OTL logfile created on: 28/02/2013 10:26:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elliot\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,46 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 59,34% Memory free 6,92 Gb Paging File | 5,43 Gb Available in Paging File | 78,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,67 Gb Total Space | 94,77 Gb Free Space | 32,95% Space Free | Partition Type: NTFS Drive D: | 8,41 Gb Total Space | 0,99 Gb Free Space | 11,76% Space Free | Partition Type: NTFS Drive P: | 600,00 Gb Total Space | 348,42 Gb Free Space | 58,07% Space Free | Partition Type: NTFS Drive R: | 150,00 Gb Total Space | 97,60 Gb Free Space | 65,07% Space Free | Partition Type: NTFS Drive S: | 150,00 Gb Total Space | 97,60 Gb Free Space | 65,07% Space Free | Partition Type: NTFS Drive U: | 600,00 Gb Total Space | 348,42 Gb Free Space | 58,07% Space Free | Partition Type: NTFS Computer Name: BIOTRONIK_PC046 | User Name: Alexandren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/02/28 10:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elliot\Desktop\OTL.exe PRC - [2013/02/20 10:54:07 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/02/08 12:57:37 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/11/21 15:53:56 | 000,052,040 | ---- | M] (CA) -- C:\Program Files\CA\ARCserve Backup\msgeng.exe PRC - [2011/11/21 15:53:04 | 000,037,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\ARCserve Backup\ASPortMapper\Catirpc.exe PRC - [2011/11/21 15:53:02 | 000,439,624 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\ARCserve Backup\CADS\casdscsvc.exe PRC - [2011/10/17 04:07:44 | 000,234,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE PRC - [2011/07/25 15:32:50 | 000,128,512 | ---- | M] (Open Text Corporation) -- C:\Program Files\RightFax\Client\FAXCTRL.exe PRC - [2011/04/01 09:46:40 | 000,681,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Agent\tmlisten.exe PRC - [2011/03/26 04:07:32 | 001,076,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe PRC - [2011/03/26 04:04:38 | 000,121,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/21 10:11:54 | 000,196,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe PRC - [2010/10/21 02:03:32 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe PRC - [2009/08/28 22:44:30 | 000,282,624 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe PRC - [2009/08/28 21:22:56 | 000,077,824 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2009/07/24 20:29:52 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe PRC - [2009/07/24 20:29:39 | 000,796,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe PRC - [2009/07/24 20:29:38 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe PRC - [2009/07/14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe PRC - [2009/06/17 13:53:38 | 000,253,952 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe PRC - [2009/06/17 13:53:34 | 000,212,992 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/02/20 10:54:07 | 003,067,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/02/14 09:01:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/02/13 17:51:37 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013/02/08 12:57:37 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2013/01/10 09:12:46 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll MOD - [2013/01/10 08:57:30 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 08:57:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 08:57:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 08:57:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 08:57:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013/01/09 17:53:19 | 001,616,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e6f1669a51fbf73520ae79dca19f005e\Microsoft.CSharp.ni.dll MOD - [2013/01/09 17:53:11 | 000,377,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ebd8e7de507b634d15b3e16614270f06\System.Dynamic.ni.dll MOD - [2013/01/09 17:53:07 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013/01/09 17:53:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013/01/09 17:53:00 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013/01/09 17:52:55 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2011/06/22 10:46:12 | 000,434,016 | ---- | M] () -- C:\PROGRA~1\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL MOD - [2011/01/03 20:53:26 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll MOD - [2011/01/03 20:53:26 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll MOD - [2010/11/13 01:58:36 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:58:34 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Drawing.resources.dll MOD - [2010/11/13 01:58:32 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll MOD - [2009/02/26 12:46:56 | 000,064,344 | ---- | M] () -- C:\PROGRA~1\MICROS~1\Office12\ADDINS\COLLEA~1.DLL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV - [2013/02/27 09:56:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/20 10:54:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2011/11/21 15:53:56 | 000,052,040 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\ARCserve Backup\msgeng.exe -- (CASMessageEngine) SRV - [2011/11/21 15:53:04 | 000,037,192 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\ARCserve Backup\ASPortMapper\Catirpc.exe -- (CASportmapper) SRV - [2011/11/21 15:53:02 | 000,439,624 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\ARCserve Backup\CADS\casdscsvc.exe -- (CASDiscovery) SRV - [2011/10/17 04:07:44 | 000,234,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE -- (Alert Notification Server) SRV - [2011/04/01 09:46:40 | 000,681,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Security Agent\tmlisten.exe -- (TmListen) SRV - [2011/02/23 18:07:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/08/28 21:22:56 | 