Hier das OTL logfile
OTL Logfile: Code:
OTL logfile created on: 07.05.2012 13:02:52 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Bro\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,25% Memory free
9,72 Gb Paging File | 7,69 Gb Available in Paging File | 79,14% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 8,23 Gb Free Space | 14,04% Space Free | Partition Type: NTFS
Drive D: | 397,30 Gb Total Space | 235,69 Gb Free Space | 59,32% Space Free | Partition Type: NTFS
Drive X: | 48,98 Gb Total Space | 27,70 Gb Free Space | 56,56% Space Free | Partition Type: FAT32
Drive Y: | 96,00 Gb Total Space | 71,21 Gb Free Space | 74,18% Space Free | Partition Type: NTFS
Drive Z: | 6,99 Gb Total Space | 0,15 Gb Free Space | 2,13% Space Free | Partition Type: FAT32
Computer Name: DELL | User Name: Bro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.05.03 09:56:49 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Bro\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\Programms on D\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.07.31 11:55:25 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- D:\Programms on D\TrueCrypt.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.09 11:42:32 | 000,073,728 | ---- | M] (Elo Touchsystems) -- C:\Windows\SysWOW64\EloSrvce.exe
PRC - [2009.09.30 18:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 18:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.23 11:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007.12.06 19:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012.04.20 14:08:56 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2012.04.20 14:08:20 | 000,075,384 | ---- | M] (Bitdefender) [On_Demand | Stopped] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2012.04.20 14:07:44 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012.04.20 14:07:18 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2011.01.12 09:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV:64bit: - [2011.01.12 09:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV:64bit: - [2010.02.22 07:47:37 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.01.22 08:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009.11.02 10:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.08.17 19:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.07.17 07:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.04.14 16:08:02 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programms on D\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- D:\Programms on D\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.11.03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.09 11:42:32 | 000,073,728 | ---- | M] (Elo Touchsystems) [Auto | Running] -- C:\Windows\SysWOW64\EloSrvce.exe -- (EloSystemService)
SRV - [2010.03.18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.22 07:44:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.30 18:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 18:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.23 11:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.09.08 09:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.06 19:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.04.20 14:10:10 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2012.04.20 14:10:03 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012.04.20 14:09:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012.04.20 14:09:37 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012.04.20 14:07:57 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012.04.20 14:07:44 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012.04.20 14:07:29 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2012.04.20 14:07:16 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.11.03 13:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.07.31 11:55:25 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.06 11:29:18 | 000,151,312 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncplelhp)
DRV:64bit: - [2010.06.25 14:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.05.25 07:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV)
DRV:64bit: - [2010.04.13 23:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.04.09 09:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.03.20 05:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.03.09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.26 21:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.22 06:26:13 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.22 08:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.01.22 08:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 07:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2010.01.09 01:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009.11.02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.11.01 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.09.28 07:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64) Oxford Semi eSATA Filter (x64)
DRV:64bit: - [2009.09.17 22:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.16 16:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.17 09:14:12 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.17 07:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 07:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.07.01 10:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 10:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 10:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 13:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.06.27 05:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 05:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006.07.24 14:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7FFF0F11-9689-4332-9A94-D052D5611BC8}
IE:64bit: - HKLM\..\SearchScopes\{7FFF0F11-9689-4332-9A94-D052D5611BC8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {F140DA4C-B876-480E-ADB2-20C59AE72724}
IE - HKLM\..\SearchScopes\{F140DA4C-B876-480E-ADB2-20C59AE72724}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {7FFF0F11-9689-4332-9A94-D052D5611BC8}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {7FFF0F11-9689-4332-9A94-D052D5611BC8}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Bro\Desktop
IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\..\SearchScopes,DefaultScope = {0178DB44-AD3E-478E-BED6-DA9D39AF251C}
IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\..\SearchScopes\{0178DB44-AD3E-478E-BED6-DA9D39AF251C}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "TO-Search-Engine-world Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2393657&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google Deutschland"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 4444
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 4444
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 4444
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4444
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4444
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 4444
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4444
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programms on D\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012.04.20 14:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 15:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 10:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Programms on D\Thunderbird\components [2012.02.24 12:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Programms on D\Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012.04.20 14:12:52 | 000,000,000 | ---D | M]
[2010.02.11 18:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Extensions
[2011.08.22 17:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\0jlqn9ab.I2P\extensions
[2011.08.22 17:41:13 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\0jlqn9ab.I2P\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.05 16:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\23a5mxjj.Tor2\extensions
[2011.10.13 10:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2011.10.13 10:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2012.05.05 16:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\extensions
[2011.08.22 17:40:03 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.03.28 16:13:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\extensions\foxyproxy@eric.h.jung
[2011.05.09 11:42:21 | 000,002,454 | ---- | M] () -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\searchplugins\google-deutschland.xml
[2011.05.09 11:42:21 | 000,002,060 | ---- | M] () -- C:\Users\Bro\AppData\Roaming\Mozilla\Firefox\Profiles\mx8f5eqw.default\searchplugins\google-uae.xml
[2012.01.06 14:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MX8F5EQW.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.03.17 15:35:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.30 14:32:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 14:32:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 14:32:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 14:32:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 14:32:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 14:32:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.02.22 08:17:46 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programms on D\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000..\Run: [TrueCrypt] D:\Programms on D\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\AMS User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2630974760-3139779024-3459414890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.42.3.33 141.42.2.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6B3A2C-EFE6-492F-8773-D271A4153DA8}: DhcpNameServer = 141.42.3.33 141.42.2.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29694DF3-1B17-4DB2-9273-B537D9C77A5D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC49198-987D-4635-8C67-51AC97FDA001}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC985235-42D8-4DCD-A170-B21049B42ED3}: DhcpNameServer = 80.227.2.2 80.227.2.3
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1715cc3e-7b88-11e0-98d9-ece866e31532}\Shell - "" = AutoRun
O33 - MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\Shell - "" = AutoRun
O33 - MountPoints2\{1715cc4d-7b88-11e0-98d9-ece866e31532}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{20b11de5-78b9-11e0-8ad1-e3bf5428e8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{48c57852-7a1d-11e0-af5d-f3d0ebe0ff2d}\Shell - "" = AutoRun
O33 - MountPoints2\{48c57861-7a1d-11e0-af5d-f3d0ebe0ff2d}\Shell - "" = AutoRun
O33 - MountPoints2\{70eb0b0f-78d2-11e0-94c4-d71f93b3bcc5}\Shell - "" = AutoRun
O33 - MountPoints2\{8c28c940-7ad6-11e0-8bca-81f349cb987d}\Shell - "" = AutoRun
O33 - MountPoints2\{8c28c948-7ad6-11e0-8bca-81f349cb987d}\Shell - "" = AutoRun
O33 - MountPoints2\{94ad5164-78d0-11e0-8741-ed858143fe36}\Shell - "" = AutoRun
O33 - MountPoints2\{9d89f51b-7a05-11e0-a29f-ebc4339abb22}\Shell - "" = AutoRun
O33 - MountPoints2\{9d89f529-7a05-11e0-a29f-ebc4339abb22}\Shell - "" = AutoRun
O33 - MountPoints2\{a4e62c6d-1ee9-11e0-ba9c-a4862506527b}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a975a5-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a975cd-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a975dc-7acb-11e0-8b85-88760c880a3b}\Shell - "" = AutoRun
O33 - MountPoints2\{c10be5b1-a68f-11df-b4b9-0026b920e068}\Shell - "" = AutoRun
O33 - MountPoints2\{c7dd1578-7a75-11e0-86cf-b7384ae2f7c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c7dd1588-7a75-11e0-86cf-b7384ae2f7c7}\Shell - "" = AutoRun
O33 - MountPoints2\{d4dc76cd-5ec1-11e0-87a6-cfb768120c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\Shell - "" = AutoRun
O33 - MountPoints2\{de3f1975-7e31-11e1-b35d-0026b920e068}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm
O33 - MountPoints2\{f7d47cab-7e0c-11e0-8b76-f913fbf6b82b}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\hbm2008/index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - StartUpFolder: C:^Users^Bro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Bro\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: prwntdrv - Reg Error: Value error.
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: prwntdrv - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: prwntdrv - Reg Error: Value error.
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: prwntdrv - Reg Error: Value error.
