OTL Logfile: Code:
OTL logfile created on: 2/27/2012 5:13:18 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Roy Brosende\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.97 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.54% Memory free
7.93 Gb Paging File | 6.22 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 17.67 Gb Free Space | 23.71% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 67.95 Gb Free Space | 32.52% Space Free | Partition Type: NTFS
Drive F: | 43.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.86 Gb Total Space | 7.34 Gb Free Space | 93.43% Space Free | Partition Type: FAT32
Computer Name: ROYBROSENDE | User Name: Roy Brosende | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Roy Brosende\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Roy Brosende\AppData\Local\Skype\Skype.exe ()
PRC - C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Windows\SysWOW64\PrivacyProvider.exe ()
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\Roy Brosende\AppData\Local\Skype\Skype.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Windows\SysWOW64\PrivacyProvider.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCSUService) -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Suite Service) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (Common Toolkit Tools) -- C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe (SPAMfighter ApS)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PrivacyProvider) -- C:\Windows\SysWOW64\PrivacyProvider.exe ()
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (DCamUSBSTK02N) -- C:\Windows\SysNative\drivers\STK02NW2.sys (Syntek Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DCamUSBSTK02N) -- C:\Windows\SysWOW64\drivers\STK02NW2.sys (Syntek Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=mkg029
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=mkg029
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Roy Brosende\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Roy Brosende\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/05 17:35:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Roy Brosende\AppData\Roaming\5064 [2011/12/23 01:55:04 | 000,000,000 | ---D | M]
[2012/02/27 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/09/26 09:51:59 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/24 15:50:47 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
========== Chrome ==========
O1 HOSTS File: ([2012/02/24 16:39:27 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IPHider] C:\Program Files (x86)\IP Hider\IP Hider.exe (AllAnonymity)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Roy Brosende\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SkypeM] C:\Users\Roy Brosende\AppData\Local\Skype\Skype.exe ()
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [TrueCrypt Format] C:\Program Files\TrueCrypt\TrueCrypt Format.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat) - C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat ()
F3 - HKCU WinNT: Load - (C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat) - C:\Users\ROYBRO~1\LOCALS~1\Temp\msjdbk.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\PrivacyProvider.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89E8796B-8274-4B25-98B2-3FB563D7C2A1}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5333A44-DF73-4096-BB82-8B9416A91323}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E694AB6D-D493-4C90-9B1E-19E195AD66EA}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/11 19:53:06 | 000,000,119 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5cb1f002-d893-11e0-88b9-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{5cb1f002-d893-11e0-88b9-001e101fe70e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O33 - MountPoints2\{6a7e63fb-bf13-11df-8744-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{8687afc9-bda0-11df-a625-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{8687b041-bda0-11df-a625-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{8687b041-bda0-11df-a625-e0cb4e1a695d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O33 - MountPoints2\{88753275-c0d1-11df-a33a-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6f2c54-bdab-11df-8733-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6f2c54-bdab-11df-8733-e0cb4e1a695d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O33 - MountPoints2\{fa49a2d5-0798-11e0-b8b7-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{fa49a2d8-0798-11e0-b8b7-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\{fa49a306-0798-11e0-b8b7-e0cb4e1a695d}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- [2009/07/23 15:55:39 | 000,266,240 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD96A00C-07B7-200B-E873-38DA012BAA53} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpReg: 41tskbwsf7wk - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe (ASUS)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012/02/27 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E9423F94-4279-4B5F-BE54-9355672BBB37}
[2012/02/27 16:27:54 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Roy Brosende\Desktop\OTL.exe
[2012/02/27 15:55:34 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DA1E80E3-2139-4671-BF63-9505CBBB6788}