000,077,824 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2009/07/24 20:29:52 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) SRV - [2009/07/24 20:29:38 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/17 13:53:38 | 000,253,952 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4677CAE-F5C1-460B-A8F9-2911E2F55492}\MpKsl0593925b.sys -- (MpKsl0593925b) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Elliot\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2011/05/05 16:21:58 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42) DRV - [2011/02/25 13:10:00 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2011/02/25 13:09:00 | 000,190,736 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2011/02/25 13:09:00 | 000,065,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/09/30 22:59:16 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2009/12/10 16:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) DRV - [2009/07/24 20:30:11 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/06/15 12:45:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/06/15 12:45:34 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/9 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/9 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3128284&SSPV=IEWSP04 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/9 IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3128284&octid=CT3128284&SearchSource=61&CUI=SB_CUI&UP=SP019D2A0E-D72C-444C-A07F-A5B6CEECB279&SSPV=IEWSP04 IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - No CLSID value found IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\SearchScopes,DefaultScope = {F355EBEF-3934-4362-A41C-AFD073DF7D9A} IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\SearchScopes\{4B49A9B1-087B-43E8-A209-33E24CABCABD}: "URL" = http://www.google.com/search?hl=en&q={searchTerms} IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3128284&SSPV=IEWSP04 IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\SearchScopes\{F355EBEF-3934-4362-A41C-AFD073DF7D9A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=fr_FR&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=747EC8F1-E975-45F9-B7D1-C43140C798B4&apn_sauid=75900C24-FE4B-452E-9219-1A65C1946DEF IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..CT3128284.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.fr" FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007 FF - prefs.js..extensions.enabledAddons: %7B8e5025c2-8ea3-430d-80b8-a14151068a6d%7D:10.14.65.43 FF - prefs.js..extensions.enabledAddons: %7B09a07b02-f491-4b6b-bfc9-684a624f4f3b%7D:10.14.65.43 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3128284&SearchSource=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elliot\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elliot\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\ [2013/02/08 11:10:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Security Agent\UIFramework\Toolbar\firefoxextension [2011/12/29 12:09:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 10:54:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/20 10:54:05 | 000,000,000 | ---D | M] [2011/02/23 10:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elliot\AppData\Roaming\mozilla\Extensions [2013/02/13 17:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elliot\AppData\Roaming\mozilla\Firefox\Profiles\28q8f62q.default\extensions [2013/02/13 17:29:29 | 000,000,000 | ---D | M] (Reverso) -- C:\Users\Elliot\AppData\Roaming\mozilla\Firefox\Profiles\28q8f62q.default\extensions\{09a07b02-f491-4b6b-bfc9-684a624f4f3b} [2013/02/13 17:29:14 | 000,000,000 | ---D | M] (01NET.com) -- C:\Users\Elliot\AppData\Roaming\mozilla\Firefox\Profiles\28q8f62q.default\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d} [2013/01/31 09:29:23 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Elliot\AppData\Roaming\mozilla\Firefox\Profiles\28q8f62q.default\extensions\LogMeInClient@logmein.com [2012/12/07 09:56:50 | 000,001,048 | ---- | M] () -- C:\Users\Elliot\AppData\Roaming\mozilla\firefox\profiles\28q8f62q.default\searchplugins\01netcom-customized-web-search.xml [2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Elliot\AppData\Roaming\mozilla\firefox\profiles\28q8f62q.default\searchplugins\askcom.xml [2013/02/21 09:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/02/20 10:54:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/02/20 10:54:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/02/08 12:05:21 | 000,001,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2013/02/08 12:05:21 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/02/08 12:05:21 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2013/02/20 10:54:07 | 000,001,472 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2013/02/08 12:05:21 | 000,001,399 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2013/02/08 12:05:21 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2011/12/13 14:07:32 | 000,000,826 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O3 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\Toolbar\WebBrowser: (no name) - {8E5025C2-8EA3-430D-80B8-A14151068A6D} - No CLSID value found. O3 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BEWINTERNET-FR-DMESessionManager] C:\Program Files\OrangeBS\BEWInternet\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [CardDetectorHUAWEI1752_1552] C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\faxctrl.exe (Open Text Corporation) O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..Trusted Ranges: Range1 ([*] in Sites de confiance) O15 - HKU\S-1-5-21-1871867490-459802785-1846952604-1989\..Trusted Ranges: Range2 ([*] in Sites de confiance) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} https://webpark.arius.fr/viewer/activeXViewer/activexviewer.cab (Crystal Report