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.05.07 12:58:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Bro\Desktop\OTL.exe
[2012.05.06 14:44:35 | 000,000,000 | ---D | C] -- C:\Users\Bro\Desktop\Trojaner
[2012.05.04 09:03:56 | 000,000,000 | ---D | C] -- C:\Users\Bro\Desktop\Paper Guidelines
[2012.05.03 09:47:07 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\Malwarebytes
[2012.05.03 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 09:46:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.29 10:25:07 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\tor
[2012.04.29 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Local\Vidalia
[2012.04.25 17:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.04.25 16:47:33 | 000,000,000 | ---D | C] -- C:\Users\Bro\Desktop\tests
[2012.04.20 14:25:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.20 14:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012.04.20 14:10:03 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012.04.20 14:09:56 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012.04.20 14:09:37 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012.04.20 14:07:44 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.04.20 14:07:39 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2012.04.20 14:07:29 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012.04.20 14:07:16 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2012.04.20 13:39:02 | 000,000,000 | ---D | C] -- C:\BDLOGS
[2012.04.20 13:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2012.04.20 13:35:24 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\Bitdefender
[2012.04.20 13:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012.04.20 13:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012.04.17 10:58:09 | 000,000,000 | ---D | C] -- C:\Users\Bro\AppData\Roaming\vlc
[2012.04.17 10:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Bro\Desktop\*.tmp files -> C:\Users\Bro\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.05.07 12:59:57 | 000,029,889 | ---- | M] () -- C:\Users\Bro\Desktop\Capture.JPG
[2012.05.07 12:59:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.07 12:50:36 | 000,525,547 | ---- | M] () -- C:\Users\Bro\Desktop\aaaa.pdf
[2012.05.07 12:25:32 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.05.07 11:55:08 | 000,095,024 | ---- | M] () -- C:\Users\Bro\Desktop\Wunschkennzeichen Berlin.JPG
[2012.05.07 09:33:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 09:33:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 09:24:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.07 09:24:11 | 3111,514,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.07 09:10:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.05.07 09:10:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.05.06 13:23:15 | 000,798,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.06 13:23:15 | 000,675,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.06 13:23:15 | 000,125,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.03 09:56:49 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Bro\Desktop\OTL.exe
[2012.04.29 14:41:01 | 000,011,207 | ---- | M] () -- C:\Users\Bro\Desktop\DATA_MCMC_WIL.spv
[2012.04.29 14:34:40 | 000,012,788 | ---- | M] () -- C:\Users\Bro\Desktop\DATA_MCMC.sav
[2012.04.26 16:01:41 | 000,659,511 | ---- | M] () -- C:\Users\Bro\Desktop\DATA_MCMC_NV.spv
[2012.04.20 14:10:03 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012.04.20 14:09:56 | 000,545,064 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012.04.20 14:09:37 | 000,329,800 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012.04.20 14:07:44 | 000,258,736 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012.04.20 14:07:39 | 000,090,192 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2012.04.20 14:07:29 | 000,079,952 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012.04.20 14:07:16 | 000,442,088 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2012.04.20 13:58:25 | 000,307,684 | ---- | M] () -- C:\ProgramData\1334921041.bdinstall.bin
[2012.04.20 13:37:02 | 000,000,262 | -H-- | M] () -- C:\bdr-conf
[2012.04.20 13:35:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012.04.20 13:15:17 | 000,552,497 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2012.04.19 11:45:06 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.04.19 11:45:05 | 000,000,728 | ---- | M] () -- C:\Users\Bro\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Bro\Desktop\*.tmp files -> C:\Users\Bro\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.05.07 12:59:44 | 000,029,889 | ---- | C] () -- C:\Users\Bro\Desktop\Capture.JPG
[2012.05.07 12:50:36 | 000,525,547 | ---- | C] () -- C:\Users\Bro\Desktop\aaaa.pdf
[2012.05.07 11:55:08 | 000,095,024 | ---- | C] () -- C:\Users\Bro\Desktop\Wunschkennzeichen Berlin.JPG
[2012.05.07 09:25:49 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.04.29 14:41:01 | 000,011,207 | ---- | C] () -- C:\Users\Bro\Desktop\DATA_MCMC_WIL.spv
[2012.04.26 16:02:55 | 000,012,788 | ---- | C] () -- C:\Users\Bro\Desktop\DATA_MCMC.sav
[2012.04.26 16:01:39 | 000,659,511 | ---- | C] () -- C:\Users\Bro\Desktop\DATA_MCMC_NV.spv
[2012.04.20 13:58:25 | 000,307,684 | ---- | C] () -- C:\ProgramData\1334921041.bdinstall.bin
[2012.04.20 13:37:02 | 000,000,262 | -H-- | C] () -- C:\bdr-conf
[2012.04.20 13:37:01 | 026,550,299 | -H-- | C] () -- C:\bdrescue.gz
[2012.04.20 13:37:01 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm
[2012.04.20 13:37:01 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2012.04.20 13:37:01 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2012.04.20 13:35:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012.04.07 16:11:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 11:37:21 | 000,013,600 | ---- | C] () -- C:\Windows\SysWow64\sasperf.dll