[2012/02/27 15:33:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CFFDB1FE-5146-41CD-8300-4B6FA7DE3AB0}
[2012/02/27 15:19:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{86F00A49-FE60-4C74-9782-0EB6670CA2A0}
[2012/02/27 14:45:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5FD2F61A-03CF-469B-96E1-3C0100ADB354}
[2012/02/27 14:27:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D5D724C3-81BF-42D7-A0A1-3BFC2D7BDAFE}
[2012/02/27 14:26:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0833E140-D4FF-4D3E-AEFD-D9BDE4493CD6}
[2012/02/27 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\Local Settings
[2012/02/27 12:53:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{AF46B675-2D31-4D7F-A6F0-6634AB950C45}
[2012/02/27 09:03:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{EC485A61-6AED-4E6C-8B7C-1404DCEEFC48}
[2012/02/26 16:19:30 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1B698084-99E8-4992-A827-3D44A6D40FE9}
[2012/02/26 16:18:21 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{342BCCA6-3E6A-4CBF-8FC1-7173CE418117}
[2012/02/25 21:00:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{747A0650-F8C5-4DFE-BCC0-BFF76A5FEA7C}
[2012/02/25 20:59:39 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3464A5C1-23E9-4639-AA40-E3683DD6CC37}
[2012/02/25 12:14:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CA50481C-69BD-403B-8779-5970B2742798}
[2012/02/25 12:13:36 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{834028F8-AD63-43CB-A0F0-6732F28FDEFB}
[2012/02/24 16:45:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{AEECA24A-0B49-46FD-B90E-7CF5AD3F01F3}
[2012/02/24 09:00:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{F83FFFD4-DB78-4CCA-93D3-20AA4FB1CF23}
[2012/02/24 08:59:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{38F510C1-0B71-412D-9833-15858A687AF4}
[2012/02/23 20:07:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A8513F07-4C70-42F9-982B-B0C40B62052A}
[2012/02/23 20:06:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7CFCD396-93B8-48A7-80E1-9463C995CECC}
[2012/02/23 13:52:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Skype
[2012/02/23 13:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/23 13:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/23 13:52:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/23 13:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/23 12:50:59 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{75205D22-8DC6-4720-BE42-CB8F7431658C}
[2012/02/23 12:49:21 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{58FC2BE0-99DD-44A6-8828-E044B881B28A}
[2012/02/23 11:31:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E2E90245-B80C-439F-8BFB-B55D0A38E7D6}
[2012/02/23 11:17:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\LG Electronics
[2012/02/23 10:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2012/02/23 10:45:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E14AD96A-D55F-4A3E-9123-42B12DB47440}
[2012/02/23 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{840E639B-67FE-476C-98A3-92F6E4A7E25A}
[2012/02/23 00:12:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{B618BF5D-67A1-4A8F-8CCC-5A4AD33FCD8C}
[2012/02/23 00:10:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{207643FC-223B-4B36-84FA-778B8D861C46}
[2012/02/22 11:16:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3EFCFE5A-444E-49BE-A31C-77EB1707920B}
[2012/02/22 11:16:39 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{FB4D6AFD-F94A-46B9-9911-A1FD8BA38629}
[2012/02/21 21:18:31 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{099FA929-F274-4CBC-B192-61A399412A11}
[2012/02/21 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DB29821A-FEBE-4527-BBC7-514E0132B954}
[2012/02/21 10:22:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{89234E42-DEE7-42DA-A85C-6EFFBE265C2E}
[2012/02/20 08:26:38 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D6F9657E-4F58-4B4A-AE34-60E966F46CDA}
[2012/02/19 23:13:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8B99F6EC-A44C-4D76-969C-65316F768BFE}
[2012/02/19 23:13:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C72150DC-FDDF-42BB-81AB-4CC49BC37E44}
[2012/02/19 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2ED0E55C-5C29-4049-9A67-56F628710AFD}
[2012/02/19 10:37:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CE045442-5E6D-477B-8394-2F3883F4B2D0}
[2012/02/18 23:51:02 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C0336C4B-B718-42D4-8EF0-C8C9390EA4A6}
[2012/02/18 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DFCB984E-4A96-4E28-9EF1-65647377BF3C}
[2012/02/18 09:13:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6DC11982-32F8-4631-A50F-5AC8EB9977CB}
[2012/02/18 09:12:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{08D0A68D-B86A-43DC-B1E2-99DF4C6FB5A2}
[2012/02/17 23:46:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{9145081C-4B42-4542-A78B-33137AAB811C}
[2012/02/17 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{695A06BA-4970-42A7-8053-C424430DB099}
[2012/02/17 23:29:24 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C412740C-FCB4-4D86-BDB0-21AD5AA0FCE0}
[2012/02/17 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{E708EDD0-BC81-48B9-9F3F-11621DB50191}