Viewer Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.112.13 172.16.112.14 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = biotronik.msft O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F4DF0C1-9E46-405D-A4D8-3C6CC84DA240}: DhcpNameServer = 172.16.112.13 172.16.112.14 8.8.8.8 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk P:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/02/28 10:25:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elliot\Desktop\OTL.exe [2013/02/27 17:54:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013/02/27 17:53:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013/02/27 17:53:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 17:53:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 17:53:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 17:53:53 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013/02/27 17:53:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 17:53:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 17:53:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 17:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 17:53:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 17:53:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013/02/27 17:53:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/02/27 17:53:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013/02/27 17:53:52 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/02/27 17:53:52 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013/02/27 17:53:52 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/02/27 17:53:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/02/27 17:53:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013/02/27 17:53:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/02/27 17:53:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/02/27 17:53:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/02/27 17:53:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 17:53:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/02/27 17:53:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013/02/22 11:51:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/22 11:49:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/22 11:49:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/22 11:49:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/22 11:49:08 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/02/21 09:21:10 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/21 09:21:02 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/02/20 10:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/19 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\Elliot\Desktop\Contenu DDE [2013/02/13 13:45:05 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/13 13:44:57 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/13 13:44:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/13 13:44:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/13 13:44:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/13 13:44:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/13 13:44:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/13 13:44:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/13 13:44:49 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/13 13:44:48 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/02/08 11:05:18 | 000,000,000 | ---D | C] -- C:\Device [2013/02/08 11:04:20 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/08 10:56:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/08 10:55:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2011/02/24 18:24:57 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll [2011/02/24 18:24:56 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll [2011/02/24 18:24:56 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll [2011/02/24 18:24:56 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/02/28 10:28:10 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/02/28 10:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elliot\Desktop\OTL.exe [2013/02/28 10:01:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871867490-459802785-1846952604-1989UA.job [2013/02/28 09:56:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/28 09:01:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871867490-459802785-1846952604-1989Core.job [2013/02/28 09:00:10 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/28 09:00:10 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/28 08:54:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/28 08:54:35 | 2786,521,088 | -HS- | M] () -- C:\hiberfil.sys [2013/02/27 17:06:22 | 000,002,046 | -H-- | M] () -- C:\Users\Elliot\Documents\Default.rdp [2013/02/27 09:56:25 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/27 09:56:25 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/21 09:20:56 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/02/21 09:20:56 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/02/21 09:20:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/21 09:20:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/02/21 09:20:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/02/21 09:20:56 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/02/14 09:01:28 | 000,418,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/13 17:50:58 | 000,718,670 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2013/02/13 17:50:58 | 000,630,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/13 17:50:58 | 000,135,438 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2013/02/13 17:50:58 | 000,111,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/13 12:33:31 | 000,003,364 | ---- | M] () -- C:\Windows\ricdb.ini [2013/01/29 16:08:06 | 000,000,000 | ---- | M] () -- C:\END [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/02/28 