE364
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{97779E92-3072-45F4-AA39-2DCAF9E977FB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=583afb11-5d49-480f-b035-ebf4c71a48c0&apn_sauid=6D3FEF6B-6767-4D3B-AB03-707CD6C1559C
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{F510F7BA-6F5F-499D-B208-858244ECB5BC}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
 
[2011.08.08 01:00:39 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.196 213.191.74.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FEBA7F-5812-44B6-AFC9-2ACC57EA3837}: DhcpNameServer = 62.109.123.196 213.191.74.18
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1DE4C716-4A8E-44BE-A053-EF43EEAE57F6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.03 18:30:40 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
[2012.04.03 18:21:48 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C878A2A9-A72E-4AA2-A6DF-76E01E8595BF}
[2012.04.02 16:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.02 16:55:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ms Lauren Law\Desktop\esetsmartinstaller_enu.exe
[2012.04.02 14:30:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{F9E44DCF-7B0E-4901-A259-BF7ACD26BB4F}
[2012.04.01 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8B4A1306-3D99-4093-BB5A-A2FCE5AFCDC0}
[2012.03.31 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{09C0A81C-DADF-4A4D-AC18-AF5388C2E713}
[2012.03.31 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\Malwarebytes
[2012.03.31 11:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 11:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 11:38:12 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.31 11:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.30 11:23:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C37C1C2E-7C3C-47F0-8E43-F3B32CA0B72C}
[2012.03.29 18:38:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.03.29 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
[2012.03.29 18:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2012.03.29 16:37:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E563ACED-D7EC-416A-96B1-79EF361C8E9D}
[2012.03.28 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{183243C4-DE5C-4900-8F92-7885071EBD6D}
[2012.03.28 19:28:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8F7902B8-CAE4-4752-AA45-E1EE5A77D172}
[2012.03.27 18:36:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9A4F505E-6EA2-4437-9434-847AFA9E16C5}
[2012.03.27 18:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C9B3E1AC-9999-47A8-A56F-E91CF7A25F3C}
[2012.03.26 14:53:13 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E962CC7F-3024-42C9-B8F5-1E583936E2AE}
[2012.03.26 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{3AAC1363-B6DE-465C-BF95-AE8A0B1E1088}
[2012.03.26 11:28:28 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{FA91CE2F-E6D6-47BE-B028-5C0B97380815}
[2012.03.25 23:24:34 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E6F2BC4A-2F07-4E28-B208-2D1069792578}
[2012.03.25 23:24:21 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{53125AD8-2C70-4AA6-8720-BE22DB3EFB58}
[2012.03.25 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{0A27A64A-879C-4CE7-9BBE-F75D75BEF239}
[2012.03.25 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C65F13BE-FDC3-443F-8734-6D2564D5DF68}
[2012.03.24 21:44:28 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A6A73D65-70CB-4009-94AD-DDE539FEA739}
[2012.03.24 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{CAEE484A-72EA-4A13-8BB3-A04B350098D2}
[2012.03.24 02:08:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E5F20CE6-6740-4ECA-8991-0153FB2D148C}
[2012.03.24 02:08:01 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{BF2EC880-C313-47DD-B234-CAAA3E01576F}
[2012.03.23 14:07:24 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{19EB0A7B-2AD4-4276-A9ED-DEC7B72E21AF}
[2012.03.23 14:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{EE26DBF6-F74E-4388-9196-FBF7448CC60C}
[2012.03.23 09:24:07 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1F1D9C7E-6EB8-4EA4-B6E7-FB930646ACF7}
[2012.03.22 19:56:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{62CA7E7F-5212-4E28-99A4-82AD4222AAC5}
[2012.03.22 16:49:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{80730D55-3309-42D0-AEE7-8DA8E62AEDC4}
[2012.03.22 09:03:16 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{08263CC1-CA4C-4A57-87D9-5587911E7FD2}
[2012.03.21 15:24:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8D81CDC1-7545-4D50-A8B7-00C4E67E45C9}
[2012.03.20 17:19:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{2EAA5FFD-811C-4ECE-9BE3-2FC29D6BAEAE}
[2012.03.20 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8BCCBC0B-0224-4EE9-9FA4-AD247CDD5984}
[2012.03.19 22:45:19 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{6F0F6708-8B1A-4605-8854-BFCA88A6026C}
[2012.03.19 22:45:07 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{57FD76AC-9719-4F58-90E7-3FD338697C65}
[2012.03.19 22:44:20 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{19C7F24F-63B2-4EA3-B7B1-1D637109F5D6}
[2012.03.19 17:43:56 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{52DEC92F-BBE8-4C4F-AD65-642479AA6484}
[2012.03.18 12:36:47 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{28F7EB4D-2E25-480F-AD56-9BBF9FA914B9}
[2012.03.18 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{6885241F-0556-4785-BA6F-A5BD9B4CEA2B}
[2012.03.18 01:39:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A6B52356-2024-4AD9-983A-ABCF610CBC4A}
[2012.03.17 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{8AA18644-85DD-4AD0-9697-14E2D5FCB75C}
[2012.03.17 19:55:05 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{24ACBAB1-2D9C-4986-9206-BAFCBA2F063F}
[2012.03.17 19:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{0EACE33A-08B5-4090-BDBA-D3FD5437174B}
[2012.03.17 00:32:50 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{CDF122DB-9FE1-4FFC-9054-F72A72A1D145}
[2012.03.16 14:03:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{BD7D72DE-9987-4AD2-BA95-DD3945C75D52}
[2012.03.16 00:49:26 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{AB88906C-429C-4BCD-837B-206086DAAFC8}
[2012.03.16 00:49:15 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1E67E2B3-AD11-4A0E-8724-408DF048A17C}
[2012.03.15 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{23B9A282-A01D-4474-B58A-1AD1437D0ADE}
[2012.03.15 02:59:12 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{F8E628D9-304B-40C3-9838-2C9D9B54C58C}
[2012.03.15 02:59:01 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5ADD9D01-1353-424E-BEC0-10130BA08D06}
[2012.03.14 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5D809630-9A61-495B-BAD3-A321CB119904}
[2012.03.13 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D9580306-2BAD-41DD-BC81-D4FB310448E3}
[2012.03.12 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{862F2D6A-7677-401B-83A3-9496F531E8F4}
[2012.03.12 21:06:39 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{74B9F3E1-AA88-46DC-85B7-E5AA8ED6AA47}
[2012.03.12 14:29:45 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C3B49C07-4B54-4756-92D0-A7BC46210C50}
[2012.03.12 01:44:55 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E6DC3807-8826-47A8-AF65-C0A3C637913C}
[2012.03.12 01:44:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{22C9099D-60FC-40A7-9AB6-89094511411D}
[2012.03.12 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{2D7EEEF7-A694-491D-A75B-5DEE0EAC49A4}
[2012.03.11 22:10:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{764129B2-565A-45CA-86DA-CFB6483C39B1}
[2012.03.11 14:10:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D6A26495-E03E-4207-9FA2-51D7DEF45AA1}
[2012.03.10 23:54:04 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{128A3907-C983-4F08-B9CA-9AE3A8A928C3}
[2012.03.10 19:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.10 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.10 14:06:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{E7296D4E-96F2-4DDF-A409-94B38BBE2D9F}
[2012.03.10 00:29:22 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9446F195-117A-4FF7-8853-8E2D07F866A6}
[2012.03.09 12:29:10 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{82EE9D67-AE43-45DA-8759-5CEBA48B4079}
[2012.03.08 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C7CDE725-15A1-467B-B670-8B796453E423}
[2012.03.08 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{9603C5E7-B40C-4682-8D77-1B3B1BFB9FCD}
[2012.03.07 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{594D2FD7-AFEE-4136-BDC2-994660223C9C}
[2012.03.07 22:21:14 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{370B6739-775A-4FD7-9A12-9033CC9DA447}
[2012.03.07 18:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{1C43745A-04AC-49A0-BE89-BD768FA13C09}
[2012.03.07 12:09:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{5430F878-56C1-44B5-A005-28454A242CC1}
[2012.03.06 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{D6CC326A-6DFC-4065-94AE-227700729853}
[2012.03.06 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{38091376-3C0C-400A-A93A-044F6296C34C}
[2012.03.06 19:11:08 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{C543FB6E-4600-48C3-9793-CD685AD758C2}
[2012.03.06 13:18:11 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{A01618A0-6298-4405-89F1-AFB05971377F}
[2012.03.05 20:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{181C4320-A0D2-4120-9909-57DB4D051A59}
[2012.03.05 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{7F872E1E-61C0-444D-BD64-453BF7D50DE3}
[2012.03.05 00:40:54 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Local\{DDD0A1F7-A6FC-4734-B041-11E92E629A11}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ms Lauren Law\Documents\*.tmp files -> C:\Users\Ms Lauren Law\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.03 18:30:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ms Lauren Law\Desktop\OTL.exe
[2012.04.03 18:29:03 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:29:03 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 18:26:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 18:20:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.03 18:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 18:19:50 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.02 16:55:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ms Lauren Law\Desktop\esetsmartinstaller_enu.exe
[2012.04.01 18:45:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.01 18:45:34 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.01 18:45:34 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.01 18:45:34 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.01 18:45:34 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.01 16:12:12 | 001,479,782 | ---- | M] () -- C:\Users\Ms Lauren Law\Desktop\IMG_2240.JPG
[2012.04.01 00:21:42 | 000,000,000 | ---- | M] () -- C:\Users\Ms Lauren Law\defogger_reenable
[2012.03.31 14:36:11 | 000,449,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.31 11:38:14 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.18 01:57:16 | 017,106,508 | ---- | M] () -- C:\Users\Ms Lauren Law\Desktop\JTR#2.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ms Lauren Law\Documents\*.tmp files -> C:\Users\Ms Lauren Law\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.01 16:10:34 | 001,479,782 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\IMG_2240.JPG
[2012.04.01 00:21:42 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\defogger_reenable
[2012.03.31 11:38:14 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.22 20:45:32 | 000,179,377 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\Sammelmappe1.pdf
[2012.03.18 01:56:18 | 017,106,508 | ---- | C] () -- C:\Users\Ms Lauren Law\Desktop\JTR#2.pdf
[2011.06.25 20:01:55 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{05E10ECA-E7F4-4700-B7C7-71884D76C15B}
[2011.06.02 00:11:40 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{979EA77D-742A-4474-A196-C940A586055D}
[2011.05.18 12:13:48 | 000,000,000 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\{8998F5C4-7106-43FE-B72D-1DC13F86B9B5}
[2010.11.09 19:23:17 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.08 18:13:06 | 000,006,656 | ---- | C] () -- C:\Users\Ms Lauren Law\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 21:44:53 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\rt2870.bin
[2010.06.12 21:44:49 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010.06.12 21:44:35 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\RAEXTUI.dll
 
========== LOP Check ==========
 
[2011.08.08 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Babylon
[2011.02.24 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DAEMON Tools Lite
[2011.08.13 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoft
[2012.03.31 14:03:42 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.05 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\GetRightToGo
[2012.01.31 23:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\gtk-2.0
[2012.03.29 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2011.08.11 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy
[2010.11.06 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenOffice.org
[2011.02.24 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\SoftGrid Client
[2010.02.01 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Toshiba
[2010.11.09 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\TP
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.02.10 00:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Vso
[2010.12.26 04:05:53 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WildTangent
[2011.08.12 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Windows Live Writer
[2012.01.30 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WordToPDF
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
[2012.02.14 14:56:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.30 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Adobe
[2011.11.25 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Apple Computer
[2010.05.22 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Avira
[2011.08.08 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Babylon
[2011.02.24 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DAEMON Tools Lite
[2011.08.13 14:34:25 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoft
[2012.03.31 14:03:42 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.05 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\GetRightToGo
[2010.01.30 01:03:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Google
[2012.01.31 23:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\gtk-2.0
[2010.01.30 01:00:09 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Identities
[2012.03.29 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2009.09.08 10:13:26 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Macromedia
[2012.03.31 11:38:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Media Center Programs
[2012.03.31 14:28:31 | 000,000,000 | --SD | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft
[2011.08.11 14:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy
[2010.11.06 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenOffice.org
[2012.03.26 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Skype
[2012.03.26 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\skypePM
[2011.02.24 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\SoftGrid Client
[2010.02.01 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Toshiba
[2010.11.09 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\TP
[2010.07.08 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\U3
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.02.10 00:14:32 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Vso
[2010.12.26 04:05:53 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WildTangent
[2011.08.12 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Windows Live Writer
[2012.01.30 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\WordToPDF
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2009.08.05 18:37:36 | 000,038,208 | ---- | M] () -- C:\Users\Ms Lauren Law\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.11 14:10:49 | 000,416,160 | ---- | M] () -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy\OpenCandy_959A1C094B2143DAB6E4BFA66810C16D\LatestDLMgr.exe
[2011.08.02 00:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Ms Lauren Law\AppData\Roaming\OpenCandy\OpenCandy_959A1C094B2143DAB6E4BFA66810C16D\pcspeedup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---


Entschuldige bitte, dass ics nun 3 mal gepostet habe, es hieß zweimal, dass es nicht gepostet werden konnte.

cosinus 03.04.2012 19:29
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19948&mntrId=38403924000000000000701a04b0e92f
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{97779E92-3072-45F4-AA39-2DCAF9E977FB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=583afb11-5d49-480f-b035-ebf4c71a48c0&apn_sauid=6D3FEF6B-6767-4D3B-AB03-707CD6C1559C
IE - HKU\S-1-5-21-806744476-1919467886-1915298580-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[2012.03.29 18:38:44 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.03.29 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
[2012.03.29 18:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ms Lauren Law\AppData\Roaming\kock
[2011.08.08 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\Babylon
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\UAs
[2012.03.29 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ms Lauren Law\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

LaurenLaw 03.04.2012 21:52
Nachdem sich bei OTL lange Zeit gar nichts mehr tat und ich irgendwann feststellte, dass NICHTS mehr ging (PC wie eingefroren), habe ich den PC einfach aus und wieder an gemacht. Und dann tauchte das hier auf:

Code:

Files\Folders moved on Reboot...
C:\Users\Ms Lauren Law\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Ist es das was auftauchen sollte oder soll ich das nochmal machen?