[2012/02/17 07:24:03 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{858EA100-9428-4C73-95BE-FD2E87DE7FED}
[2012/02/17 07:22:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0B8DBCCC-7C58-483F-A19E-A4F2819AC887}
[2012/02/16 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3B8693BF-A673-453F-921D-8D6CEDB7C3C6}
[2012/02/16 16:33:54 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8B8B4995-25AE-40EA-B179-B848650FD3B5}
[2012/02/15 22:02:44 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DC85F983-6DFF-451C-8859-2D00D8FD1E43}
[2012/02/15 22:01:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{09436F09-0ECE-45D6-8E75-E670E299F44D}
[2012/02/15 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{40507E6D-9D55-49DA-A311-6E394AF212EB}
[2012/02/15 20:28:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3FA28DC5-D75F-4303-9504-8D0F54965F12}
[2012/02/15 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{4776A9A2-DC28-46C8-8B49-7FF4396548DA}
[2012/02/15 08:21:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{4DE84214-9E1F-40FB-B0C5-6EDBD7569D00}
[2012/02/14 19:28:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2EA3805A-4AE3-4D27-BD4C-36AAA0B35E0A}
[2012/02/14 19:25:13 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C41899DD-A185-4520-B258-B9E03E3CB7CB}
[2012/02/14 13:09:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DE725F49-578C-4940-9688-834B399C82FE}
[2012/02/14 12:19:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\Desktop\afro
[2012/02/14 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{298D5303-9EB1-435E-BEE7-C25C0B95E14A}
[2012/02/14 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{F24F6A6B-4C7C-450A-A041-E4F0875E8511}
[2012/02/14 08:21:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{DB2B26B1-B5A8-4343-BF10-2EFC90F0E415}
[2012/02/14 08:20:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{69765AC8-FC78-4307-AF4D-F84CA423323C}
[2012/02/13 23:11:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2BA74E46-C6B8-434F-9CB4-7C442B0FE5ED}
[2012/02/13 21:23:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{FB143C96-39BC-4200-84CA-D4A8E1991366}
[2012/02/13 21:22:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1C163D62-2323-4914-AFF0-FEF090272F26}
[2012/02/13 19:39:54 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2D12E1DA-2BD5-44A4-B126-863B71D8E956}
[2012/02/13 16:05:30 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BE0D2F7A-E0EB-4ED6-928A-DCC921042184}
[2012/02/13 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8D065C0A-F231-4436-BE64-538732CA9614}
[2012/02/13 15:14:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D1B70EA2-8E26-44CB-B8EF-33471A21EA39}
[2012/02/13 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5678C246-D749-4395-A9CA-1AC09490A7C7}
[2012/02/12 16:17:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{987FEDD9-07FD-4C92-AB47-CA66CDBB71AC}
[2012/02/11 08:53:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D42F60F1-8D59-49B8-AF0F-964F7226A02F}
[2012/02/11 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6DEBFBCE-C828-49E6-85E7-9BE4CAAE8C18}
[2012/02/10 13:20:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{4507B13B-64B2-4874-B346-B6A23101C74B}
[2012/02/10 11:48:25 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{9C21291B-670D-40F6-A83E-73739BFA70BC}
[2012/02/10 08:03:40 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A594623A-98D9-410B-8D7B-544C8CB3D699}
[2012/02/10 08:02:32 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3D07B83C-0BA6-49B8-8052-079694CE37A4}
[2012/02/10 00:24:10 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{079AF5C9-1AAD-4E12-97F0-B58F2F43BAB9}
[2012/02/10 00:22:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{61169325-636A-49D1-A741-A3A37A971EAB}
[2012/02/09 10:35:14 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{CA71ACDD-BA6B-4C2D-856F-BB2A510574CD}
[2012/02/09 10:34:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5102FB96-5AB6-41CB-A673-3BDC0284EE9E}
[2012/02/09 08:12:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{EB156F3A-DFFE-409D-BA71-EA6E2235D46E}
[2012/02/08 23:50:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6A60504B-66A4-4FEA-A66D-B0A1ECCCE87D}
[2012/02/08 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{02E14A2B-AA79-457D-A8E2-325061B3C0C6}
[2012/02/08 09:12:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7BE82F49-A4B9-45D7-8421-F55F1366687B}
[2012/02/07 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6472ED9B-EA1B-4293-B293-2EE6BC3793CC}
[2012/02/07 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{31B2F61C-79E7-42F5-8B24-615032339C54}
[2012/02/06 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BE860773-74C2-48DA-B96B-4921D57B43E4}
[2012/02/06 16:23:15 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C1A93E22-D619-4828-8186-DCEDAFBC7853}
[2012/02/06 16:22:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{770A2C07-317B-49A7-99AB-F8BE6AD3C251}
[2012/02/05 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{838D3395-F2F7-4238-A836-759490CCF85C}
[2012/02/05 18:09:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/05 17:58:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{89DB9C09-363E-4EE4-8492-1A03A4CFF6E8}
[2012/02/05 17:57:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\yahoo!