10:28:10 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2013/02/22 11:49:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/22 11:49:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/22 11:49:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/22 11:49:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/22 11:49:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/28 15:28:25 | 000,007,609 | ---- | C] () -- C:\Users\Elliot\AppData\Local\Resmon.ResmonCfg [2012/11/22 10:45:54 | 000,002,020 | ---- | C] () -- C:\Users\Elliot\AppData\Roaming\ARCserveMgr.dat [2012/09/05 13:20:54 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2011/11/04 14:41:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/11/04 14:41:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/11/04 14:41:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/11/04 14:41:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/11/04 14:41:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/11/04 14:41:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/11/04 14:41:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/11/04 14:41:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/11/04 14:41:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/11/04 14:41:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011/11/04 14:41:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/11/04 14:41:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/11/04 14:41:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/11/04 14:41:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/11/04 14:41:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/11/04 14:41:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011/11/04 14:41:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011/11/04 14:41:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/11/04 14:41:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/07/05 08:49:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/03/18 11:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/03/17 14:43:28 | 000,038,434 | ---- | C] () -- C:\Users\Elliot\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011/02/24 18:24:56 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt [2011/02/24 18:24:56 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt [2011/02/21 16:10:37 | 000,000,854 | RHS- | C] () -- C:\Users\Elliot\ntuser.pol [2011/02/21 16:03:43 | 000,002,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011/05/11 09:07:23 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\DAEMON Tools Lite [2011/12/14 09:43:30 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\DameWare Development [2011/06/06 13:21:01 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\Dexpot [2011/12/13 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\DWMRCMSI [2011/12/13 11:15:05 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\JAM Software [2013/01/14 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\PhotoFiltre Studio X [2012/12/28 11:38:05 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\TeamViewer [2011/03/11 17:55:21 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\VirtuaWin [2011/06/08 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Elliot\AppData\Roaming\Wireshark [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/07/25 14:42:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013/01/29 16:08:06 | 000,000,000 | ---- | M] () -- C:\END [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2013/02/28 08:54:35 | 2786,521,088 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2011/01/05 17:45:08 | 000,000,000 | RHS- | M] () -- C:\OS [2013/02/28 08:54:35 | 3715,362,816 | -HS- | M] () -- C:\pagefile.sys [2013/02/28 10:28:10 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/02/08 14:52:54 | 000,000,661 | ---- | M] () -- C:\resolve.log [2012/02/08 13:52:00 | 001,289,798 | ---- | M] () -- C:\s4js.3 [2012/02/08 13:52:00 | 000,697,828 | ---- | M] () -- C:\s4js.4 [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2011/02/21 15:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip [2011/07/06 13:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2012/01/25 10:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2011/12/13 11:28:29 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc [2011/02/21 14:55:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer [2012/01/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour [2012/11/22 10:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\CA [2012/01/17 12:06:16 | 000,000,000 | ---D | M] -- C:\Program Files\CardDetector [2011/04/28 15:30:36 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2013/02/22 11:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2012/12/07 09:57:16 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit [2011/12/13 12:22:00 | 000,000,000 | ---D | M] -- C:\Program Files\DameWare Development [2011/07/08 12:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker [2011/02/21 14:58:55 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2011/06/08 16:38:01 | 000,000,000 | ---D | M] -- C:\Program Files\Intel [2013/02/14 08:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2012/12/20 12:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\iPod [2012/12/20 12:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes [2011/12/13 11:14:59 | 000,000,000 | ---D | M] -- C:\Program Files\JAM Software [2013/02/21 09:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2011/04/07 10:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/21 14:54:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2013/01/07 09:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2012/05/10 16:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight [2011/11/04 14:39:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011/11/04 