cosinus 04.04.2012 11:23
Wiederhol den Fix im abgesicherten Modus bitte

LaurenLaw 04.04.2012 12:59
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Internet Explorer\SearchScopes\{97779E92-3072-45F4-AA39-2DCAF9E977FB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97779E92-3072-45F4-AA39-2DCAF9E977FB}\ not found.
Registry key HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Folder C:\Users\Ms Lauren Law\AppData\Roaming\UAs\ not found.
Folder C:\Users\Ms Lauren Law\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Ms Lauren Law\AppData\Roaming\kock\ not found.
Folder C:\Users\Ms Lauren Law\AppData\Roaming\Babylon\ not found.
Folder C:\Users\Ms Lauren Law\AppData\Roaming\UAs\ not found.
Folder C:\Users\Ms Lauren Law\AppData\Roaming\xmldm\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

cosinus 04.04.2012 13:22
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

LaurenLaw 04.04.2012 14:18
Code:
15:01:49.0757 4840        TDSS rootkit removing tool 2.7.25.0 Apr  3 2012 13:42:32
15:01:49.0986 4840        ============================================================
15:01:49.0986 4840        Current date / time: 2012/04/04 15:01:49.0986
15:01:49.0986 4840        SystemInfo:
15:01:49.0986 4840       
15:01:49.0986 4840        OS Version: 6.1.7600 ServicePack: 0.0
15:01:49.0986 4840        Product type: Workstation
15:01:49.0987 4840        ComputerName: MSLAURENLAW
15:01:49.0987 4840        UserName: Ms Lauren Law
15:01:49.0987 4840        Windows directory: C:\Windows
15:01:49.0987 4840        System windows directory: C:\Windows
15:01:49.0987 4840        Running under WOW64
15:01:49.0987 4840        Processor architecture: Intel x64
15:01:49.0987 4840        Number of processors: 2
15:01:49.0987 4840        Page size: 0x1000
15:01:49.0987 4840        Boot type: Normal boot
15:01:49.0987 4840        ============================================================
15:01:50.0365 4840        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:01:50.0370 4840        \Device\Harddisk0\DR0:
15:01:50.0371 4840        MBR used
15:01:50.0371 4840        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
15:01:50.0371 4840        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
15:01:50.0445 4840        Initialize success
15:01:50.0445 4840        ============================================================
15:03:42.0171 3196        ============================================================
15:03:42.0171 3196        Scan started
15:03:42.0171 3196        Mode: Manual; SigCheck; TDLFS;
15:03:42.0171 3196        ============================================================
15:03:42.0532 3196        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:03:42.0664 3196        1394ohci - ok
15:03:42.0789 3196        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:03:42.0812 3196        ACPI - ok
15:03:42.0915 3196        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:03:43.0003 3196        AcpiPmi - ok
15:03:43.0118 3196        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:43.0135 3196        AdobeARMservice - ok
15:03:43.0286 3196        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:03:43.0319 3196        adp94xx - ok
15:03:43.0442 3196        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:03:43.0471 3196        adpahci - ok
15:03:43.0591 3196        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:03:43.0615 3196        adpu320 - ok
15:03:43.0704 3196        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:43.0858 3196        AeLookupSvc - ok
15:03:43.0984 3196        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:03:44.0048 3196        AFD - ok
15:03:44.0161 3196        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:03:44.0184 3196        agp440 - ok
15:03:44.0271 3196        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:44.0329 3196        ALG - ok
15:03:44.0442 3196        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:03:44.0462 3196        aliide - ok
15:03:44.0579 3196        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:03:44.0598 3196        amdide - ok
15:03:44.0710 3196        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:03:44.0769 3196        AmdK8 - ok
15:03:44.0877 3196        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:03:44.0937 3196        AmdPPM - ok
15:03:45.0061 3196        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:03:45.0083 3196        amdsata - ok
15:03:45.0212 3196        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:03:45.0236 3196        amdsbs - ok
15:03:45.0364 3196        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:03:45.0383 3196        amdxata - ok
15:03:45.0495 3196        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:03:45.0510 3196        AntiVirSchedulerService - ok
15:03:45.0602 3196        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:03:45.0620 3196        AntiVirService - ok
15:03:45.0746 3196        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:03:45.0830 3196        AppID - ok
15:03:45.0922 3196        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:45.0983 3196        AppIDSvc - ok
15:03:46.0084 3196        Appinfo        (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:03:46.0140 3196        Appinfo - ok
15:03:46.0287 3196        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:03:46.0306 3196        Apple Mobile Device - ok
15:03:46.0419 3196        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:03:46.0442 3196        arc - ok
15:03:46.0558 3196        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:03:46.0575 3196        arcsas - ok
15:03:46.0675 3196        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:46.0739 3196        AsyncMac - ok
15:03:46.0868 3196        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:03:46.0886 3196        atapi - ok
15:03:47.0027 3196        athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
15:03:47.0105 3196        athr - ok
15:03:47.0227 3196        AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:03:47.0286 3196        AudioEndpointBuilder - ok
15:03:47.0340 3196        AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:03:47.0392 3196        AudioSrv - ok
15:03:47.0516 3196        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:03:47.0551 3196        avgntflt - ok
15:03:47.0683 3196        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:03:47.0697 3196        avipbb - ok
15:03:47.0802 3196        AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:03:47.0844 3196        AxInstSV - ok
15:03:47.0970 3196        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:03:48.0038 3196        b06bdrv - ok
15:03:48.0163 3196        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:48.0240 3196        b57nd60a - ok
15:03:48.0353 3196        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:48.0383 3196        BDESVC - ok
15:03:48.0492 3196        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:48.0573 3196        Beep - ok
15:03:48.0692 3196        BFE            (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:03:48.0760 3196        BFE - ok
15:03:48.0871 3196        BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:03:48.0938 3196        BITS - ok
15:03:49.0066 3196        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:49.0094 3196        blbdrive - ok
15:03:49.0193 3196        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:03:49.0219 3196        Bonjour Service - ok
15:03:49.0338 3196        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:03:49.0382 3196        bowser - ok
15:03:49.0505 3196        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:03:49.0553 3196        BrFiltLo - ok
15:03:49.0658 3196        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:03:49.0686 3196        BrFiltUp - ok
15:03:49.0777 3196        Browser        (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:03:49.0835 3196        Browser - ok
15:03:49.0956 3196        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\Drivers\Brserid.sys
15:03:50.0015 3196        Brserid - ok
15:03:50.0125 3196        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:50.0162 3196        BrSerWdm - ok
15:03:50.0280 3196        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:50.0329 3196        BrUsbMdm - ok
15:03:50.0449 3196        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\Drivers\BrUsbSer.sys
15:03:50.0484 3196        BrUsbSer - ok
15:03:50.0625 3196        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:03:50.0654 3196        BTHMODEM - ok
15:03:50.0753 3196        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:50.0824 3196        bthserv - ok
15:03:50.0930 3196        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:51.0013 3196        cdfs - ok
15:03:51.0136 3196        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:03:51.0172 3196        cdrom - ok
15:03:51.0268 3196        CertPropSvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:03:51.0352 3196        CertPropSvc - ok
15:03:51.0482 3196        cfWiMAXService  (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
15:03:51.0502 3196        cfWiMAXService - ok
15:03:51.0618 3196        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:03:51.0647 3196        circlass - ok
15:03:51.0767 3196        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:51.0796 3196        CLFS - ok
15:03:51.0887 3196        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:51.0913 3196        clr_optimization_v2.0.50727_32 - ok
15:03:51.0994 3196        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:52.0013 3196        clr_optimization_v2.0.50727_64 - ok
15:03:52.0150 3196        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:52.0169 3196        clr_optimization_v4.0.30319_32 - ok
15:03:52.0296 3196        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:52.0314 3196        clr_optimization_v4.0.30319_64 - ok
15:03:52.0431 3196        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:03:52.0473 3196        CmBatt - ok
15:03:52.0576 3196        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:03:52.0592 3196        cmdide - ok
15:03:52.0719 3196        CNG            (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:03:52.0765 3196        CNG - ok
15:03:52.0880 3196        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:03:52.0899 3196        Compbatt - ok
15:03:53.0007 3196        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:03:53.0044 3196        CompositeBus - ok
15:03:53.0087 3196        COMSysApp - ok
15:03:53.0196 3196        ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
15:03:53.0213 3196        ConfigFree Gadget Service - ok
15:03:53.0320 3196        ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
15:03:53.0334 3196        ConfigFree Service - ok
15:03:53.0434 3196        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:03:53.0453 3196        crcdisk - ok
15:03:53.0551 3196        CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:03:53.0627 3196        CryptSvc - ok
15:03:53.0737 3196        DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:03:53.0793 3196        DcomLaunch - ok
15:03:53.0894 3196        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:03:53.0971 3196        defragsvc - ok
15:03:54.0087 3196        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:03:54.0138 3196        DfsC - ok
15:03:54.0247 3196        Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:03:54.0327 3196        Dhcp - ok
15:03:54.0419 3196        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:03:54.0492 3196        discache - ok
15:03:54.0603 3196        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:03:54.0624 3196        Disk - ok
15:03:54.0727 3196        Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:03:54.0767 3196        Dnscache - ok
15:03:54.0851 3196        dot3svc        (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:03:54.0912 3196        dot3svc - ok
15:03:55.0006 3196        DPS            (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:03:55.0065 3196        DPS - ok
15:03:55.0173 3196        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:03:55.0226 3196        drmkaud - ok
15:03:55.0358 3196        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:03:55.0389 3196        DXGKrnl - ok
15:03:55.0484 3196        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:03:55.0553 3196        EapHost - ok
15:03:55.0735 3196        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:03:55.0892 3196        ebdrv - ok
15:03:56.0006 3196        EFS            (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:03:56.0040 3196        EFS - ok
15:03:56.0147 3196        ehRecvr        (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:03:56.0203 3196        ehRecvr - ok
15:03:56.0265 3196        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:03:56.0310 3196        ehSched - ok
15:03:56.0448 3196        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:03:56.0481 3196        elxstor - ok
15:03:56.0592 3196        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:03:56.0635 3196        ErrDev - ok
15:03:56.0737 3196        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:03:56.0820 3196        EventSystem - ok
15:03:56.0940 3196        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:03:57.0002 3196        exfat - ok
15:03:57.0107 3196        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:03:57.0176 3196        fastfat - ok
15:03:57.0290 3196        Fax            (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:03:57.0349 3196        Fax - ok
15:03:57.0453 3196        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:03:57.0475 3196        fdc - ok
15:03:57.0561 3196        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:03:57.0626 3196        fdPHost - ok
15:03:57.0710 3196        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:03:57.0781 3196        FDResPub - ok
15:03:57.0896 3196        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:03:57.0916 3196        FileInfo - ok
15:03:58.0027 3196        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:03:58.0088 3196        Filetrace - ok
15:03:58.0193 3196        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:03:58.0231 3196        flpydisk - ok
15:03:58.0337 3196        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:03:58.0364 3196        FltMgr - ok
15:03:58.0489 3196        FontCache      (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
15:03:58.0543 3196        FontCache - ok
15:03:58.0644 3196        FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:58.0659 3196        FontCache3.0.0.0 - ok
15:03:58.0756 3196        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:03:58.0777 3196        FsDepends - ok
15:03:58.0902 3196        fssfltr        (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
15:03:58.0919 3196        fssfltr - ok
15:03:59.0045 3196        fsssvc          (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:03:59.0098 3196        fsssvc - ok
15:03:59.0197 3196        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:03:59.0215 3196        Fs_Rec - ok
15:03:59.0328 3196        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:03:59.0356 3196        fvevol - ok
15:03:59.0466 3196        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:03:59.0485 3196        gagp30kx - ok
15:03:59.0622 3196        GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
15:03:59.0643 3196        GameConsoleService - ok
15:03:59.0766 3196        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:03:59.0780 3196        GEARAspiWDM - ok
15:03:59.0885 3196        gpsvc          (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:03:59.0926 3196        gpsvc - ok
15:04:00.0014 3196        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:00.0028 3196        gupdate - ok
15:04:00.0067 3196        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:00.0076 3196        gupdatem - ok
15:04:00.0155 3196        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:04:00.0173 3196        gusvc - ok
15:04:00.0283 3196        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:04:00.0343 3196        hcw85cir - ok
15:04:00.0466 3196        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:04:00.0513 3196        HdAudAddService - ok
15:04:00.0624 3196        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:04:00.0669 3196        HDAudBus - ok
15:04:00.0773 3196        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:04:00.0813 3196        HidBatt - ok
15:04:00.0927 3196        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:04:00.0967 3196        HidBth - ok
15:04:01.0081 3196        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:04:01.0124 3196        HidIr - ok
15:04:01.0218 3196        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:04:01.0276 3196        hidserv - ok
15:04:01.0402 3196        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:04:01.0440 3196        HidUsb - ok
15:04:01.0529 3196        hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:04:01.0597 3196        hkmsvc - ok
15:04:01.0689 3196        HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:04:01.0744 3196        HomeGroupListener - ok
15:04:01.0832 3196        HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:04:01.0874 3196        HomeGroupProvider - ok
15:04:02.0006 3196        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:04:02.0027 3196        HpSAMD - ok
15:04:02.0169 3196        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:04:02.0234 3196        HTTP - ok
15:04:02.0331 3196        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:04:02.0346 3196        hwpolicy - ok
15:04:02.0456 3196        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:04:02.0475 3196        i8042prt - ok
15:04:02.0594 3196        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
15:04:02.0617 3196        iaStor - ok
15:04:02.0745 3196        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:04:02.0776 3196        iaStorV - ok
15:04:02.0901 3196        idsvc          (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:04:02.0937 3196        idsvc - ok
15:04:03.0217 3196        igfx            (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:04:03.0466 3196        igfx - ok
15:04:03.0590 3196        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:04:03.0609 3196        iirsp - ok
15:04:03.0723 3196        IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:04:03.0791 3196        IKEEXT - ok
15:04:03.0964 3196        IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
15:04:04.0007 3196        IntcAzAudAddService - ok
15:04:04.0131 3196        IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
15:04:04.0180 3196        IntcHdmiAddService - ok
15:04:04.0306 3196        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:04:04.0325 3196        intelide - ok
15:04:04.0438 3196        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:04:04.0470 3196        intelppm - ok
15:04:04.0566 3196        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:04:04.0610 3196        IPBusEnum - ok
15:04:04.0717 3196        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:04.0781 3196        IpFilterDriver - ok
15:04:04.0887 3196        iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:04:04.0950 3196        iphlpsvc - ok
15:04:05.0056 3196        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:04:05.0090 3196        IPMIDRV - ok
15:04:05.0190 3196        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:04:05.0257 3196        IPNAT - ok
15:04:05.0373 3196        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:04:05.0402 3196        iPod Service - ok
15:04:05.0516 3196        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:04:05.0546 3196        IRENUM - ok
15:04:05.0659 3196        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:04:05.0678 3196        isapnp - ok
15:04:05.0781 3196        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:04:05.0808 3196        iScsiPrt - ok
15:04:05.0913 3196        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:04:05.0933 3196        kbdclass - ok
15:04:06.0038 3196        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:04:06.0073 3196        kbdhid - ok
15:04:06.0184 3196        KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:04:06.0206 3196        KeyIso - ok
15:04:06.0319 3196        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:04:06.0336 3196        KSecDD - ok
15:04:06.0444 3196        KSecPkg        (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:04:06.0466 3196        KSecPkg - ok
15:04:06.0547 3196        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:04:06.0610 3196        ksthunk - ok
15:04:06.0708 3196        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:04:06.0766 3196        KtmRm - ok
15:04:06.0875 3196        LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
15:04:06.0940 3196        LanmanServer - ok
15:04:07.0049 3196        LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:04:07.0097 3196        LanmanWorkstation - ok
15:04:07.0206 3196        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:04:07.0266 3196        lltdio - ok
15:04:07.0353 3196        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:04:07.0414 3196        lltdsvc - ok
15:04:07.0501 3196        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:04:07.0547 3196        lmhosts - ok
15:04:07.0659 3196        LPCFilter      (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
15:04:07.0673 3196        LPCFilter - ok
15:04:07.0772 3196        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:04:07.0789 3196        LSI_FC - ok
15:04:07.0898 3196        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:04:07.0920 3196        LSI_SAS - ok
15:04:08.0032 3196        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:04:08.0054 3196        LSI_SAS2 - ok
15:04:08.0162 3196        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:04:08.0179 3196        LSI_SCSI - ok
15:04:08.0268 3196        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:04:08.0320 3196        luafv - ok
15:04:08.0409 3196        Mcx2Svc        (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:04:08.0447 3196        Mcx2Svc - ok
15:04:08.0540 3196        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:04:08.0561 3196        megasas - ok
15:04:08.0663 3196        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:04:08.0690 3196        MegaSR - ok
15:04:08.0795 3196        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:04:08.0812 3196        Microsoft Office Groove Audit Service - ok
15:04:08.0897 3196        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:08.0962 3196        MMCSS - ok
15:04:09.0062 3196        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:04:09.0120 3196        Modem - ok
15:04:09.0223 3196        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:04:09.0257 3196        monitor - ok
15:04:09.0365 3196        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:04:09.0384 3196        mouclass - ok
15:04:09.0491 3196        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:04:09.0517 3196        mouhid - ok
15:04:09.0628 3196        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:04:09.0641 3196        mountmgr - ok
15:04:09.0739 3196        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:04:09.0760 3196        mpio - ok
15:04:09.0856 3196        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:04:09.0939 3196        mpsdrv - ok
15:04:10.0050 3196        MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:04:10.0113 3196        MpsSvc - ok
15:04:10.0207 3196        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:04:10.0253 3196        MRxDAV - ok
15:04:10.0377 3196        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:10.0414 3196        mrxsmb - ok
15:04:10.0539 3196        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:10.0561 3196        mrxsmb10 - ok
15:04:10.0669 3196        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:10.0706 3196        mrxsmb20 - ok
15:04:10.0805 3196        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:04:10.0824 3196        msahci - ok
15:04:10.0916 3196        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:04:10.0939 3196        msdsm - ok
15:04:11.0036 3196        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:04:11.0066 3196        MSDTC - ok
15:04:11.0162 3196        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:04:11.0207 3196        Msfs - ok
15:04:11.0303 3196        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:04:11.0356 3196        mshidkmdf - ok
15:04:11.0446 3196        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:04:11.0464 3196        msisadrv - ok
15:04:11.0563 3196        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:04:11.0625 3196        MSiSCSI - ok
15:04:11.0688 3196        msiserver - ok
15:04:11.0791 3196        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:04:11.0859 3196        MSKSSRV - ok
15:04:11.0963 3196        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:12.0030 3196        MSPCLOCK - ok
15:04:12.0139 3196        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:04:12.0211 3196        MSPQM - ok
15:04:12.0311 3196        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:04:12.0340 3196        MsRPC - ok
15:04:12.0437 3196        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:04:12.0453 3196        mssmbios - ok
15:04:12.0544 3196        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:04:12.0606 3196        MSTEE - ok
15:04:12.0698 3196        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:04:12.0730 3196        MTConfig - ok
15:04:12.0833 3196        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:04:12.0853 3196        Mup - ok
15:04:12.0949 3196        napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:04:13.0028 3196        napagent - ok
15:04:13.0138 3196        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:04:13.0178 3196        NativeWifiP - ok
15:04:13.0301 3196        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:04:13.0345 3196        NDIS - ok
15:04:13.0451 3196        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:04:13.0512 3196        NdisCap - ok
15:04:13.0615 3196        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:13.0669 3196        NdisTapi - ok
15:04:13.0745 3196        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:13.0811 3196        Ndisuio - ok
15:04:13.0909 3196        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:13.0962 3196        NdisWan - ok
15:04:14.0049 3196        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:04:14.0114 3196        NDProxy - ok
15:04:14.0215 3196        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:04:14.0275 3196        NetBIOS - ok
15:04:14.0375 3196        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:04:14.0435 3196        NetBT - ok
15:04:14.0552 3196        Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:04:14.0575 3196        Netlogon - ok
15:04:14.0674 3196        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:04:14.0739 3196        Netman - ok