[2012/02/05 17:36:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\AVG2012
[2012/02/05 17:35:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/05 17:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/02/05 17:35:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/02/05 17:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/05 17:35:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/02/05 17:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/05 17:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/05 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Malwarebytes
[2012/02/05 17:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/05 17:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/05 17:13:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/05 17:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/05 16:53:50 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Security Monitor 2012
[2012/02/05 16:21:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6E7A3450-D531-44AD-BB34-D99BC03A228F}
[2012/02/05 16:19:25 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{638A2E26-1D50-4F3F-BE16-64DC90F98253}
[2012/02/05 07:11:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3669C25F-EE39-4681-AF02-10BAB086E7B9}
[2012/02/05 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A1948824-602C-4712-8378-F450EC079E83}
[2012/02/04 23:45:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1849E1EE-71BA-43D8-BCD2-1E77736ABDAA}
[2012/02/04 09:15:55 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5C200659-1827-44BC-8FE9-CA6E95762148}
[2012/02/04 09:14:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{A25FF2E7-52CE-4079-9E50-93C9DB3D80EC}
[2012/02/03 11:47:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0D8368BF-A674-438D-AE18-753575AC70A5}
[2012/02/03 09:33:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{81756FC0-C1EE-4EB6-AF56-44F4F68D6CE6}
[2012/02/03 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7DD15D7C-61C6-4894-AFCA-E4704E2FDFEB}
[2012/02/02 09:23:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3CE469FA-1264-4075-82AC-2BA58C506829}
[2012/02/01 20:14:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{33ED34E2-9BF8-4F7C-A2F9-7FC83BAC9954}
[2012/02/01 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{9D13B617-E49B-48BE-BB9C-D553FA48B0A6}
[2012/02/01 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BB2D96E6-F0DA-4078-A428-F8C68117817D}
[2012/02/01 19:22:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{95B680F4-25D7-444E-A1CD-9624FAA0F34A}
[2012/02/01 19:13:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{36B80E66-0BC5-4D7F-BC9C-3C69F49AC981}
[2012/02/01 19:12:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{099A3106-0D4B-4ABF-864F-545AAF8A31F8}
[2012/02/01 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6DA294B1-6A4E-42A8-8D3C-3415553A772C}
[2012/02/01 18:58:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{480DC3E9-6437-49A1-88AE-CEED591E47AD}
[2012/02/01 09:18:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{F8403F67-8384-4D8A-93EC-2CC492225801}
[2012/02/01 09:17:00 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{BACF5E9A-B478-43C0-BA8C-756B424D7446}
[2012/02/01 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{7906B29E-EB62-411D-9A60-72C5C5A42F3E}
[2012/02/01 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{8EB65AF1-D6EF-49A5-9ACD-E86AFBCEE7B2}
[2012/01/31 15:53:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{51C4F4D6-894E-4673-B038-409418BD0E58}
[2012/01/30 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C4E1485D-81E3-4B84-BB9B-B891EE05A8DE}
[2012/01/30 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{18C73919-AE38-49DE-8490-3621D7C81BD4}
[2012/01/30 09:29:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{2B5658E4-BD8E-42E3-A950-5DC74397B2DD}
[2012/01/30 09:29:40 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{0ADCD3A1-CECE-4FF6-9507-6976FDA99F42}
[2012/01/30 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{767EE086-20A8-4551-A1AF-59A92B12495A}
[2012/01/30 08:20:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{962DDB00-9370-47FA-966A-E7EADDF68967}
[2012/01/29 19:45:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{3B56515D-3FC8-4F4B-A6AB-3AA6A4470294}
[2012/01/29 19:45:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{86A99482-F0F9-41F1-8861-B93F22F62D56}
[2012/01/29 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{5CF2FBD1-E38D-4015-9D38-817BB2E7BF8C}
[2012/01/29 18:33:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{C698F113-5EFB-49FC-B02E-04857185C77C}
[2012/01/29 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\Desktop\Money
[2012/01/29 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\21Nova Casino
[2012/01/29 17:46:31 | 000,000,000 | ---D | C] -- C:\Casino
[2012/01/29 14:13:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{921A2F3D-41C2-4E65-8933-65D494DF5631}
[2012/01/29 14:11:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{535D7903-C26B-4936-B3C1-46DE8A7A1E79}