14:39:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services [2011/02/21 15:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2011/02/24 18:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2011/02/24 08:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2013/02/20 11:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2013/02/21 08:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service [2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2011/02/24 09:43:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache [2011/02/25 17:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2011/12/28 12:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\netpass [2011/06/08 16:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Nmap [2011/02/21 14:48:13 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services [2012/01/17 12:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\OrangeBS [2011/02/21 15:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator [2013/01/14 13:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoFiltre Studio X [2011/05/05 16:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\PRTG Network Monitor [2012/12/20 12:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime [2011/01/05 17:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek [2012/12/07 09:57:49 | 000,000,000 | ---D | M] -- C:\Program Files\Recuva [2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2012/05/31 10:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\RightFax [2011/02/24 18:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\SAP [2012/12/28 11:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer [2011/12/29 12:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro [2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2011/02/21 15:08:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN [2011/03/31 13:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\VirtuaWin [2011/07/08 12:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender [2012/05/11 07:56:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2011/07/08 12:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail [2011/07/08 12:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2011/07/08 12:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer [2011/07/08 12:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices [2011/07/08 12:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2011/05/05 10:21:36 | 000,000,000 | ---D | M] -- C:\Program Files\WinImage [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: APPMGMTS.DLL >[/color] [2009/07/14 02:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\System32\appmgmts.dll [2009/07/14 02:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_dda3f0f09bf1f8b2\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color] [2009/07/14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe [2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe [2010/11/20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009/07/14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009/07/14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2011/01/05 18:15:05 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2011/01/05 18:12:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2011/01/05 18:12:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2011/01/05 18:15:05 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color] [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\System32\hidserv.dll [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_d6829e90e8c23da8\hidserv.dll [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\SWSETUP\Drivers\MSD\Intel\iaStor.sys [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2011/01/05 18:20:20 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys [2011/01/05 18:20:20 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys [color=#A23BEC]< MD5 for: IMM32.DLL >[/color] [2010/11/20 13:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\System32\imm32.dll [2010/11/20 13:19:22 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll [2009/07/14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=5DF8132ADF721329234403189FC94E16 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_5c2c7439dbbe9273\imm32.dll [color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color] [2011/05/14 07:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=02D5E2D9D9497F314C97E082A1CB9808 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll [2011/01/05 18:15:17 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=0369BA73CE6D918745579B24339765E8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll [2012/08/20 18:54:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=0B0ACE1E9F27AA44B4FAC72F881B908C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_94753f2bd07b1432\kernel32.dll [2011/06/03 07:01:43 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=11826814AA8C1177CBF6BC40105E9A87 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll [2011/07/16 05:25:25 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=12DD18C6ECADEDB922E40B494D315206 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll [2012/11/30 05:47:07 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=22BB6AFDE3D162C3F5E631267070E46D -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21386_none_941ebfcbd0bbf3ba\kernel32.dll [2012/10/04 17:43:05 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=3ED262888758E350C29E02207AF9AC59 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll [2009/07/14 02:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=4605F7EE9805F7E1C98D6C959DD2949C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll [2011/05/14 07:35:39 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=4F9C07F0D68E135F1E07C20647FC54F9 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll [2010/11/20 13:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll [2011/05/14 08:40:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5717FC9D2A1DAA0596DC7D940F2D613C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll [2012/10/04 17:49:12 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5EB52C62998CF36BAE774FC67775EAEB -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_93ca306cb776b1bd\kernel32.dll [2012/10/04 17:32:16 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=63350392C018D28C87E6FCB638DFCFE8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll [2012/11/30 06:01:46 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6D0D4B00C7CB4FA829F396A83B327894 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll [2012/08/20 18:40:01 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6F93A0F455963DC8A9A16BB682C8D589 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll [2011/07/16 05:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=7E99A20C758ABB5AE89C7AEEA3A9AEB2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll [2013/01/04 05:44:29 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=89C816E5DA817EB6E97BAC7E644041E8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_946a7125d0832d4a\kernel32.dll [2012/08/18 12:21:20 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=8EA21D5227121072B985525B6C0C36A0 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_93eca0c4b75c9098\kernel32.dll [2012/08/20 18:34:45 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=9139B25AA9CA8749A11F2BE863EF391B -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll [2011/07/16 05:54:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=921F8B3FF01501C9934CCB3C270833D7 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll [2013/01/04 05:46:33 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=A2CB61B68566F6DB067607273119D27B -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_93eba260b75d7468\kernel32.dll [2012/10/04 17:51:02 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=A49F39AD51987F9360C316D85040D763 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_9453cf1dd0944eae\kernel32.dll [2012/11/30 05:47:44 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=AE09B85158C66E2C154C5C9B3C0027B3 -- C:\Windows\System32\kernel32.dll [2012/11/30 05:47:44 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=AE09B85158C66E2C154C5C9B3C0027B3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll [2011/07/16 05:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll [2012/11/30 06:00:06 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E9F8A2515D2ADCB9B1208E3576AB31D2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17179_none_93a2f1e4b79386dd\kernel32.dll [2011/01/05 18:15:17 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=EB7B2309A2B16EEB73C2C13477FEF8FB -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll [2013/01/04 05:46:46 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=F14125F0B2ACB29963E896E3441DC30C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_965e9ef5cd9ec94a\kernel32.dll [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2009/07/14 02:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll [2010/11/20 13:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll [2010/11/20 13:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2012/08/22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys [2009/07/14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys [2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys [2012/08/22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys [2010/11/20 13:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [color=#A23BEC]< MD5 for: NTFS.SYS >[/color] [2012/08/31 18:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\System32\drivers\ntfs.sys [2012/08/31 18:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys [2011/03/11 06:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys [2010/11/20 13:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys [2009/07/14 02:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys [2012/08/31 18:21:56 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=5126C5402C730C2A953275D8497A4715 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17119_none_a69715e87e02f01c\ntfs.sys [2012/08/31 18:20:14 | 001,210,736 | ---- | M] (Microsoft Corporation) MD5=72D1BB12770F86033C73E288CD8E3869 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21316_none_a71db3bb97234108\ntfs.sys [2011/03/11 06:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys [2011/03/11 06:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys [2011/01/05 18:20:20 | 001,210,760 | ---- | M] (Microsoft Corporation) MD5=B0FF28FEF1C6B51BC1AC91B9FFD5D00E -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16592_none_a639b2e27e49f93e\ntfs.sys [2011/03/11 06:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys [2012/08/31 18:01:43 | 001,212,272 | ---- | M] (Microsoft Corporation) MD5=E6C295C6F8E639957235FEE1D95077F4 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys [2011/01/05 18:20:20 | 001,210,248 | ---- | M] (Microsoft Corporation) MD5=F68CACD7D259166B6F1A248498CF898F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20712_none_a719d0f39726b6a7\ntfs.sys [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2011/01/05 18:20:20 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2011/01/05 18:20:20 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys [color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color] [2010/11/20 13:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\System32\proquota.exe [2010/11/20 13:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe [2009/07/14 02:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2009/07/14 02:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color] [2012/02/11 06:31:45 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=13B48314BF02091B30597DF20B71CBAC -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_d6daba6e3bd61215\spoolsv.exe [2010/08/20 05:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe [2009/07/14 02:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe [2010/11/20 13:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\System32\spoolsv.exe [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe [2012/02/11 06:21:14 | 000,317,952 | ---- | M] (Microsoft Corporation) MD5=CAE10A25F936C053E41CBE0FA06FF15D -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe [2010/08/21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe [2012/02/11 06:41:06 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=E17323B0AA9FB3FF9945731D736EDA2F -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_d634a3a322cec58a\spoolsv.