15:04:14.0839 3196        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:04:14.0916 3196        netprofm - ok
15:04:15.0060 3196        netr28ux        (ba90f3931815703924bfe4d29d27a06c) C:\Windows\system32\DRIVERS\netr28ux.sys
15:04:15.0113 3196        netr28ux - ok
15:04:15.0218 3196        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:15.0236 3196        NetTcpPortSharing - ok
15:04:15.0351 3196        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:04:15.0371 3196        nfrd960 - ok
15:04:15.0478 3196        NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:04:15.0539 3196        NlaSvc - ok
15:04:15.0644 3196        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:04:15.0705 3196        Npfs - ok
15:04:15.0797 3196        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:04:15.0871 3196        nsi - ok
15:04:15.0956 3196        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:04:16.0001 3196        nsiproxy - ok
15:04:16.0139 3196        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:04:16.0184 3196        Ntfs - ok
15:04:16.0276 3196        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:04:16.0328 3196        Null - ok
15:04:16.0449 3196        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:04:16.0467 3196        nvraid - ok
15:04:16.0576 3196        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:04:16.0597 3196        nvstor - ok
15:04:16.0714 3196        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:04:16.0735 3196        nv_agp - ok
15:04:16.0821 3196        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:16.0847 3196        odserv - ok
15:04:16.0949 3196        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:04:16.0983 3196        ohci1394 - ok
15:04:17.0061 3196        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:17.0080 3196        ose - ok
15:04:17.0180 3196        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:17.0228 3196        p2pimsvc - ok
15:04:17.0338 3196        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:04:17.0368 3196        p2psvc - ok
15:04:17.0466 3196        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:04:17.0491 3196        Parport - ok
15:04:17.0585 3196        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:04:17.0605 3196        partmgr - ok
15:04:17.0701 3196        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:04:17.0747 3196        PcaSvc - ok
15:04:17.0841 3196        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:04:17.0860 3196        pci - ok
15:04:17.0948 3196        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:04:17.0965 3196        pciide - ok
15:04:18.0065 3196        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:04:18.0090 3196        pcmcia - ok
15:04:18.0206 3196        PCSUService    (7eb95aa73d657a2da9d8cfc336f4f48f) C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
15:04:18.0223 3196        PCSUService ( UnsignedFile.Multi.Generic ) - warning
15:04:18.0223 3196        PCSUService - detected UnsignedFile.Multi.Generic (1)
15:04:18.0313 3196        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:04:18.0334 3196        pcw - ok
15:04:18.0447 3196        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:04:18.0522 3196        PEAUTH - ok
15:04:18.0603 3196        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:04:18.0637 3196        PerfHost - ok
15:04:18.0802 3196        PGEffect        (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
15:04:18.0815 3196        PGEffect - ok
15:04:18.0935 3196        pla            (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:04:19.0015 3196        pla - ok
15:04:19.0139 3196        PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:04:19.0195 3196        PlugPlay - ok
15:04:19.0293 3196        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:04:19.0330 3196        PNRPAutoReg - ok
15:04:19.0436 3196        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:04:19.0465 3196        PNRPsvc - ok
15:04:19.0572 3196        PolicyAgent    (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:04:19.0637 3196        PolicyAgent - ok
15:04:19.0739 3196        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:04:19.0808 3196        Power - ok
15:04:19.0920 3196        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:04:19.0985 3196        PptpMiniport - ok
15:04:20.0086 3196        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:04:20.0122 3196        Processor - ok
15:04:20.0212 3196        ProfSvc        (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:04:20.0278 3196        ProfSvc - ok
15:04:20.0385 3196        ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:04:20.0408 3196        ProtectedStorage - ok
15:04:20.0519 3196        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:04:20.0587 3196        Psched - ok
15:04:20.0722 3196        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:04:20.0770 3196        ql2300 - ok
15:04:20.0862 3196        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:04:20.0885 3196        ql40xx - ok
15:04:20.0978 3196        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:04:21.0015 3196        QWAVE - ok
15:04:21.0106 3196        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:04:21.0157 3196        QWAVEdrv - ok
15:04:21.0254 3196        RalinkRegistryWriter (432f5b15e21a54b48072593f03570326) C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
15:04:21.0281 3196        RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning
15:04:21.0281 3196        RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1)
15:04:21.0378 3196        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:04:21.0454 3196        RasAcd - ok
15:04:21.0562 3196        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:04:21.0611 3196        RasAgileVpn - ok
15:04:21.0693 3196        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:04:21.0739 3196        RasAuto - ok
15:04:21.0837 3196        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:21.0898 3196        Rasl2tp - ok
15:04:21.0999 3196        RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:04:22.0082 3196        RasMan - ok
15:04:22.0201 3196        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:22.0266 3196        RasPppoe - ok
15:04:22.0369 3196        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:04:22.0435 3196        RasSstp - ok
15:04:22.0541 3196        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:04:22.0602 3196        rdbss - ok
15:04:22.0695 3196        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:04:22.0737 3196        rdpbus - ok
15:04:22.0837 3196        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:22.0887 3196        RDPCDD - ok
15:04:22.0995 3196        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:04:23.0055 3196        RDPENCDD - ok
15:04:23.0165 3196        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:04:23.0221 3196        RDPREFMP - ok
15:04:23.0335 3196        RDPWD          (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
15:04:23.0395 3196        RDPWD - ok
15:04:23.0503 3196        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:04:23.0529 3196        rdyboost - ok
15:04:23.0619 3196        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:04:23.0674 3196        RemoteAccess - ok
15:04:23.0763 3196        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:04:23.0831 3196        RemoteRegistry - ok
15:04:23.0922 3196        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:04:23.0999 3196        RpcEptMapper - ok
15:04:24.0081 3196        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:04:24.0114 3196        RpcLocator - ok
15:04:24.0207 3196        RpcSs          (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:04:24.0260 3196        RpcSs - ok
15:04:24.0359 3196        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:04:24.0406 3196        rspndr - ok
15:04:24.0549 3196        RSUSBSTOR      (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys
15:04:24.0602 3196        RSUSBSTOR - ok
15:04:24.0734 3196        RTL8167        (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:04:24.0786 3196        RTL8167 - ok
15:04:24.0925 3196        rtl8192se      (a9ede191b5478d18f0a1bff3b822f7a5) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:04:24.0983 3196        rtl8192se - ok
15:04:25.0053 3196        RtsUIR - ok
15:04:25.0174 3196        s217bus        (b49951a2c8fd81307707443d01936e37) C:\Windows\system32\DRIVERS\s217bus.sys
15:04:25.0191 3196        s217bus - ok
15:04:25.0311 3196        s217mdfl        (58204ec551d1a94d60cac130440f0feb) C:\Windows\system32\DRIVERS\s217mdfl.sys
15:04:25.0324 3196        s217mdfl - ok
15:04:25.0429 3196        s217mdm        (e2b3de89339a7a807520c6063cd146d3) C:\Windows\system32\DRIVERS\s217mdm.sys
15:04:25.0447 3196        s217mdm - ok
15:04:25.0577 3196        s217nd5        (7bc7d18351b846f4544b54db38fb4208) C:\Windows\system32\DRIVERS\s217nd5.sys
15:04:25.0589 3196        s217nd5 - ok
15:04:25.0707 3196        s217obex        (d498b2082f51858f121d4584a7787cd5) C:\Windows\system32\DRIVERS\s217obex.sys
15:04:25.0723 3196        s217obex - ok
15:04:25.0846 3196        s217unic        (43512d0c3a59eb20fda06ce4265a1549) C:\Windows\system32\DRIVERS\s217unic.sys
15:04:25.0863 3196        s217unic - ok
15:04:25.0974 3196        SamSs          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:04:25.0997 3196        SamSs - ok
15:04:26.0100 3196        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:04:26.0121 3196        sbp2port - ok
15:04:26.0214 3196        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:04:26.0287 3196        SCardSvr - ok
15:04:26.0381 3196        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:04:26.0430 3196        scfilter - ok
15:04:26.0563 3196        Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:04:26.0614 3196        Schedule - ok
15:04:26.0704 3196        SCPolicySvc    (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:04:26.0745 3196        SCPolicySvc - ok
15:04:26.0836 3196        SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:04:26.0891 3196        SDRSVC - ok
15:04:26.0999 3196        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:04:27.0046 3196        secdrv - ok
15:04:27.0129 3196        seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:04:27.0191 3196        seclogon - ok
15:04:27.0279 3196        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:04:27.0341 3196        SENS - ok
15:04:27.0436 3196        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:04:27.0484 3196        SensrSvc - ok
15:04:27.0571 3196        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:04:27.0594 3196        Serenum - ok
15:04:27.0709 3196        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:04:27.0745 3196        Serial - ok
15:04:27.0846 3196        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:04:27.0867 3196        sermouse - ok
15:04:27.0969 3196        SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:04:28.0026 3196        SessionEnv - ok
15:04:28.0117 3196        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:04:28.0156 3196        sffdisk - ok
15:04:28.0252 3196        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:04:28.0288 3196        sffp_mmc - ok
15:04:28.0389 3196        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:04:28.0430 3196        sffp_sd - ok
15:04:28.0534 3196        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:04:28.0564 3196        sfloppy - ok
15:04:28.0682 3196        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:04:28.0752 3196        SharedAccess - ok
15:04:28.0841 3196        ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:04:28.0885 3196        ShellHWDetection - ok
15:04:28.0995 3196        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:04:29.0012 3196        SiSRaid2 - ok
15:04:29.0116 3196        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:04:29.0134 3196        SiSRaid4 - ok
15:04:29.0243 3196        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:04:29.0309 3196        Smb - ok
15:04:29.0421 3196        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:04:29.0457 3196        SNMPTRAP - ok
15:04:29.0553 3196        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:04:29.0571 3196        spldr - ok
15:04:29.0680 3196        Spooler        (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:04:29.0719 3196        Spooler - ok
15:04:29.0898 3196        sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:04:30.0011 3196        sppsvc - ok
15:04:30.0104 3196        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:04:30.0163 3196        sppuinotify - ok
15:04:30.0274 3196        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:04:30.0323 3196        srv - ok
15:04:30.0446 3196        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:04:30.0489 3196        srv2 - ok
15:04:30.0609 3196        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:04:30.0646 3196        srvnet - ok
15:04:30.0755 3196        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:04:30.0822 3196        SSDPSRV - ok
15:04:30.0918 3196        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:04:30.0966 3196        SstpSvc - ok
15:04:31.0064 3196        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:04:31.0083 3196        stexstor - ok
15:04:31.0189 3196        stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:04:31.0229 3196        stisvc - ok
15:04:31.0319 3196        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:04:31.0337 3196        swenum - ok
15:04:31.0437 3196        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:04:31.0492 3196        swprv - ok
15:04:31.0624 3196        SynTP          (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
15:04:31.0644 3196        SynTP - ok
15:04:31.0772 3196        SysMain        (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:04:31.0833 3196        SysMain - ok
15:04:31.0931 3196        TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:04:31.0966 3196        TabletInputService - ok
15:04:32.0063 3196        TapiSrv        (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:04:32.0133 3196        TapiSrv - ok
15:04:32.0225 3196        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:04:32.0290 3196        TBS - ok
15:04:32.0456 3196        Tcpip          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:04:32.0505 3196        Tcpip - ok
15:04:32.0677 3196        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:04:32.0724 3196        TCPIP6 - ok
15:04:32.0813 3196        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:04:32.0862 3196        tcpipreg - ok
15:04:32.0973 3196        tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:04:32.0986 3196        tdcmdpst - ok
15:04:33.0088 3196        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:04:33.0119 3196        TDPIPE - ok
15:04:33.0238 3196        TDTCP          (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:04:33.0277 3196        TDTCP - ok
15:04:33.0380 3196        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:04:33.0447 3196        tdx - ok
15:04:33.0519 3196        TemproMonitoringService (63b4f544664dc5154fda4213e2af09d0) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
15:04:33.0534 3196        TemproMonitoringService - ok
15:04:33.0630 3196        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:04:33.0650 3196        TermDD - ok
15:04:33.0748 3196        TermService    (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:04:33.0817 3196        TermService - ok
15:04:33.0904 3196        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:04:33.0947 3196        Themes - ok
15:04:34.0032 3196        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:04:34.0082 3196        THREADORDER - ok
15:04:34.0175 3196        TMachInfo      (32577b987ae5401038451bb392cb8d89) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:04:34.0188 3196        TMachInfo - ok
15:04:34.0274 3196        TODDSrv        (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
15:04:34.0292 3196        TODDSrv - ok
15:04:34.0384 3196        TosCoSrv        (4db8c79bcea76063b83b13410366a1f7) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:04:34.0406 3196        TosCoSrv - ok
15:04:34.0518 3196        TOSHIBA eco Utility Service (707800855afbd7648375efb1519b8d6d) C:\Program Files\TOSHIBA\TECO\TecoService.exe
15:04:34.0535 3196        TOSHIBA eco Utility Service - ok
15:04:34.0609 3196        TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:04:34.0624 3196        TOSHIBA HDD SSD Alert Service - ok
15:04:34.0754 3196        tos_sps64      (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
15:04:34.0781 3196        tos_sps64 - ok
15:04:34.0858 3196        TPCHSrv        (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
15:04:34.0888 3196        TPCHSrv - ok
15:04:34.0979 3196        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:04:35.0047 3196        TrkWks - ok
15:04:35.0137 3196        TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:04:35.0173 3196        TrustedInstaller - ok
15:04:35.0272 3196        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:35.0338 3196        tssecsrv - ok
15:04:35.0443 3196        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:04:35.0516 3196        tunnel - ok
15:04:35.0643 3196        TVALZ          (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:04:35.0656 3196        TVALZ - ok
15:04:35.0772 3196        TVALZFL        (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
15:04:35.0784 3196        TVALZFL - ok
15:04:35.0886 3196        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:04:35.0905 3196        uagp35 - ok
15:04:36.0008 3196        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:04:36.0072 3196        udfs - ok
15:04:36.0168 3196        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:04:36.0206 3196        UI0Detect - ok
15:04:36.0310 3196        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:04:36.0329 3196        uliagpkx - ok
15:04:36.0436 3196        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:04:36.0470 3196        umbus - ok
15:04:36.0557 3196        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:04:36.0576 3196        UmPass - ok
15:04:36.0676 3196        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:04:36.0757 3196        upnphost - ok
15:04:36.0889 3196        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:04:36.0933 3196        USBAAPL64 - ok
15:04:37.0039 3196        usbccgp        (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:37.0083 3196        usbccgp - ok
15:04:37.0155 3196        USBCCID - ok
15:04:37.0280 3196        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:04:37.0327 3196        usbcir - ok
15:04:37.0421 3196        usbehci        (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:04:37.0445 3196        usbehci - ok
15:04:37.0571 3196        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:04:37.0612 3196        usbhub - ok
15:04:37.0716 3196        usbohci        (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
15:04:37.0754 3196        usbohci - ok
15:04:37.0867 3196        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:04:37.0912 3196        usbprint - ok
15:04:38.0016 3196        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:04:38.0044 3196        usbscan - ok
15:04:38.0158 3196        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:38.0216 3196        USBSTOR - ok
15:04:38.0320 3196        usbuhci        (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:04:38.0358 3196        usbuhci - ok
15:04:38.0492 3196        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:04:38.0548 3196        usbvideo - ok
15:04:38.0642 3196        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:04:38.0689 3196        UxSms - ok
15:04:38.0797 3196        VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:04:38.0815 3196        VaultSvc - ok
15:04:38.0930 3196        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:04:38.0946 3196        vdrvroot - ok
15:04:39.0028 3196        vds            (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:04:39.0082 3196        vds - ok
15:04:39.0197 3196        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:39.0225 3196        vga - ok
15:04:39.0323 3196        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:04:39.0390 3196        VgaSave - ok
15:04:39.0492 3196        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:04:39.0513 3196        vhdmp - ok
15:04:39.0605 3196        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:04:39.0618 3196        viaide - ok
15:04:39.0713 3196        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:04:39.0725 3196        volmgr - ok
15:04:39.0822 3196        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:04:39.0850 3196        volmgrx - ok
15:04:39.0962 3196        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:04:39.0986 3196        volsnap - ok
15:04:40.0107 3196        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:04:40.0130 3196        vsmraid - ok
15:04:40.0261 3196        VSS            (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:04:40.0317 3196        VSS - ok
15:04:40.0406 3196        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:04:40.0433 3196        vwifibus - ok
15:04:40.0539 3196        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:04:40.0583 3196        vwififlt - ok
15:04:40.0708 3196        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:04:40.0736 3196        vwifimp - ok
15:04:40.0859 3196        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:04:40.0910 3196        W32Time - ok
15:04:41.0005 3196        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:04:41.0041 3196        WacomPen - ok
15:04:41.0154 3196        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:41.0222 3196        WANARP - ok
15:04:41.0265 3196        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:04:41.0311 3196        Wanarpv6 - ok
15:04:41.0457 3196        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:04:41.0513 3196        WatAdminSvc - ok
15:04:41.0637 3196        wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:04:41.0698 3196        wbengine - ok
15:04:41.0793 3196        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:04:41.0819 3196        WbioSrvc - ok
15:04:41.0920 3196        wcncsvc        (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:04:41.0959 3196        wcncsvc - ok
15:04:42.0050 3196        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:04:42.0084 3196        WcsPlugInService - ok
15:04:42.0194 3196        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:04:42.0214 3196        Wd - ok
15:04:42.0328 3196        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:04:42.0360 3196        Wdf01000 - ok
15:04:42.0451 3196        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:42.0497 3196        WdiServiceHost - ok
15:04:42.0503 3196        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:04:42.0524 3196        WdiSystemHost - ok
15:04:42.0628 3196        WebClient      (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:04:42.0685 3196        WebClient - ok
15:04:42.0786 3196        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:04:42.0840 3196        Wecsvc - ok
15:04:42.0933 3196        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:04:42.0989 3196        wercplsupport - ok
15:04:43.0092 3196        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:04:43.0145 3196        WerSvc - ok
15:04:43.0257 3196        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:04:43.0296 3196        WfpLwf - ok
15:04:43.0394 3196        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:04:43.0407 3196        WIMMount - ok
15:04:43.0445 3196        WinDefend - ok
15:04:43.0455 3196        WinHttpAutoProxySvc - ok
15:04:43.0560 3196        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:04:43.0599 3196        Winmgmt - ok
15:04:43.0737 3196        WinRM          (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:04:43.0824 3196        WinRM - ok
15:04:43.0957 3196        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:04:43.0998 3196        WinUsb - ok
15:04:44.0111 3196        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:04:44.0172 3196        Wlansvc - ok
15:04:44.0294 3196        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:04:44.0310 3196        wlcrasvc - ok
15:04:44.0464 3196        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:04:44.0519 3196        wlidsvc - ok
15:04:44.0623 3196        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:04:44.0650 3196        WmiAcpi - ok
15:04:44.0761 3196        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:04:44.0801 3196        wmiApSrv - ok
15:04:44.0861 3196        WMPNetworkSvc - ok
15:04:44.0961 3196        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:04:45.0000 3196        WPCSvc - ok
15:04:45.0096 3196        WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:04:45.0136 3196        WPDBusEnum - ok
15:04:45.0231 3196        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:04:45.0298 3196        ws2ifsl - ok
15:04:45.0411 3196        wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
15:04:45.0465 3196        wscsvc - ok
15:04:45.0535 3196        WSearch - ok
15:04:45.0626 3196        wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:04:45.0706 3196        wuauserv - ok
15:04:45.0798 3196        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:04:45.0865 3196        WudfPf - ok
15:04:45.0995 3196        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:04:46.0054 3196        WUDFRd - ok
15:04:46.0151 3196        wudfsvc        (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:04:46.0212 3196        wudfsvc - ok
15:04:46.0308 3196        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:04:46.0343 3196        WwanSvc - ok
15:04:46.0399 3196        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:04:47.0294 3196        \Device\Harddisk0\DR0 - ok
15:04:47.0322 3196        Boot (0x1200)  (ce11b9c7e374e2bedac58b5561339d08) \Device\Harddisk0\DR0\Partition0
15:04:47.0324 3196        \Device\Harddisk0\DR0\Partition0 - ok
15:04:47.0344 3196        Boot (0x1200)  (8a294704b3c981353aabc814361bd7b8) \Device\Harddisk0\DR0\Partition1
15:04:47.0345 3196        \Device\Harddisk0\DR0\Partition1 - ok
15:04:47.0346 3196        ============================================================
15:04:47.0346 3196        Scan finished
15:04:47.0346 3196        ============================================================
15:04:47.0426 2832        Detected object count: 2
15:04:47.0426 2832        Actual detected object count: 2
15:16:05.0779 2832        PCSUService ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:05.0779 2832        PCSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:05.0782 2832        RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:05.0782 2832        RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 04.04.2012 14:56
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