[2012/01/29 10:32:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{67A65665-8C0E-4097-B9E8-54B72258A21A}
[2012/01/29 10:31:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{1BA4135E-D8C7-4FF7-9D17-F402F0B11277}
[2012/01/29 10:11:36 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D7A8A6F7-F053-47E3-9941-D851BC1B95CD}
[2012/01/29 10:10:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{6B0D919E-862E-4EB4-8098-A8793E46FF91}
[2012/01/29 09:58:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{D7E29612-829F-4B39-8224-03A3B21BB289}
[2012/01/29 09:58:12 | 000,000,000 | ---D | C] -- C:\Users\Roy Brosende\AppData\Local\{21C7278F-4253-4DAB-BDF4-AD346B20DAA3}
[1 C:\Users\Roy Brosende\AppData\Roaming\*.tmp files -> C:\Users\Roy Brosende\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/27 17:16:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 17:16:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 17:13:06 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000UA.job
[2012/02/27 17:13:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000Core.job
[2012/02/27 17:12:52 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/27 17:12:52 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/02/27 17:12:52 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/27 17:12:52 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/02/27 17:12:52 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/27 17:11:10 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/02/27 17:09:51 | 000,001,952 | ---- | M] () -- C:\Windows\SysWow64\PrivacyProvider.ini
[2012/02/27 17:09:51 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2012/02/27 17:09:48 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-Roy Brosende-Startup.job
[2012/02/27 17:07:40 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/02/27 17:07:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 17:06:23 | 3193,733,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 16:17:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Brosende\Desktop\OTL.exe
[2012/02/27 14:23:04 | 000,002,648 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/02/27 13:03:44 | 090,228,105 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/24 17:14:23 | 000,086,514 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/24 16:39:27 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/23 20:03:00 | 000,001,565 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/02/23 13:52:05 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/23 11:00:11 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/22 12:36:56 | 000,000,748 | ---- | M] () -- C:\Users\Roy Brosende\Desktop\21Nova Casino.lnk
[2012/02/22 12:22:17 | 000,008,382 | ---- | M] () -- C:\Users\Roy Brosende\Desktop\molekulark_fa59c63b44.jpg
[2012/02/05 17:35:49 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/05 17:35:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 17:35:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/30 10:01:23 | 000,008,355 | ---- | M] () -- C:\Users\Roy Brosende\Desktop\roy2.jpg
[1 C:\Users\Roy Brosende\AppData\Roaming\*.tmp files -> C:\Users\Roy Brosende\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/27 13:03:44 | 090,228,105 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/24 17:14:23 | 000,086,514 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/23 13:52:05 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/23 10:56:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/02/23 10:56:46 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/22 12:36:56 | 000,000,748 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\21Nova Casino.lnk
[2012/02/22 12:22:16 | 000,008,382 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\molekulark_fa59c63b44.jpg
[2012/02/05 17:35:49 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/05 17:35:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 17:35:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/01/30 10:01:22 | 000,008,355 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\roy2.jpg
[2012/01/30 09:34:05 | 000,129,317 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\IMG_0014.JPG
[2012/01/30 09:34:05 | 000,099,611 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\IMG_0012.JPG
[2012/01/30 09:34:05 | 000,032,555 | ---- | C] () -- C:\Users\Roy Brosende\Desktop\4271611139_bigger_preview.jpg
[2012/01/29 18:27:07 | 000,000,792 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prestige Casino.lnk
[2012/01/29 18:23:20 | 000,000,785 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casino Del Rio.lnk
[2012/01/29 18:16:05 | 000,000,778 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\21Nova Casino.lnk
[2012/01/29 18:01:36 | 000,000,778 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winner Casino.lnk
[2012/01/29 17:46:34 | 000,000,799 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EuroGrand Casino.lnk