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color] [2010/11/20 13:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll [2010/11/20 13:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll [2009/07/14 02:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2009/07/14 02:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys [2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys [2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys [2010/11/20 13:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys [color=#A23BEC]< MD5 for: WININET.DLL >[/color] [2010/12/18 06:31:01 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=025031C16D3A486F6AFE1C9B2FB1ADE0 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll [2011/01/05 18:18:00 | 000,980,480 | ---- | M] (Microsoft Corporation) MD5=0962CB2A9E6B4363C74249A4A5CCDBBF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll [2012/08/24 17:58:13 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=0D5ADA91A4176674D12DC990DD022E84 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22099_none_1ee2a15190714c2a\wininet.dll [2009/07/14 02:16:19 | 000,977,920 | ---- | M] (Microsoft Corporation) MD5=0D874F3BC751CC2198AF2E6783FB8B35 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll [2012/10/27 05:56:29 | 000,982,528 | ---- | M] (Microsoft Corporation) MD5=16E1C86531C6DDA240D2A64603D99F99 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21355_none_1d2384b9932e0845\wininet.dll [2011/11/05 05:31:42 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=1903228FE0C7D402B26A217F8D7713FD -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll [2011/11/05 05:35:00 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=19714FA7D7204D9BEE1EE12791DA9010 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll [2010/12/21 06:29:12 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=1B3DD46BC6396143A205EAAF05F38039 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll [2011/08/20 05:38:10 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=1DBC7303366C0C9B80E51C4B4BECB7ED -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll [2011/02/24 06:32:44 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=214605C48AE416BC067C39D227CFCC57 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll [2011/01/05 18:15:45 | 000,977,920 | ---- | M] (Microsoft Corporation) MD5=23587164011EC849E58E229ABC49E239 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll [2011/01/05 18:10:50 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=250267CE6217C1AB4517F22FB7EA13E8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll [2012/05/15 04:03:54 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=2606B35DDADCA19BEA9A08033C621B97 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17842_none_1e8839fa77313c08\wininet.dll [2011/04/22 20:31:50 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=27CDAF355CCE3762C7F13719E814418B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll [2011/04/22 20:10:01 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=2CA020EACDC6DDB2BEA89FEA02C90945 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll [2012/05/15 03:51:09 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=3E5195AB78F4DCE48E04CC6979D9B428 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21995_none_1edec8079074b38c\wininet.dll [2012/10/27 07:26:55 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=42C671E0525618E23371D0E68282F37C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17984_none_1e5efcc4774fdba1\wininet.dll [2012/08/24 18:10:47 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=4408FA39C6DCF639C6CC34059E201D16 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17115_none_1cc525b879effb90\wininet.dll [2010/11/20 13:21:36 | 000,980,992 | ---- | M] (Microsoft Corporation) MD5=44214C94911C7CFB1D52CB64D5E8368D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll [2012/08/24 17:57:48 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=4F4E2103C7F8A2AB6679071855549C93 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17940_none_1e863b4c77330681\wininet.dll [2012/06/27 06:49:12 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=54D506A1F7D9E1AF6439F7A06CC6488A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22032_none_1f1c7ed39046f323\wininet.dll [2012/06/27 07:03:21 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=552D000E5D6CD1310D8510515B305FFE -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17051_none_1c95e2fa7a1408d1\wininet.dll [2012/06/27 06:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=58CFAE82CC4092C5988555B73CD557B8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17874_none_1e69caca7747c289\wininet.dll [2012/10/27 05:50:37 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=5CD2659F5F1728C7A71D4A15AA4A7D53 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22145_none_1f14b1ab904c5840\wininet.dll [2011/01/05 18:20:46 | 000,980,480 | ---- | M] (Microsoft Corporation) MD5=5FF3118C688D43ED77DEADC6F4895EF9 