LaurenLaw 04.04.2012 22:40
Nachdem wieder irgendwann nichts mehr passierte und die Meldung wie aus dem Zitat von alleine auftauchte, habe ich den PC neu gestartet.

Das einzige was ich nun unter C:/Combofix finde ist das:

Code:
ComboFix 12-04-04.02 - Ms Lauren Law 04.04.2012  16:32:01.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3933.2596 [GMT 2:00]
ausgeführt von:: C:\Users\Ms Lauren Law\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\xp
C:\ProgramData\xp\EBLib.dll
C:\ProgramData\xp\TPwSav.sys
C:\Users\Ms Lauren Law\Documents\~WRD0000.tmp


(((((((((((((((((((((((  Dateien erstellt von 2012-03-04 bis 2012-04-04  ))))))))))))))))))))))))))))))

cosinus 04.04.2012 23:24
Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

LaurenLaw 05.04.2012 11:49
Super, nun hats geklappt:

Combofix Logfile:
Code:
ComboFix 12-04-05.04 - Ms Lauren Law 05.04.2012  12:02:09.4.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3933.2664 [GMT 2:00]
ausgeführt von:: c:\users\Ms Lauren Law\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-05 bis 2012-04-05  ))))))))))))))))))))))))))))))
.
.
2012-04-05 10:13 . 2012-04-05 10:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-03 23:15 . 2012-04-03 23:15        --------        d-----w-        c:\program files\iPod
2012-04-03 23:15 . 2012-04-03 23:16        --------        d-----w-        c:\program files\iTunes
2012-04-03 18:56 . 2012-04-03 18:56        --------        d-----w-        C:\_OTL
2012-04-03 17:31 . 2012-04-03 17:31        --------        d-----w-        c:\windows\system32\Macromed
2012-04-03 16:27 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{037364A3-09BD-471B-8997-50310039AA89}\mpengine.dll
2012-04-02 14:56 . 2012-04-02 14:56        --------        d-----w-        c:\program files (x86)\ESET
2012-03-31 09:38 . 2012-03-31 09:38        --------        d-----w-        c:\users\Ms Lauren Law\AppData\Roaming\Malwarebytes
2012-03-31 09:38 . 2012-03-31 09:38        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-31 09:38 . 2012-03-31 09:38        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-31 09:38 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-15 02:02 . 2011-11-19 18:30        5504880        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-15 02:02 . 2011-11-19 14:25        3957616        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 02:02 . 2011-11-19 14:25        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:36 . 2012-02-03 04:16        3143168        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 17:36 . 2012-02-10 06:18        1541120        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 17:36 . 2012-02-10 06:17        1837568        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-03-14 17:36 . 2012-02-10 06:17        320512        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-03-14 17:36 . 2012-02-10 05:41        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 17:36 . 2012-02-10 05:41        218624        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 17:36 . 2012-02-10 06:17        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-03-14 17:36 . 2012-02-10 06:17        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-03-14 17:36 . 2012-02-10 05:41        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-03-14 17:36 . 2012-02-10 05:41        1170944        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2012-03-14 17:36 . 2012-02-10 05:41        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2012-03-14 15:40 . 2012-01-25 06:20        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:40 . 2012-01-25 06:27        76288        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 15:40 . 2012-01-25 06:27        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:40 . 2012-02-15 06:27        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 15:40 . 2012-02-15 05:44        826368        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 15:40 . 2012-02-15 04:47        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:40 . 2012-02-15 04:46        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-10 17:37 . 2012-04-03 23:16        --------        d-----w-        c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:53 . 2012-02-23 18:53        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-02-23 18:53 . 2012-02-23 18:53        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 18:53 . 2012-02-23 18:53        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 18:53 . 2012-02-23 18:53        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-02-23 18:53 . 2012-02-23 18:53        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-02-23 18:53 . 2012-02-23 18:53        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 18:53 . 2012-02-23 18:53        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 18:53 . 2012-02-23 18:53        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 18:53 . 2012-02-23 18:53        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-02-23 18:53 . 2012-02-23 18:53        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-02-23 18:53 . 2012-02-23 18:53        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-02-23 18:53 . 2012-02-23 18:53        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-02-23 18:53 . 2012-02-23 18:53        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-02-23 18:53 . 2012-02-23 18:53        448512        ----a-w-        c:\windows\system32\html.iec
2012-02-23 18:53 . 2012-02-23 18:53        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-02-23 18:53 . 2012-02-23 18:53        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-02-23 18:53 . 2012-02-23 18:53        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-02-23 18:53 . 2012-02-23 18:53        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-02-23 18:53 . 2012-02-23 18:53        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-02-23 18:53 . 2012-02-23 18:53        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-02-23 18:53 . 2012-02-23 18:53        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-02-23 18:53 . 2012-02-23 18:53        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-02-23 18:53 . 2012-02-23 18:53        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-02-23 18:53 . 2012-02-23 18:53        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-02-23 18:53 . 2012-02-23 18:53        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-02-23 18:53 . 2012-02-23 18:53        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-02-23 18:53 . 2012-02-23 18:53        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-02-23 18:53 . 2012-02-23 18:53        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-02-23 18:53 . 2012-02-23 18:53        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-02-23 18:53 . 2012-02-23 18:53        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-02-23 18:53 . 2012-02-23 18:53        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-02-23 18:53 . 2012-02-23 18:53        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-02-23 18:53 . 2012-02-23 18:53        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-02-23 18:53 . 2012-02-23 18:53        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2011-02-24 18:12        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01        52736        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-01-23 10:43 . 2012-01-30 14:58        56928        ----a-w-        c:\windows\system32\pxc40pm.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\RaUI.exe [2010-6-12 1773568]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Beschleunigen\PCSUService.exe [2011-07-20 206336]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 23:26]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPod Converter - c:\users\Ms Lauren Law\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.191.74.18 62.109.123.196
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-3988386017.www.pcspeedup.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-806744476-1919467886-1915298580-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sitecom\Common\RegistryWriter.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-05  12:42:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-05 10:42
.
Vor Suchlauf: 15 Verzeichnis(se), 87.391.416.320 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 87.008.587.776 Bytes frei
.
- - End Of File - - 0352AD34C668AFD0B07EB3AB1702136B
--- --- ---

cosinus 05.04.2012 13:41
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

LaurenLaw 05.04.2012 15:37
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 16:31:43
-----------------------------
16:31:43.963    OS Version: Windows x64 6.1.7600
16:31:43.963    Number of processors: 2 586 0x170A
16:31:43.965    ComputerName: MSLAURENLAW  UserName:
16:31:44.592    Initialize success
16:32:10.231    AVAST engine download error: 0
16:32:29.876    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:32:29.880    Disk 0 Vendor: TOSHIBA_ GC00 Size: 305245MB BusType: 3
16:32:29.924    Disk 0 MBR read successfully
16:32:29.929    Disk 0 MBR scan
16:32:29.934    Disk 0 Windows 7 default MBR code
16:32:29.949    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
16:32:29.959    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      152622 MB offset 821248
16:32:29.980    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      152222 MB offset 313391104
16:32:30.018    Disk 0 scanning C:\Windows\system32\drivers
16:32:37.123    Service scanning
16:33:14.141    Modules scanning
16:33:14.155    Disk 0 trace - called modules:
16:33:14.163   
16:33:14.504    Scan finished successfully
16:34:14.744    Disk 0 MBR has been saved successfully to "C:\Users\Ms Lauren Law\Desktop\MBR.dat"
16:34:14.750    The log file has been saved successfully to "C:\Users\Ms Lauren Law\Desktop\aswMBR.txt"

cosinus 05.04.2012 16:57
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

LaurenLaw 06.04.2012 19:18
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/06/2012 at 08:11 PM

Application Version : 5.0.1146

Core Rules Database Version : 8424
Trace Rules Database Version: 6236

Scan type      : Complete Scan
Total Scan Time : 02:08:48

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 707
Memory threats detected  : 0
Registry items scanned    : 66352
Registry threats detected : 0
File items scanned        : 179944
File threats detected    : 642