[2011/12/11 11:09:45 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/10/05 17:39:23 | 000,003,584 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/26 09:14:19 | 000,017,408 | ---- | C] () -- C:\Users\Roy Brosende\AppData\Local\WebpageIcons.db
[2011/01/25 12:24:43 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2011/01/25 12:24:34 | 002,740,224 | ---- | C] () -- C:\Windows\SysWow64\PrivacyProvider.exe
[2011/01/25 12:24:34 | 000,471,040 | ---- | C] () -- C:\Windows\SysWow64\RegisterLSP.exe
[2011/01/25 12:24:34 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\PrivacyProvider.dll
[2011/01/25 12:24:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2011/01/25 12:24:34 | 000,001,952 | ---- | C] () -- C:\Windows\SysWow64\PrivacyProvider.ini
[2010/11/17 12:43:36 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2010/11/17 09:42:48 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/10/12 11:42:31 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/12 11:10:58 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
========== LOP Check ==========
[2011/12/07 22:12:18 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5053
[2011/12/11 12:33:23 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5055
[2011/12/13 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5058
[2011/12/14 16:30:42 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5059
[2011/12/17 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5060
[2011/12/19 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5061
[2011/12/21 00:35:13 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5062
[2011/12/22 00:11:19 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5063
[2011/12/23 01:55:04 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\5064
[2011/05/23 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Asus WebStorage
[2012/02/05 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\AVG2012
[2011/07/24 15:50:45 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Easy MP3 Recorder
[2011/02/03 00:22:32 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\EeeStorageUploader
[2011/01/16 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Fighters
[2010/11/10 12:21:55 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\FILEminimizerPictures
[2011/12/14 10:08:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\FinalMediaPlayer
[2011/05/20 08:44:40 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\gtk-2.0
[2010/11/17 00:42:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\HDRsoft
[2011/12/07 22:11:58 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\kock
[2012/02/23 11:19:16 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\LG Electronics
[2010/09/25 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\LogoMaker
[2010/11/17 14:12:34 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\MAGIX
[2010/09/22 09:25:30 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Oniton
[2010/10/04 07:19:14 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Opera
[2010/11/07 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\PhotoFiltre
[2010/09/23 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\PhotoScape
[2012/02/05 17:20:23 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Security Monitor 2012
[2012/02/27 15:48:57 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\SoftGrid Client
[2011/12/20 23:47:28 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Systweak
[2011/05/23 16:37:36 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\temp
[2010/10/12 11:43:41 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\TP
[2011/01/14 14:36:59 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\TrueCrypt
[2012/01/03 12:27:37 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\UAs
[2010/09/30 19:11:43 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Ulead Systems
[2011/05/09 16:17:36 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Uniblue
[2010/09/11 13:44:12 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Vodafone
[2011/06/28 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\Windows Live Writer
[2012/01/23 15:50:07 | 000,000,000 | ---D | M] -- C:\Users\Roy Brosende\AppData\Roaming\xmldm
[2012/02/27 17:13:00 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000Core.job
[2012/02/27 17:13:06 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-330493832-1058910871-3210589070-1000UA.job
[2012/02/27 17:11:10 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012/02/03 09:29:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/27 17:09:48 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-Roy Brosende-Startup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/02/05 18:09:57 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010/12/26 11:42:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/04/27 17:00:49 | 000,000,000 | ---D | M] -- C:\04-27-2011_17-59
[2012/02/27 17:09:32 | 000,000,000 | -H-D | M] -- C:\asus.dat
[2009/07/29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/01/29 18:27:04 | 000,000,000 | ---D | M] -- C:\Casino