[2012.01.03 17:05:25 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\EloSetOptions.exe
[2012.01.03 16:54:55 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\H264VDEC.dll
[2012.01.03 16:54:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\fileconvert.exe
[2011.12.25 19:33:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.09.26 08:37:02 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.09.26 08:37:02 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.06.24 18:57:03 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.06.24 18:57:03 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.05.31 14:53:28 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI
[2011.04.25 08:19:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.25 08:19:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.23 08:57:25 | 000,552,497 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.04.18 08:58:42 | 000,143,055 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.04.18 08:58:42 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.04.04 16:35:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.03.24 16:23:04 | 000,006,577 | ---- | C] () -- C:\Users\Bro\AppData\Roaming\Microsoft Excel 97-2003.EML
[2010.08.04 09:19:56 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
========== LOP Check ==========
[2010.10.02 09:54:11 | 000,000,000 | -HSD | M] -- C:\Users\Bro\AppData\Roaming\.#
[2011.09.12 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\.purple
[2011.03.24 13:37:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\1&1
[2012.04.20 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Bitdefender
[2011.06.29 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\DAEMON Tools Pro
[2012.04.27 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Dropbox
[2012.03.16 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\elsterformular
[2012.05.04 11:04:12 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\EndNote
[2011.12.25 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Epson
[2010.12.12 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Feedreader
[2011.08.16 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\FRITZ!
[2011.09.02 12:35:28 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\GlarySoft
[2011.08.15 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\gnupg
[2012.01.21 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC
[2011.02.26 09:39:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.05.06 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\i2p
[2011.08.10 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\JonDo
[2011.06.26 16:52:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\LANCOM
[2010.02.13 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Lexmark
[2010.07.01 17:07:53 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Mp3tag
[2010.10.21 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia
[2010.10.21 08:19:58 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia Ovi Suite
[2011.11.15 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Outlook
[2010.10.21 08:18:30 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PC Suite
[2011.05.25 10:05:47 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PCDr
[2011.10.18 09:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PersBackup5
[2011.04.23 09:12:13 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\QuickScan
[2010.02.12 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Samsung
[2012.04.04 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SAS
[2011.10.05 08:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SPSSInc
[2011.05.02 07:07:22 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Stardock
[2010.12.19 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TeamViewer
[2011.05.11 06:41:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Telefónica
[2011.09.17 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Thunderbird
[2011.11.01 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TrueCrypt
[2012.05.07 12:25:32 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.04.19 11:45:06 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.03.03 12:25:35 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.10.02 09:54:11 | 000,000,000 | -HSD | M] -- C:\Users\Bro\AppData\Roaming\.#
[2011.09.12 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\.purple
[2011.03.24 13:37:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\1&1
[2010.02.16 11:28:39 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\ABBYY
[2012.04.09 16:00:45 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Adobe
[2010.02.11 01:37:21 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\ATI
[2012.04.20 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Bitdefender
[2010.02.14 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Creative
[2011.06.29 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\DAEMON Tools Pro
[2011.05.25 10:15:23 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Dell
[2012.04.27 17:10:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Dropbox
[2010.11.21 22:33:24 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\dvdcss
[2012.03.16 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\elsterformular
[2012.05.04 11:04:12 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\EndNote
[2011.12.25 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Epson
[2010.12.12 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Feedreader
[2011.08.16 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\FRITZ!