Adware.Tracking Cookie
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@112.2o7[1].txt [ /112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@2.bfugmedia[1].txt [ /2.bfugmedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@247realmedia[2].txt [ /247realmedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@a.revenuemax[1].txt [ /a.revenuemax ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@account.live[2].txt [ /account.live ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@aco.solution.weborama[2].txt [ /aco.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.360yield[1].txt [ /ad.360yield ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.adition[1].txt [ /ad.adition ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.adnet[2].txt [ /ad.adnet ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.allvoices[1].txt [ /ad.allvoices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.beepworld[2].txt [ /ad.beepworld ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.dyntracker[1].txt [ /ad.dyntracker ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.dyntracker[2].txt [ /ad.dyntracker ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.leadbolt[1].txt [ /ad.leadbolt ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.reklamport[2].txt [ /ad.reklamport ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.wsod[2].txt [ /ad.wsod ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad.youporn.videobox[1].txt [ /ad.youporn.videobox ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad1.adfarm.adtelligence[2].txt [ /ad1.adfarm.adtelligence ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad2.adfarm1.adition[1].txt [ /ad2.adfarm1.adition ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad5.adfarm1.adition[2].txt [ /ad5.adfarm1.adition ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ad6media[1].txt [ /ad6media ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adbrite[1].txt [ /adbrite ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adcentriconline[2].txt [ /adcentriconline ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adinterax[2].txt [ /adinterax ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.ad4game[2].txt [ /ads.ad4game ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.adk2[2].txt [ /ads.adk2 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.carpooling[1].txt [ /ads.carpooling ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.cinemaden[1].txt [ /ads.cinemaden ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.clicmanager[1].txt [ /ads.clicmanager ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.cosmotourist[2].txt [ /ads.cosmotourist ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.cpxadroit[2].txt [ /ads.cpxadroit ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.e-planning[1].txt [ /ads.e-planning ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.fling[1].txt [ /ads.fling ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.horyzon-media[2].txt [ /ads.horyzon-media ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.iadmanager[2].txt [ /ads.iadmanager ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.immobilienscout24[1].txt [ /ads.immobilienscout24 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.lzjl[2].txt [ /ads.lzjl ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.medienhaus[1].txt [ /ads.medienhaus ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.mikinimedia[2].txt [ /ads.mikinimedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.mitfahrzentrale[1].txt [ /ads.mitfahrzentrale ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.moveco[1].txt [ /ads.moveco ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.moviease[1].txt [ /ads.moviease ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.pointroll[1].txt [ /ads.pointroll ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.quartermedia[2].txt [ /ads.quartermedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.sportwerk[1].txt [ /ads.sportwerk ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.startseiten24[1].txt [ /ads.startseiten24 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.traffikings[1].txt [ /ads.traffikings ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.travel-overland[1].txt [ /ads.travel-overland ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.undertone[2].txt [ /ads.undertone ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.us.e-planning[1].txt [ /ads.us.e-planning ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.youporn[2].txt [ /ads.youporn ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads.zeusclicks[1].txt [ /ads.zeusclicks ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads2.zeusclicks[1].txt [ /ads2.zeusclicks ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads20.wwe-media[2].txt [ /ads20.wwe-media ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ads5.netpublisher[2].txt [ /ads5.netpublisher ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserv.quality-channel[2].txt [ /adserv.quality-channel ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver.adreactor[1].txt [ /adserver.adreactor ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver.adtechus[1].txt [ /adserver.adtechus ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver.kino-zeit[1].txt [ /adserver.kino-zeit ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver.mitfahrzentrale[2].txt [ /adserver.mitfahrzentrale ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver.tattooscout[1].txt [ /adserver.tattooscout ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver.webmasterbond[1].txt [ /adserver.webmasterbond ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver.yopi[1].txt [ /adserver.yopi ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver2.clipkit[1].txt [ /adserver2.clipkit ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserver2.traffictrack[2].txt [ /adserver2.traffictrack ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adserving.versaneeds[1].txt [ /adserving.versaneeds ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adsrv.admediate[2].txt [ /adsrv.admediate ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adsrv1.admediate[1].txt [ /adsrv1.admediate ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adtech[1].txt [ /adtech ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@advertising[2].txt [ /advertising ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@advertstream[1].txt [ /advertstream ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adx.chip[2].txt [ /adx.chip ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adxpansion[2].txt [ /adxpansion ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@adxpose[1].txt [ /adxpose ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@aidacruises.122.2o7[1].txt [ /aidacruises.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@aimfar.solution.weborama[1].txt [ /aimfar.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@albumprinter.122.2o7[1].txt [ /albumprinter.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@apmebf[1].txt [ /apmebf ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@apodiscounter[1].txt [ /apodiscounter ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@atdmt.combing[1].txt [ /atdmt.combing ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@autoscout24.112.2o7[1].txt [ /autoscout24.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@banner.testberichte[1].txt [ /banner.testberichte ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@banquepopulaire2010.solution.weborama[2].txt [ /banquepopulaire2010.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@baseco.solution.weborama[2].txt [ /baseco.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@bizrate[1].txt [ /bizrate ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@bluestreak[2].txt [ /bluestreak ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@bnpparibasnet.solution.weborama[2].txt [ /bnpparibasnet.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@bs.serving-sys[2].txt [ /bs.serving-sys ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@burstnet[2].txt [ /burstnet ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@cdn5.specificclick[1].txt [ /cdn5.specificclick ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@cheaptickets.122.2o7[1].txt [ /cheaptickets.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@clickbank[1].txt [ /clickbank ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@clicks.pangora[1].txt [ /clicks.pangora ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@clicksor[1].txt [ /clicksor ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@cngg-stats.condenastdigital[1].txt [ /cngg-stats.condenastdigital ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@cofidis2.solution.weborama[2].txt [ /cofidis2.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@content.yieldmanager[3].txt [ /content.yieldmanager ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@count.rbc[1].txt [ /count.rbc ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@countomat[1].txt [ /countomat ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@cunda.122.2o7[1].txt [ /cunda.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@dealtime[1].txt [ /dealtime ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@deutschepostag.112.2o7[1].txt [ /deutschepostag.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@directtrack[1].txt [ /directtrack ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@discounter-in-deutschland[2].txt [ /discounter-in-deutschland ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@dmtracker[1].txt [ /dmtracker ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ds.clickexperts[1].txt [ /ds.clickexperts ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@dztadserver.dx-work[2].txt [ /dztadserver.dx-work ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6aekiogazmko.stats.esomniture[2].txt [ /e-2dj6aekiogazmko.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6aekyghcjsep.stats.esomniture[2].txt [ /e-2dj6aekyghcjsep.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6aeliakdjsco.stats.esomniture[2].txt [ /e-2dj6aeliakdjsco.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6wbliwgd5olo.stats.esomniture[2].txt [ /e-2dj6wbliwgd5olo.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6wcliwoc5chp.stats.esomniture[2].txt [ /e-2dj6wcliwoc5chp.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6whkowiczmdp.stats.esomniture[1].txt [ /e-2dj6whkowiczmdp.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6wjlyahd5glp.stats.esomniture[2].txt [ /e-2dj6wjlyahd5glp.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6wmk4omd5iep.stats.esomniture[2].txt [ /e-2dj6wmk4omd5iep.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@e-2dj6wnmyeidzgeo.stats.esomniture[2].txt [ /e-2dj6wnmyeidzgeo.stats.esomniture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@eaeacom.112.2o7[1].txt [ /eaeacom.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@eas4.emediate[1].txt [ /eas4.emediate ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@elitepartner.tt.omtrdc[2].txt [ /elitepartner.tt.omtrdc ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@elitepartner[1].txt [ /elitepartner ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ero-advertising[2].txt [ /ero-advertising ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@eyewonder[2].txt [ /eyewonder ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@fl01.ct2.comclick[2].txt [ /fl01.ct2.comclick ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@frontlinegmbh.122.2o7[1].txt [ /frontlinegmbh.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@gemey2011.solution.weborama[2].txt [ /gemey2011.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@germanwings.112.2o7[1].txt [ /germanwings.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@girlsteachsex[2].txt [ /girlsteachsex ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@gostats[1].txt [ /gostats ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@gotacha.rotator.hadj7.adjuggler[1].txt [ /gotacha.rotator.hadj7.adjuggler ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@gotacha.rotator.hadj7.adjuggler[2].txt [ /gotacha.rotator.hadj7.adjuggler ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@guj.122.2o7[1].txt [ /guj.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@hansenet.122.2o7[1].txt [ /hansenet.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@harrenmedianetwork[1].txt [ /harrenmedianetwork ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@himedia.individuad[1].txt [ /himedia.individuad ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@horyzon-media[1].txt [ /horyzon-media ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ice.112.2o7[1].txt [ /ice.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@idtgv.solution.weborama[2].txt [ /idtgv.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@imrworldwide[2].txt [ /imrworldwide ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@indigio.122.2o7[1].txt [ /indigio.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@interclick[1].txt [ /interclick ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@intersportmontagne.solution.weborama[2].txt [ /intersportmontagne.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@jsfp.coremetrics[2].txt [ /jsfp.coremetrics ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@komtrack[1].txt [ /komtrack ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@komtrack[2].txt [ /komtrack ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@kontera[1].txt [ /kontera ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@legolas-media[1].txt [ /legolas-media ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@lfstmedia[1].txt [ /lfstmedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@liveperson[1].txt [ /liveperson ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@liveperson[2].txt [ /liveperson ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@liveperson[3].txt [ /liveperson ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@liveperson[5].txt [ /liveperson ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@loralparis2011.solution.weborama[2].txt [ /loralparis2011.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@lstat.youku[1].txt [ /lstat.youku ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@media.photobucket[1].txt [ /media.photobucket ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@media2.legacy[1].txt [ /media2.legacy ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@media6degrees[2].txt [ /media6degrees ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@mediafire[1].txt [ /mediafire ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@mediaforge[1].txt [ /mediaforge ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@mediastay.directtrack[2].txt [ /mediastay.directtrack ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@metroleap.rotator.hadj7.adjuggler[2].txt [ /metroleap.rotator.hadj7.adjuggler ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@microsoftinternetexplorer.112.2o7[1].txt [ /microsoftinternetexplorer.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@microsoftmachinetranslation.112.2o7[1].txt [ /microsoftmachinetranslation.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@microsoftwlsearchcrm.112.2o7[1].txt [ /microsoftwlsearchcrm.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@mm.chitika[1].txt [ /mm.chitika ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@monoprix.solution.weborama[2].txt [ /monoprix.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@naked[1].txt [ /naked ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@nedstat.hostelbookers[1].txt [ /nedstat.hostelbookers ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@nedstat.hostelbookers[2].txt [ /nedstat.hostelbookers ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@nedstat.hostelbookers[3].txt [ /nedstat.hostelbookers ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@nextag[1].txt [ /nextag ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@nike.112.2o7[1].txt [ /nike.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@overture[1].txt [ /overture ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@parship.122.2o7[1].txt [ /parship.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@partypoker[3].txt [ /partypoker ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@pluckit.demandmedia[1].txt [ /pluckit.demandmedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@pmu3.solution.weborama[2].txt [ /pmu3.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@pointroll[2].txt [ /pointroll ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@pornhub[2].txt [ /pornhub ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@pornme[2].txt [ /pornme ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@realmedia[2].txt [ /realmedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@revenue[2].txt [ /revenue ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@revsci[1].txt [ /revsci ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@rgadvert[2].txt [ /rgadvert ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@roitracking[1].txt [ /roitracking ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@rotator.adjuggler[1].txt [ /rotator.adjuggler ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ru4[1].txt [ /ru4 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@secmedia[2].txt [ /secmedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@server.cpmstar[2].txt [ /server.cpmstar ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@server.iad.liveperson[1].txt [ /server.iad.liveperson ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@server.lon.liveperson[1].txt [ /server.lon.liveperson ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@sfr.solution.weborama[2].txt [ /sfr.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@snapfish.112.2o7[1].txt [ /snapfish.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@specificclick[1].txt [ /specificclick ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@start.elitepartner[2].txt [ /start.elitepartner ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stat.culturebase[1].txt [ /stat.culturebase ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stat.dealtime[1].txt [ /stat.dealtime ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stat.heimat[2].txt [ /stat.heimat ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stat.onestat[2].txt [ /stat.onestat ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stat.youku[1].txt [ /stat.youku ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@statcounter[1].txt [ /statcounter ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stats.d-p-h[1].txt [ /stats.d-p-h ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stats.paypal[2].txt [ /stats.paypal ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@stats.yetanotherblog[1].txt [ /stats.yetanotherblog ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@statsadv.dadapro[1].txt [ /statsadv.dadapro ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@supremeadserver[2].txt [ /supremeadserver ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tacoda.at.atwola[2].txt [ /tacoda.at.atwola ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tele2de.112.2o7[1].txt [ /tele2de.112.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tns-counter[1].txt [ /tns-counter ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@toyota2.solution.weborama[2].txt [ /toyota2.solution.weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@track.effiliation[1].txt [ /track.effiliation ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@track.webtrekk[1].txt [ /track.webtrekk ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@track.webtrekk[2].txt [ /track.webtrekk ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.3gnet[1].txt [ /tracking.3gnet ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.affiliaxe[2].txt [ /tracking.affiliaxe ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.bmbfcluster[1].txt [ /tracking.bmbfcluster ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.dc-storm[1].txt [ /tracking.dc-storm ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.ejoni[1].txt [ /tracking.ejoni ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.hannoversche[1].txt [ /tracking.hannoversche ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.inuvo[2].txt [ /tracking.inuvo ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.publicidees[1].txt [ /tracking.publicidees ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.star-advertising[2].txt [ /tracking.star-advertising ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.tchibo[1].txt [ /tracking.tchibo ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tracking.veille-referencement[2].txt [ /tracking.veille-referencement ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tradedoubler[1].txt [ /tradedoubler ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@trafficmp[1].txt [ /trafficmp ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@traveladvertising[1].txt [ /traveladvertising ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@tto2.traffictrack[2].txt [ /tto2.traffictrack ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@uk.at.atwola[1].txt [ /uk.at.atwola ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@usenext.122.2o7[1].txt [ /usenext.