[2012/02/27 15:35:23 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/12/03 13:21:40 | 000,000,000 | ---D | M] -- C:\Intel
[2010/10/13 11:24:24 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010/11/17 13:42:54 | 000,000,000 | ---D | M] -- C:\output
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/29 18:40:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/02/27 17:10:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/02/27 14:26:09 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/09/11 13:31:08 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010/11/07 16:52:33 | 000,000,000 | RHSD | M] -- C:\sys07
[2012/02/27 15:43:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/12/03 13:28:33 | 000,000,000 | ---D | M] -- C:\Temp
[2010/12/26 11:42:30 | 000,000,000 | R--D | M] -- C:\Users
[2010/11/19 07:58:56 | 000,000,000 | ---D | M] -- C:\Vodafone
[2012/02/27 16:25:18 | 000,000,000 | ---D | M] -- C:\Windows
[2011/12/14 23:32:42 | 000,000,000 | ---D | M] -- C:\xmldm
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/12/03 13:26:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/12/03 13:26:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/12/03 13:26:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/12/03 13:26:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2009/06/04 11:54:35 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/06/04 11:54:35 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 11:54:35 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2011/05/20 08:51:07 | 000,001,458 | ---- | M] () -- C:\Users\Roy Brosende\.recently-used.xbel
[2012/02/27 17:35:54 | 002,359,296 | ---- | M] () -- C:\Users\Roy Brosende\ntuser.dat
[2012/02/27 17:35:54 | 000,262,144 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat.LOG1
[2010/09/11 13:32:34 | 000,000,000 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat.LOG2
[2010/09/11 14:11:03 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/09/11 14:11:03 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/09/11 14:11:03 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/10/13 11:23:24 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{2b541eb6-d6b2-11df-b5ba-001e101f2500}.TM.blf
[2010/10/13 11:23:24 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{2b541eb6-d6b2-11df-b5ba-001e101f2500}.TMContainer00000000000000000001.regtrans-ms
[2010/10/13 11:23:24 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{2b541eb6-d6b2-11df-b5ba-001e101f2500}.TMContainer00000000000000000002.regtrans-ms
[2010/12/21 13:22:29 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{56559298-0cfb-11e0-b344-e0cb4e1a695d}.TM.blf
[2010/12/21 13:22:29 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{56559298-0cfb-11e0-b344-e0cb4e1a695d}.TMContainer00000000000000000001.regtrans-ms
[2010/12/21 13:22:29 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{56559298-0cfb-11e0-b344-e0cb4e1a695d}.TMContainer00000000000000000002.regtrans-ms
[2010/11/22 12:53:45 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{6189f376-f62d-11df-8b17-001e101fb681}.TM.blf
[2010/11/22 12:53:45 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{6189f376-f62d-11df-8b17-001e101fb681}.TMContainer00000000000000000001.regtrans-ms
[2010/11/22 12:53:45 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{6189f376-f62d-11df-8b17-001e101fb681}.TMContainer00000000000000000002.regtrans-ms
[2010/10/20 10:13:17 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{7baf31a1-dc0e-11df-860e-001e101fabdd}.TM.blf
[2010/10/20 10:13:17 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{7baf31a1-dc0e-11df-860e-001e101fabdd}.TMContainer00000000000000000001.regtrans-ms
[2010/10/20 10:13:17 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{7baf31a1-dc0e-11df-860e-001e101fabdd}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 09:21:40 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{8e4472c1-c7b3-11df-b112-e0cb4e1a695d}.TM.blf
[2010/09/24 09:21:40 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{8e4472c1-c7b3-11df-b112-e0cb4e1a695d}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 09:21:40 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{8e4472c1-c7b3-11df-b112-e0cb4e1a695d}.TMContainer00000000000000000002.regtrans-ms
[2010/10/13 11:31:12 | 000,065,536 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{e41a5dbc-d6b2-11df-a841-001e101fb4df}.TM.blf
[2010/10/13 11:31:12 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{e41a5dbc-d6b2-11df-a841-001e101fb4df}.TMContainer00000000000000000001.regtrans-ms
[2010/10/13 11:31:12 | 000,524,288 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.dat{e41a5dbc-d6b2-11df-a841-001e101fb4df}.TMContainer00000000000000000002.regtrans-ms
[2010/09/11 13:32:35 | 000,000,020 | -HS- | M] () -- C:\Users\Roy Brosende\ntuser.ini
[2010/12/26 11:49:42 | 000,000,680 | RHS- | M] () -- C:\Users\Roy Brosende\ntuser.pol
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< End of report >
--- --- --- |