[2011.09.02 12:35:28 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\GlarySoft
[2011.08.15 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\gnupg
[2011.04.18 09:07:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HP
[2012.01.21 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC
[2011.02.26 09:39:33 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.05.06 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\i2p
[2010.02.11 01:36:46 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Identities
[2010.04.24 10:55:08 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\InstallShield
[2011.08.10 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\JonDo
[2011.06.26 16:52:15 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\LANCOM
[2010.02.13 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Lexmark
[2011.07.07 09:30:23 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Logishrd
[2011.07.07 09:30:23 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Logitech
[2012.05.07 10:13:18 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Macromedia
[2012.05.03 09:47:07 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Media Center Programs
[2010.12.13 14:09:58 | 000,000,000 | --SD | M] -- C:\Users\Bro\AppData\Roaming\Microsoft
[2010.02.11 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Mozilla
[2010.07.01 17:07:53 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Mp3tag
[2010.05.03 12:32:44 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nero
[2010.10.21 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia
[2010.10.21 08:19:58 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Nokia Ovi Suite
[2011.11.15 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Outlook
[2010.10.21 08:18:30 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PC Suite
[2011.05.25 10:05:47 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PCDr
[2011.10.18 09:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\PersBackup5
[2011.04.23 09:12:13 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\QuickScan
[2010.02.14 19:22:09 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Reallusion
[2010.02.11 01:37:27 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Roxio
[2010.02.20 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Roxio Log Files
[2010.02.12 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Samsung
[2012.04.04 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SAS
[2012.03.22 18:09:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Skype
[2010.08.13 14:00:32 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\skypePM
[2011.10.05 08:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\SPSSInc
[2011.05.02 07:07:22 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Stardock
[2010.12.19 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TeamViewer
[2011.05.11 06:41:14 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Telefónica
[2011.09.17 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Thunderbird
[2012.04.29 10:25:39 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\tor
[2011.11.01 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\TrueCrypt
[2010.08.13 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\U3
[2012.04.17 11:06:43 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\vlc
[2011.05.05 15:48:18 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\VMware
[2012.05.07 09:18:51 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\Winamp
[2010.02.11 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Bro\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bro\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bro\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.16 09:42:13 | 006,232,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bro\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.01.17 17:03:35 | 054,303,944 | ---- | M] (Dell Inc) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_16_64_02.exe
[2012.02.10 14:04:17 | 055,252,360 | ---- | M] (Dell Inc) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_23_64_01.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\018a0687-7541-45a7-85d6-0e7c83c0ec2e\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\13635bc9-9c22-49d5-9123-e3babc046dc7\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\41c51aca-4f44-406f-a40a-ed48026bface\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\4785ee4d-388a-4f61-9575-bdd209ee1f01\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\4b578d8f-44cf-457a-9198-0cee61b9ed71\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\54e1cb35-ad90-4d36-ba96-9f2049d62a7c\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\593ce758-d828-4be0-9c22-c5b7b2e27909\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\63e26ee6-2818-4c65-a696-83aa77aaeab5\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\6fa49e2a-450c-4dcc-bf0a-cf4f240b96d9\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\8179cbe7-daa1-48b0-a20f-ab343fe80889\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\85216421-7966-4aa3-b6ca-87c3dd9f07e4\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\919870c9-5eb7-4ead-800d-2402359c1128\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\92ed900e-d09a-4df7-b3fb-34b68f95f6fd\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\a3fe7807-1d07-4843-ba48-c29fc28f325d\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\a6cd0136-c12e-4efe-90bb-4a318abd6d06\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\bd8cd5b5-fbab-4709-a26d-0c31d692a01b\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\d0275b76-9580-4b10-9c65-78009d835e9e\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\dfe4fe48-09d5-4eed-b238-a9fad91dfcfe\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\fb440c28-ff06-46ca-b097-063ee7caf030\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Bro\AppData\Roaming\PCDr\Update\Rules\ff8d9117-b3f7-46df-ac13-13d1f3b343ff\au_5899_rules\AddCertificate.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2012.04.20 14:09:56 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< >
========== Files - Unicode (All) ==========
[2011.04.23 09:20:22 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011.04.23 09:20:22 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
< End of report > --- --- --- |