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@viacom.adbureau[2].txt [ /viacom.adbureau ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@videoegg.adbureau[1].txt [ /videoegg.adbureau ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@vinvest.122.2o7[1].txt [ /vinvest.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@vodafonegroup.122.2o7[1].txt [ /vodafonegroup.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@weborama[1].txt [ /weborama ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@wissende.122.2o7[1].txt [ /wissende.122.2o7 ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@ww381.smartadserver[2].txt [ /ww381.smartadserver ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.active-tracking[2].txt [ /www.active-tracking ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.advertonic[2].txt [ /www.advertonic ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.bigtracker[1].txt [ /www.bigtracker ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.burstnet[2].txt [ /www.burstnet ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.elitepartner[2].txt [ /www.elitepartner ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[10].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[11].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[1].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[3].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[5].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[6].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[7].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[8].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.googleadservices[9].txt [ /www.googleadservices ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.messengerdusexe[1].txt [ /www.messengerdusexe ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.pornhub[1].txt [ /www.pornhub ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.traffic2drive[1].txt [ /www.traffic2drive ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www.yuoporn[1].txt [ /www.yuoporn ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@www3.smartadserver[2].txt [ /www3.smartadserver ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@xiti[1].txt [ /xiti ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@xm.xtendmedia[2].txt [ /xm.xtendmedia ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@yadro[2].txt [ /yadro ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@yieldmanager[1].txt [ /yieldmanager ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@youporn.videobox[1].txt [ /youporn.videobox ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@youporne[1].txt [ /youporne ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@youporn[2].txt [ /youporn ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ms_lauren_law@zbox.zanox[1].txt [ /zbox.zanox ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\1VL01HFJ.txt [ /tracking.quisma.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\Q0H56MWF.txt [ /fastclick.net ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\M7FFZQK4.txt [ /youporn.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\T1U0HIZC.txt [ /mediaplex.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\JO5SKGAC.txt [ /de.partypoker.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\42R09K1H.txt [ /doubleclick.net ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\IV9WQBJM.txt [ /www.youporn.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\IBWMCMCU.txt [ /www.usenext.de ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\024Q7JNZ.txt [ /apmebf.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\8UC650DI.txt [ /partypoker.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\X93X1RIP.txt [ /zanox.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\ZVPP3UXE.txt [ /forum.usenext.de ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\DJXPEQR3.txt [ /oracle.112.2o7.net ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\GW63R3PI.txt [ /usenext.de ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\NYRKDB5B.txt [ /smartadserver.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\B0YAUVSD.txt [ /ad.adc-serv.net ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\QJOIKU4L.txt [ /counter.hitslink.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\SUVW7D4B.txt [ /rts.pgmediaserve.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\Q7CFTT4D.txt [ /exoclick.com ]
        C:\Users\Ms Lauren Law\AppData\Roaming\Microsoft\Windows\Cookies\0OHRAM65.txt [ /www.usenext.com ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@imrworldwide[2].txt [ Cookie:ms lauren law@imrworldwide.com/cgi-bin ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\R85HYIYM.txt [ Cookie:ms lauren law@fastclick.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ads.quartermedia[2].txt [ Cookie:ms lauren law@ads.quartermedia.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\BQPTFBRZ.txt [ Cookie:ms lauren law@youporn.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@media6degrees[2].txt [ Cookie:ms lauren law@media6degrees.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@snapfish.112.2o7[1].txt [ Cookie:ms lauren law@snapfish.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@msnportal.112.2o7[1].txt [ Cookie:ms lauren law@msnportal.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0GUQR46.txt [ Cookie:ms lauren law@traffictrack.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\KNL64NFX.txt [ Cookie:ms lauren law@track.effiliation.com/servlet/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@bluestreak[2].txt [ Cookie:ms lauren law@bluestreak.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.pornhub[1].txt [ Cookie:ms lauren law@www.pornhub.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQLL3UFZ.txt [ Cookie:ms lauren law@eas.apm.emediate.eu/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\NG3PFQER.txt [ Cookie:ms lauren law@atdmt.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@intersportmontagne.solution.weborama[2].txt [ Cookie:ms lauren law@intersportmontagne.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@countomat[1].txt [ Cookie:ms lauren law@countomat.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\BKYV9O33.txt [ Cookie:ms lauren law@doubleclick.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@eyewonder[2].txt [ Cookie:ms lauren law@eyewonder.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@paypal.112.2o7[1].txt [ Cookie:ms lauren law@paypal.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@autoscout24.112.2o7[1].txt [ Cookie:ms lauren law@autoscout24.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@eaeacom.112.2o7[1].txt [ Cookie:ms lauren law@eaeacom.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@guj.122.2o7[1].txt [ Cookie:ms lauren law@guj.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@lfstmedia[1].txt [ Cookie:ms lauren law@lfstmedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\VDDK7NVB.txt [ Cookie:ms lauren law@adviva.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\A7A27Y33.txt [ Cookie:ms lauren law@tradedoubler.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@track.effiliation[1].txt [ Cookie:ms lauren law@track.effiliation.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@xiti[1].txt [ Cookie:ms lauren law@xiti.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@apmebf[1].txt [ Cookie:ms lauren law@apmebf.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ads.youporn[2].txt [ Cookie:ms lauren law@ads.youporn.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\JACEA0WE.txt [ Cookie:ms lauren law@bs.serving-sys.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\A1JT2B8K.txt [ Cookie:ms lauren law@zanox.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\42H9H0PO.txt [ Cookie:ms lauren law@partypoker.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@xm.xtendmedia[2].txt [ Cookie:ms lauren law@xm.xtendmedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@youporn[2].txt [ Cookie:ms lauren law@youporn.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\162AKRQ7.txt [ Cookie:ms lauren law@casalemedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\DX9DU1RR.txt [ Cookie:ms lauren law@questionmarket.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adserver.adtechus[1].txt [ Cookie:ms lauren law@adserver.adtechus.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\RA6YD216.txt [ Cookie:ms lauren law@www.zanox-affiliate.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[2].txt [ Cookie:ms lauren law@de.sitestat.com/karstadt-de/karstadt/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@statcounter[1].txt [ Cookie:ms lauren law@statcounter.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZCNFOIJT.txt [ Cookie:ms lauren law@www.etracker.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\IYYHY7PA.txt [ Cookie:ms lauren law@tracking.mindshare.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@traveladvertising[1].txt [ Cookie:ms lauren law@traveladvertising.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@247realmedia[2].txt [ Cookie:ms lauren law@247realmedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\R1RTLESE.txt [ Cookie:ms lauren law@smartadserver.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWICDX3M.txt [ Cookie:ms lauren law@adtech.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@revenue[2].txt [ Cookie:ms lauren law@revenue.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@2.bfugmedia[1].txt [ Cookie:ms lauren law@2.bfugmedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\TDKV0JRL.txt [ Cookie:ms lauren law@adultfriendfinder.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@youporn.videobox[1].txt [ Cookie:ms lauren law@youporn.videobox.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZOS6U6N.txt [ Cookie:ms lauren law@2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.elitepartner[2].txt [ Cookie:ms lauren law@www.elitepartner.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ru4[1].txt [ Cookie:ms lauren law@ru4.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@hansenet.122.2o7[1].txt [ Cookie:ms lauren law@hansenet.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.burstnet[2].txt [ Cookie:ms lauren law@www.burstnet.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@lstat.youku[1].txt [ Cookie:ms lauren law@lstat.youku.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@nedstat.hostelbookers[3].txt [ Cookie:ms lauren law@nedstat.hostelbookers.com/hb/de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[1].txt [ Cookie:ms lauren law@de.sitestat.com/is24-mail/is24-mail/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQZ4P2O5.txt [ Cookie:ms lauren law@ad3.adfarm1.adition.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tns-counter[1].txt [ Cookie:ms lauren law@tns-counter.ru/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tracking.hannoversche[1].txt [ Cookie:ms lauren law@tracking.hannoversche.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@wissende.122.2o7[1].txt [ Cookie:ms lauren law@wissende.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\U55NOPYI.txt [ Cookie:ms lauren law@revsci.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[3].txt [ Cookie:ms lauren law@de.sitestat.com/karstadt-de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@rotator.adjuggler[1].txt [ Cookie:ms lauren law@rotator.adjuggler.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@uk.at.atwola[1].txt [ Cookie:ms lauren law@uk.at.atwola.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@himedia.individuad[1].txt [ Cookie:ms lauren law@himedia.individuad.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ad.adition[1].txt [ Cookie:ms lauren law@ad.adition.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@videoegg.adbureau[1].txt [ Cookie:ms lauren law@videoegg.adbureau.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZVQ1G1I.txt [ Cookie:ms lauren law@ads.crakmedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adserver2.traffictrack[2].txt [ Cookie:ms lauren law@adserver2.traffictrack.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@jsfp.coremetrics[2].txt [ Cookie:ms lauren law@jsfp.coremetrics.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\3AGWQY0F.txt [ Cookie:ms lauren law@collective-media.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ad.adnet[2].txt [ Cookie:ms lauren law@ad.adnet.biz/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ero-advertising[2].txt [ Cookie:ms lauren law@ero-advertising.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\G6OWCP1O.txt [ Cookie:ms lauren law@adx.chip.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.yuoporn[1].txt [ Cookie:ms lauren law@www.yuoporn.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@apodiscounter[1].txt [ Cookie:ms lauren law@apodiscounter.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ads20.wwe-media[2].txt [ Cookie:ms lauren law@ads20.wwe-media.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ad5.adfarm1.adition[2].txt [ Cookie:ms lauren law@ad5.adfarm1.adition.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@burstnet[2].txt [ Cookie:ms lauren law@burstnet.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adbrite[1].txt [ Cookie:ms lauren law@adbrite.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@cunda.122.2o7[1].txt [ Cookie:ms lauren law@cunda.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@fl01.ct2.comclick[2].txt [ Cookie:ms lauren law@fl01.ct2.comclick.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adserver.kino-zeit[1].txt [ Cookie:ms lauren law@adserver.kino-zeit.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\1I86LBXG.txt [ Cookie:ms lauren law@ad2.adfarm1.adition.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGS448NP.txt [ Cookie:ms lauren law@statse.webtrendslive.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@microsoftmachinetranslation.112.2o7[1].txt [ Cookie:ms lauren law@microsoftmachinetranslation.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tracking.inuvo[2].txt [ Cookie:ms lauren law@tracking.inuvo.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@mediafire[1].txt [ Cookie:ms lauren law@mediafire.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ice.112.2o7[1].txt [ Cookie:ms lauren law@ice.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z3OHBIDK.txt [ Cookie:ms lauren law@ad.adnet.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\6X0ZG97B.txt [ Cookie:ms lauren law@tribalfusion.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@komtrack[2].txt [ Cookie:ms lauren law@komtrack.com/tr/869350 ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@track.webtrekk[1].txt [ Cookie:ms lauren law@track.webtrekk.de/562243648792138/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@roitracking[1].txt [ Cookie:ms lauren law@roitracking.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@clicksor[1].txt [ Cookie:ms lauren law@clicksor.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\1451A7YO.txt [ Cookie:ms lauren law@unitymedia.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\7TQZMBV7.txt [ Cookie:ms lauren law@im.banner.t-online.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@overture[1].txt [ Cookie:ms lauren law@overture.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@advertising[2].txt [ Cookie:ms lauren law@advertising.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@aidacruises.122.2o7[1].txt [ Cookie:ms lauren law@aidacruises.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\8O676AKJ.txt [ Cookie:ms lauren law@adform.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@nike.112.2o7[1].txt [ Cookie:ms lauren law@nike.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@statsadv.dadapro[1].txt [ Cookie:ms lauren law@statsadv.dadapro.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@loralparis2011.solution.weborama[2].txt [ Cookie:ms lauren law@loralparis2011.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adserver.tattooscout[1].txt [ Cookie:ms lauren law@adserver.tattooscout.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@count.rbc[1].txt [ Cookie:ms lauren law@count.rbc.ru/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@stat.onestat[2].txt [ Cookie:ms lauren law@stat.onestat.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@sevenoneintermedia.112.2o7[1].txt [ Cookie:ms lauren law@sevenoneintermedia.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\OD5A8HT5.txt [ Cookie:ms lauren law@studivz.adfarm1.adition.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\W3VLYTNE.txt [ Cookie:ms lauren law@de.partypoker.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@in.mydirtyhobby[2].txt [ Cookie:ms lauren law@in.mydirtyhobby.com/track/vZIPADkU,33/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@komtrack[1].txt [ Cookie:ms lauren law@komtrack.com/tr ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXEGQGL0.txt [ Cookie:ms lauren law@ad4.adfarm1.adition.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@idtgv.solution.weborama[2].txt [ Cookie:ms lauren law@idtgv.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@e-2dj6wnmyeidzgeo.stats.esomniture[2].txt [ Cookie:ms lauren law@e-2dj6wnmyeidzgeo.stats.esomniture.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\4S9ZZME9.txt [ Cookie:ms lauren law@www.google.com/accounts ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adinterax[2].txt [ Cookie:ms lauren law@adinterax.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@e-2dj6aekiogazmko.stats.esomniture[2].txt [ Cookie:ms lauren law@e-2dj6aekiogazmko.stats.esomniture.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@e-2dj6aeliakdjsco.stats.esomniture[2].txt [ Cookie:ms lauren law@e-2dj6aeliakdjsco.stats.esomniture.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@stat.dealtime[1].txt [ Cookie:ms lauren law@stat.dealtime.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tracking.ejoni[1].txt [ Cookie:ms lauren law@tracking.ejoni.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@secmedia[2].txt [ Cookie:ms lauren law@secmedia.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ads.pointroll[1].txt [ Cookie:ms lauren law@ads.pointroll.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.bigtracker[1].txt [ Cookie:ms lauren law@www.bigtracker.de/piwik/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\JP7KJ3IW.txt [ Cookie:ms lauren law@www.youporn.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ds.clickexperts[1].txt [ Cookie:ms lauren law@ds.clickexperts.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@yieldmanager[1].txt [ Cookie:ms lauren law@yieldmanager.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adxpose[1].txt [ Cookie:ms lauren law@adxpose.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@vinvest.122.2o7[1].txt [ Cookie:ms lauren law@vinvest.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@baseco.solution.weborama[2].txt [ Cookie:ms lauren law@baseco.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@indigio.122.2o7[1].txt [ Cookie:ms lauren law@indigio.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@sfr.solution.weborama[2].txt [ Cookie:ms lauren law@sfr.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@stat.youku[1].txt [ Cookie:ms lauren law@stat.youku.com/player/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@kontera[1].txt [ Cookie:ms lauren law@kontera.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@liveperson[1].txt [ Cookie:ms lauren law@liveperson.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@clicks.pangora[1].txt [ Cookie:ms lauren law@clicks.pangora.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@media2.legacy[1].txt [ Cookie:ms lauren law@media2.legacy.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.advertonic[2].txt [ Cookie:ms lauren law@www.advertonic.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@youporne[1].txt [ Cookie:ms lauren law@youporne.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@discounter-in-deutschland[2].txt [ Cookie:ms lauren law@discounter-in-deutschland.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@yadro[2].txt [ Cookie:ms lauren law@yadro.ru/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\SN0IFLZN.txt [ Cookie:ms lauren law@content.yieldmanager.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\K6L4SH87.txt [ Cookie:ms lauren law@rts.pgmediaserve.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tracking.veille-referencement[2].txt [ Cookie:ms lauren law@tracking.veille-referencement.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@aimfar.solution.weborama[1].txt [ Cookie:ms lauren law@aimfar.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@stats.paypal[2].txt [ Cookie:ms lauren law@stats.paypal.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@partypoker[3].txt [ Cookie:ms lauren law@partypoker.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@metroleap.rotator.hadj7.adjuggler[2].txt [ Cookie:ms lauren law@metroleap.rotator.hadj7.adjuggler.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[10].txt [ Cookie:ms lauren law@de.sitestat.com/haba/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@a.revenuemax[1].txt [ Cookie:ms lauren law@a.revenuemax.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@pluckit.demandmedia[1].txt [ Cookie:ms lauren law@pluckit.demandmedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\3ZL8GT48.txt [ Cookie:ms lauren law@pornografish.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@supremeadserver[2].txt [ Cookie:ms lauren law@supremeadserver.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@dmtracker[1].txt [ Cookie:ms lauren law@dmtracker.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tacoda.at.atwola[2].txt [ Cookie:ms lauren law@tacoda.at.atwola.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@gemey2011.solution.weborama[2].txt [ Cookie:ms lauren law@gemey2011.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@microsoftinternetexplorer.112.2o7[1].txt [ Cookie:ms lauren law@microsoftinternetexplorer.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.active-tracking[2].txt [ Cookie:ms lauren law@www.active-tracking.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@pointroll[2].txt [ Cookie:ms lauren law@pointroll.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@e-2dj6aekyghcjsep.stats.esomniture[2].txt [ Cookie:ms lauren law@e-2dj6aekyghcjsep.stats.esomniture.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adxpansion[2].txt [ Cookie:ms lauren law@adxpansion.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@server.lon.liveperson[1].txt [ Cookie:ms lauren law@server.lon.liveperson.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@bizrate[1].txt [ Cookie:ms lauren law@bizrate.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ww381.smartadserver[2].txt [ Cookie:ms lauren law@ww381.smartadserver.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@dztadserver.dx-work[2].txt [ Cookie:ms lauren law@dztadserver.dx-work.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ads2.zeusclicks[1].txt [ Cookie:ms lauren law@ads2.zeusclicks.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QU9CD6T.txt [ Cookie:ms lauren law@media.gan-online.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[8].txt [ Cookie:ms lauren law@de.sitestat.com/ndr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\QGQK5DW8.txt [ Cookie:ms lauren law@banners.xxxgaymatch.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@liveperson[3].txt [ Cookie:ms lauren law@liveperson.net/hc/67442175 ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@stats.yetanotherblog[1].txt [ Cookie:ms lauren law@stats.yetanotherblog.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@trafficmp[1].txt [ Cookie:ms lauren law@trafficmp.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@directtrack[1].txt [ Cookie:ms lauren law@directtrack.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@account.live[2].txt [ Cookie:ms lauren law@account.live.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@frontlinegmbh.122.2o7[1].txt [ Cookie:ms lauren law@frontlinegmbh.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@rgadvert[2].txt [ Cookie:ms lauren law@rgadvert.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\1WUB3NRI.txt [ Cookie:ms lauren law@www.usenext.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[7].txt [ Cookie:ms lauren law@de.sitestat.com/ndr/ts/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@mediaforge[1].txt [ Cookie:ms lauren law@mediaforge.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@e-2dj6whkowiczmdp.stats.esomniture[1].txt [ Cookie:ms lauren law@e-2dj6whkowiczmdp.stats.esomniture.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tracking.3gnet[1].txt [ Cookie:ms lauren law@tracking.3gnet.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@zbox.zanox[1].txt [ Cookie:ms lauren law@zbox.zanox.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@cngg-stats.condenastdigital[1].txt [ Cookie:ms lauren law@cngg-stats.condenastdigital.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.googleadservices[1].txt [ Cookie:ms lauren law@www.googleadservices.com/pagead/conversion/1066875729/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.googleadservices[9].txt [ Cookie:ms lauren law@www.googleadservices.com/pagead/conversion/1021415196/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@server.cpmstar[2].txt [ Cookie:ms lauren law@server.cpmstar.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSDIGG8H.txt [ Cookie:ms lauren law@www.youporncocks.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@fr.sitestat[1].txt [ Cookie:ms lauren law@fr.sitestat.com/euronews/euronews/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[4].txt [ Cookie:ms lauren law@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.traffic2drive[1].txt [ Cookie:ms lauren law@www.traffic2drive.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@mm.chitika[1].txt [ Cookie:ms lauren law@mm.chitika.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tracking.affiliaxe[2].txt [ Cookie:ms lauren law@tracking.affiliaxe.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@server.iad.liveperson[1].txt [ Cookie:ms lauren law@server.iad.liveperson.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@gotacha.rotator.hadj7.adjuggler[1].txt [ Cookie:ms lauren law@gotacha.rotator.hadj7.adjuggler.net/servlet/ajrotator/85029/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\L1XSCPA9.txt [ Cookie:ms lauren law@adserver2.exgfnetwork.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.googleadservices[3].txt [ Cookie:ms lauren law@www.googleadservices.com/pagead/conversion/1051309330/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYWRVY4T.txt [ Cookie:ms lauren law@stats.justhost.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\6QUCDKES.txt [ Cookie:ms lauren law@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@aco.solution.weborama[2].txt [ Cookie:ms lauren law@aco.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ad6media[1].txt [ Cookie:ms lauren law@ad6media.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@germanwings.112.2o7[1].txt [ Cookie:ms lauren law@germanwings.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.googleadservices[5].txt [ Cookie:ms lauren law@www.googleadservices.com/pagead/conversion/1052039368/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tracking.publicidees[1].txt [ Cookie:ms lauren law@tracking.publicidees.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adsonar[3].txt [ Cookie:ms lauren law@adsonar.com/adserving ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@start.elitepartner[2].txt [ Cookie:ms lauren law@start.elitepartner.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RWZ47KR.txt [ Cookie:ms lauren law@youporncocks.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@clkads[4].txt [ Cookie:ms lauren law@clkads.com/adServe/static/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\6SQWSL16.txt [ Cookie:ms lauren law@freewebcamsex.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUK2O59F.txt [ Cookie:ms lauren law@edates.traffective-tracking.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@realmedia[2].txt [ Cookie:ms lauren law@realmedia.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@banquepopulaire2010.solution.weborama[2].txt [ Cookie:ms lauren law@banquepopulaire2010.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTCLUF2S.txt [ Cookie:ms lauren law@youporngay.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\LZ61W26B.txt [ Cookie:ms lauren law@h.atdmt.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\46YUUEJO.txt [ Cookie:ms lauren law@exoclick.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@usenext.122.2o7[1].txt [ Cookie:ms lauren law@usenext.122.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@mediastay.directtrack[2].txt [ Cookie:ms lauren law@mediastay.directtrack.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adserving.versaneeds[1].txt [ Cookie:ms lauren law@adserving.versaneeds.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@pmu3.solution.weborama[2].txt [ Cookie:ms lauren law@pmu3.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@liveperson[2].txt [ Cookie:ms lauren law@liveperson.net/hc/16903755 ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@bnpparibasnet.solution.weborama[2].txt [ Cookie:ms lauren law@bnpparibasnet.solution.weborama.fr/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www3.smartadserver[2].txt [ Cookie:ms lauren law@www3.smartadserver.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@content.yieldmanager[3].txt [ Cookie:ms lauren law@content.yieldmanager.com/ak/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0BDL23X.txt [ Cookie:ms lauren law@www.googleadservices.com/pagead/conversion/1065944648/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@tto2.traffictrack[2].txt [ Cookie:ms lauren law@tto2.traffictrack.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\E31BK844.txt [ Cookie:ms lauren law@exoclick.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\H69GKR03.txt [ Cookie:ms lauren law@hightraffic.hugoboss.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\6XEWZXSE.txt [ Cookie:ms lauren law@count.asnetworks.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ad.dyntracker[1].txt [ Cookie:ms lauren law@ad.dyntracker.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@www.googleadservices[7].txt [ Cookie:ms lauren law@www.googleadservices.com/pagead/conversion/1067082950/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@de.sitestat[9].txt [ Cookie:ms lauren law@de.sitestat.com/haba/jako-o-de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@adserver.mitfahrzentrale[2].txt [ Cookie:ms lauren law@adserver.mitfahrzentrale.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\SFWB3Z1A.txt [ Cookie:ms lauren law@affiliates.commissionaccount.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\LILJNSLL.txt [ Cookie:ms lauren law@amazon-adsystem.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\N7IVEH5J.txt [ Cookie:ms lauren law@www.youpporn.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@clkads[2].txt [ Cookie:ms lauren law@clkads.com/adServe/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\U6R6THVD.txt [ Cookie:ms lauren law@openx.sexsearchcom.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@gostats[1].txt [ Cookie:ms lauren law@gostats.de/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ads5.netpublisher[2].txt [ Cookie:ms lauren law@ads5.netpublisher.pe/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\XMZDUU71.txt [ Cookie:ms lauren law@google.com/accounts/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\82DW7OGR.txt [ Cookie:ms lauren law@c.atdmt.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@e-2dj6wbliwgd5olo.stats.esomniture[2].txt [ Cookie:ms lauren law@e-2dj6wbliwgd5olo.stats.esomniture.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ms_lauren_law@ads.zeusclicks[1].txt [ Cookie:ms lauren law@ads.zeusclicks.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QHWQXW4.txt [ Cookie:ms lauren law@www.googleadservices.com/pagead/conversion/1042917106/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\SL4ZBBM9.txt [ Cookie:ms lauren law@www.google.de/accounts ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNEJQ0S9.txt [ Cookie:ms lauren law@pro-market.net/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNIS5VJQ.txt [ Cookie:ms lauren law@xxxgaymatch.com/ ]
        C:\USERS\MS LAUREN LAW\AppData\Roaming\Microsoft\Windows\Cookies\Low\9OFZST0M.txt [ Cookie:ms lauren law@stat.ed.cupidplc.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\Q0H56MWF.txt [ Cookie:ms lauren law@fastclick.net/ ]
        C:\USERS\MS LAUREN LAW\Cookies\M7FFZQK4.txt [ Cookie:ms lauren law@youporn.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\JO5SKGAC.txt [ Cookie:ms lauren law@de.partypoker.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\42R09K1H.txt [ Cookie:ms lauren law@doubleclick.net/ ]
        C:\USERS\MS LAUREN LAW\Cookies\IV9WQBJM.txt [ Cookie:ms lauren law@www.youporn.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\IBWMCMCU.txt [ Cookie:ms lauren law@www.usenext.de/ ]
        C:\USERS\MS LAUREN LAW\Cookies\024Q7JNZ.txt [ Cookie:ms lauren law@apmebf.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\8UC650DI.txt [ Cookie:ms lauren law@partypoker.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\X93X1RIP.txt [ Cookie:ms lauren law@zanox.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\ZVPP3UXE.txt [ Cookie:ms lauren law@forum.usenext.de/ ]
        C:\USERS\MS LAUREN LAW\Cookies\DJXPEQR3.txt [ Cookie:ms lauren law@oracle.112.2o7.net/ ]
        C:\USERS\MS LAUREN LAW\Cookies\NYRKDB5B.txt [ Cookie:ms lauren law@smartadserver.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\SUVW7D4B.txt [ Cookie:ms lauren law@rts.pgmediaserve.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\Q7CFTT4D.txt [ Cookie:ms lauren law@exoclick.com/ ]
        C:\USERS\MS LAUREN LAW\Cookies\0OHRAM65.txt [ Cookie:ms lauren law@www.usenext.com/ ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.360YIELD[1].TXT [ /AD.360YIELD ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.SPORTWERK[1].TXT [ /ADS.SPORTWERK ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.MOVECO[1].TXT [ /ADS.MOVECO ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.E-PLANNING[1].TXT [ /ADS.E-PLANNING ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@TELE2DE.112.2O7[1].TXT [ /TELE2DE.112.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@WEBORAMA[1].TXT [ /WEBORAMA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.MIKINIMEDIA[2].TXT [ /ADS.MIKINIMEDIA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADSERVER.ADREACTOR[1].TXT [ /ADSERVER.ADREACTOR ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.DYNTRACKER[2].TXT [ /AD.DYNTRACKER ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@STAT.HEIMAT[2].TXT [ /STAT.HEIMAT ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADSERVER2.CLIPKIT[1].TXT [ /ADSERVER2.CLIPKIT ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@E-2DJ6WCLIWOC5CHP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WCLIWOC5CHP.STATS.ESOMNITURE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@STATS.D-P-H[1].TXT [ /STATS.D-P-H ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@VIACOM.ADBUREAU[2].TXT [ /VIACOM.ADBUREAU ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.TRAFFIKINGS[1].TXT [ /ADS.TRAFFIKINGS ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@GOTACHA.ROTATOR.HADJ7.ADJUGGLER[2].TXT [ /GOTACHA.ROTATOR.HADJ7.ADJUGGLER ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.CLICMANAGER[1].TXT [ /ADS.CLICMANAGER ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.COSMOTOURIST[2].TXT [ /ADS.COSMOTOURIST ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.AD4GAME[2].TXT [ /ADS.AD4GAME ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@NAKED[1].TXT [ /NAKED ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.LEADBOLT[1].TXT [ /AD.LEADBOLT ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.REKLAMPORT[2].TXT [ /AD.REKLAMPORT ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@E-2DJ6WMK4OMD5IEP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WMK4OMD5IEP.STATS.ESOMNITURE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@VODAFONEGROUP.122.2O7[1].TXT [ /VODAFONEGROUP.122.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.CARPOOLING[1].TXT [ /ADS.CARPOOLING ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@DEUTSCHEPOSTAG.112.2O7[1].TXT [ /DEUTSCHEPOSTAG.112.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@HARRENMEDIANETWORK[1].TXT [ /HARRENMEDIANETWORK ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ELITEPARTNER.TT.OMTRDC[2].TXT [ /ELITEPARTNER.TT.OMTRDC ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@PARSHIP.122.2O7[1].TXT [ /PARSHIP.122.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@MICROSOFTWLSEARCHCRM.112.2O7[1].TXT [ /MICROSOFTWLSEARCHCRM.112.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ELITEPARTNER[1].TXT [ /ELITEPARTNER ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.US.E-PLANNING[1].TXT [ /ADS.US.E-PLANNING ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ALBUMPRINTER.122.2O7[1].TXT [ /ALBUMPRINTER.122.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.WSOD[2].TXT [ /AD.WSOD ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.YOUPORN.VIDEOBOX[1].TXT [ /AD.YOUPORN.VIDEOBOX ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@CHEAPTICKETS.122.2O7[1].TXT [ /CHEAPTICKETS.122.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@TRACKING.DC-STORM[1].TXT [ /TRACKING.DC-STORM ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@NEDSTAT.HOSTELBOOKERS[2].TXT [ /NEDSTAT.HOSTELBOOKERS ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.FLING[1].TXT [ /ADS.FLING ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@STAT.CULTUREBASE[1].TXT [ /STAT.CULTUREBASE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@NEDSTAT.HOSTELBOOKERS[1].TXT [ /NEDSTAT.HOSTELBOOKERS ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@TRACKING.BMBFCLUSTER[1].TXT [ /TRACKING.BMBFCLUSTER ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.MITFAHRZENTRALE[1].TXT [ /ADS.MITFAHRZENTRALE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@LIVEPERSON[5].TXT [ /LIVEPERSON ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@COFIDIS2.SOLUTION.WEBORAMA[2].TXT [ /COFIDIS2.SOLUTION.WEBORAMA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.ALLVOICES[1].TXT [ /AD.ALLVOICES ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@LEGOLAS-MEDIA[1].TXT [ /LEGOLAS-MEDIA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.IADMANAGER[2].TXT [ /ADS.IADMANAGER ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.HORYZON-MEDIA[2].TXT [ /ADS.HORYZON-MEDIA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@INTERCLICK[1].TXT [ /INTERCLICK ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@MONOPRIX.SOLUTION.WEBORAMA[2].TXT [ /MONOPRIX.SOLUTION.WEBORAMA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.TRAVEL-OVERLAND[1].TXT [ /ADS.TRAVEL-OVERLAND ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.ADK2[2].TXT [ /ADS.ADK2 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@MEDIA.PHOTOBUCKET[1].TXT [ /MEDIA.PHOTOBUCKET ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADSRV.ADMEDIATE[2].TXT [ /ADSRV.ADMEDIATE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@TOYOTA2.SOLUTION.WEBORAMA[2].TXT [ /TOYOTA2.SOLUTION.WEBORAMA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@CLICKBANK[1].TXT [ /CLICKBANK ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADSERVER.YOPI[1].TXT [ /ADSERVER.YOPI ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@WWW.GOOGLEADSERVICES[10].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@WWW.GOOGLEADSERVICES[8].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.CPXADROIT[2].TXT [ /ADS.CPXADROIT ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@PORNME[2].TXT [ /PORNME ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@TRACK.WEBTREKK[2].TXT [ /TRACK.WEBTREKK ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.UNDERTONE[2].TXT [ /ADS.UNDERTONE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@DEALTIME[1].TXT [ /DEALTIME ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.STARTSEITEN24[1].TXT [ /ADS.STARTSEITEN24 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@WWW.MESSENGERDUSEXE[1].TXT [ /WWW.MESSENGERDUSEXE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@NEXTAG[1].TXT [ /NEXTAG ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.LZJL[2].TXT [ /ADS.LZJL ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@PORNHUB[2].TXT [ /PORNHUB ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@CDN5.SPECIFICCLICK[1].TXT [ /CDN5.SPECIFICCLICK ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADSERVER.WEBMASTERBOND[1].TXT [ /ADSERVER.WEBMASTERBOND ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD1.ADFARM.ADTELLIGENCE[2].TXT [ /AD1.ADFARM.ADTELLIGENCE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@AD.BEEPWORLD[2].TXT [ /AD.BEEPWORLD ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@TRACKING.STAR-ADVERTISING[2].TXT [ /TRACKING.STAR-ADVERTISING ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ATDMT.COMBING[1].TXT [ /ATDMT.COMBING ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@HORYZON-MEDIA[1].TXT [ /HORYZON-MEDIA ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADSRV1.ADMEDIATE[1].TXT [ /ADSRV1.ADMEDIATE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@EAS4.EMEDIATE[1].TXT [ /EAS4.EMEDIATE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@E-2DJ6WJLYAHD5GLP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WJLYAHD5GLP.STATS.ESOMNITURE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.MOVIEASE[1].TXT [ /ADS.MOVIEASE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@112.2O7[1].TXT [ /112.2O7 ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@WWW.GOOGLEADSERVICES[11].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADS.CINEMADEN[1].TXT [ /ADS.CINEMADEN ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@BANNER.TESTBERICHTE[1].TXT [ /BANNER.TESTBERICHTE ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADVERTSTREAM[1].TXT [ /ADVERTSTREAM ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@GIRLSTEACHSEX[2].TXT [ /GIRLSTEACHSEX ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@TRACKING.TCHIBO[1].TXT [ /TRACKING.TCHIBO ]
        C:\USERS\MS LAUREN LAW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS_LAUREN_LAW@ADSERV.QUALITY-CHANNEL[2].TXT [ /ADSERV.QUALITY-CHANNEL ]
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.05.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ms Lauren Law :: MSLAURENLAW [Administrator]

05.04.2012 23:19:22
mbam-log-2012-04-05 (23-19-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 384234
Laufzeit: 1 Stunde(n), 24 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 06.04.2012 20:05
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

LaurenLaw 06.04.2012 20:15
Nein, Probleme gibt es nicht.
Die Cookies die nun in Quarantäne verschoben wurden kann ich löschen oder?
Gut, ich guck mir das mal an was du vorgeschlagen hast.

Und ich danke dir GANZ HERZLICH für deine Zeit und Hilfe!! Ich finds echt toll, dass es diese Seite gibt und ihr/ du sowas mach(s)t.

Und soll ich all die runtergeladenen Sachen aufm PC lassen, für den Fall, dass nochmal was passiert?

Bei dem Cookie Culler steht nicht, dass es für Windows 7 ist. Kann ich das trotzdem runterladen?

cosinus 06.04.2012 20:52
Ja die Cookies können weg.
Dre CookieCuller ist für den Firefox, das ist betriebssystemunabhängig. Nimm die neuere Version falls chip da noch was altes hat => http://filepony.de/download-cookie_culler/

Wichtig ist halt, dass du die Cookies die bleiben sollen über den CookieCuller schützen lässt (Protection On einzustellen bei Extras => CookieCuller), das kannst du zB bei FaceBook, Trojaner-Board oder allen anderen Seiten machen lassen wo es Cookies für das automatische Login erfordert. Ist nur etwas umständlich, denn bisher weiß ich nur, dass man jedes Cookies einzeln manuell schützen muss, ist anfangs etwas viel Klickarbeit je nachdem wie viele Cookies man schützen lassen muss/will
Anschließend muss der CookieCuller so konfiguriert werden, dass er jedes Mal beim FF-Start alle nicht geschützten Cookies löscht (Extras, Addons, CookiesCuller Einstellungen, Haken seiten bei "Delete unprotected Cookies on Startup")

Das im Zusammenspiel mit MVPS Hosts-Datei, die du alle paar Wochen mal aktuell hälst ist schon eine gute Grundkonfig. Viele TrackingCookies kommen duch die Hosts nicht mehr rein und alle ungeschützen Cookies werden beim nächsten FF-Start gelöscht


Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

LaurenLaw 06.04.2012 21:55
Na, da hab ich ja noch ne Menge zu tun. :)

Wenn ich auf combofix / uninstall gehe, kann ich das nur "als Administrator ausführen" und werde dann immer gefragt ob ich zulassen möchte, dass das Programm Änderungen am computer vornimmt. Wenn ich dann auf Ja klicke, dann gehts los und dann piept es und ich werde gewarnt dass Avira und SuperAntiSpyware aktiv sind und ich solle sie ausschalten bevor ich auf okay drücke... Was soll ich tun?

cosinus 06.04.2012 22:06
Superantispyware sollte du wieder deinstallieren!

Die Bereinigung von OTL sollte CF auch kicken. Ansonsten

Downloade dir bitte CF_UNINST.exe und speichere diese auf deinem Desktop.
  • Starte die CF_UNINST.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Folge den Anweisungen auf dem Desktop.
  • Wenn das Tool fertig ist sollte sich ein Fenster mit folgendem Inhalt öffnen: Done

LaurenLaw 06.04.2012 22:22
Alles klar, dann versuch ichs mal mit OTL.

DANKE!


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55