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll [2011/12/16 09:02:26 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=653109C31F7F190072C9E4DF31154225 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll [2012/12/20 13:53:51 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=6554DA6A01F14B3F017161879C8DB9BC -- C:\Windows\System32\wininet.dll [2012/12/20 13:53:51 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=6554DA6A01F14B3F017161879C8DB9BC -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.18035_none_1e95e4cc77269c85\wininet.dll [2012/02/28 06:25:01 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=6A5778483A8023B4DB9C5A509D382392 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21931_none_1f1ba6679047a68a\wininet.dll [2012/02/28 06:44:19 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=6D57EAE6BC922EC56DBD9EF4AD9986BD -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21158_none_1d2681cb932b59fc\wininet.dll [2011/06/21 06:26:35 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=6DC5A5F57FACFF20149F04440BB4523C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll [2012/12/20 13:59:24 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=6EE6F7BFF92590051ACFA519AEE8ACE5 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17197_none_1c70a6ec7a2f0dc6\wininet.dll [2012/12/20 14:25:08 | 000,982,528 | ---- | M] (Microsoft Corporation) MD5=6F5EF9687B17FACD529C8EEC61791A01 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21406_none_1d5a96859304930e\wininet.dll [2012/10/27 06:00:40 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=703CD7A8E6F8A233118E8070B5FB7C1F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17153_none_1c97e5747a1238a6\wininet.dll [2011/06/21 06:28:33 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=748FD4CAB1AFFD90A9556EB7D5AA1FEB -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll [2011/08/20 06:53:02 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7570FA3FC82E08FB637E32D2D95DB41D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll [2010/12/21 06:38:22 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=78B9ADA2BC8946AF7B17678E0D07A773 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll [2011/08/20 05:35:24 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=79FFA6C81F9F5B2244C5668D08387EA6 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll [2011/04/22 20:51:33 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7A11DB452989040AD8570A3DCE2E9DE2 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll [2012/06/27 07:08:59 | 000,982,528 | ---- | M] (Microsoft Corporation) MD5=7BD5EBE065E3F8632504BE397B5C640F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21245_none_1d2e52bf9325ef2d\wininet.dll [2012/02/28 06:38:52 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7CCA8574A3B9BB41A4150739E21F1B23 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17785_none_1e5ff942774efaaa\wininet.dll [2011/11/05 05:35:50 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=7F5B51FACA193430346970283C50769F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll [2011/12/16 10:00:03 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=808C0CE9D4DBC0A6F72761294EB10FB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll [2011/12/16 08:51:05 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=8DFDD881CEF74ED749BA968E060418CA -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll [2011/01/05 18:10:50 | 000,980,480 | ---- | M] (Microsoft Corporation) MD5=91A9CCAD9829A89C840899932B9EC2DF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll [2011/01/05 18:18:00 | 000,977,920 | ---- | M] (Microsoft Corporation) MD5=99A6F1253A886C4A9C1F8E1822B10A80 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll [2012/05/15 04:08:48 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=9B086D98370BA0219F6805675D38DDA7 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.17024_none_1cb9539c79f90103\wininet.dll [2011/03/07 06:33:13 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=A5B19B240901CAB0C8E7767D2873613E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll [2011/01/05 18:20:46 | 000,977,920 | ---- | M] (Microsoft Corporation) MD5=ABE73A2F762A74B6AD2C9BE636915595 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll [2012/05/15 04:08:11 | 000,982,528 | ---- | M] (Microsoft Corporation) MD5=BBC4EE1EC1B484B710499FA74639DABA -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21215_none_1d4ec283930d9b5a\wininet.dll [2011/12/16 08:54:22 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=BDB7450CC556F238FD973C9DA300FEB8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll [2012/08/24 18:06:08 | 000,982,528 | ---- | M] (Microsoft Corporation) MD5=C37D28AF883DD7A461D7C4A1E61AA42D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21313_none_1d4cc3d5930f65d3\wininet.dll [2011/06/21 07:49:27 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=D1E7C4FA045B34C32D12BFBB415EBE1B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll [2011/02/24 06:46:10 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=DA2950BAD7306006EBA77DD93CC42690 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll [2011/08/20 05:31:05 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=DBF24E87CB605A4F6E7424DD86F7A62C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll [2011/04/22 20:13:53 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=E391DB6E8CA3638B9772A990E6D280FF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll [2011/11/05 05:37:37 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=E49448ACD38A375E4FBCCB87056E1467 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll [2012/12/20 14:08:01 | 000,982,016 | ---- | M] (Microsoft Corporation) MD5=ED5F1E888F7D75EE5C8590A155423720 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.22199_none_1ee2a33790714951\wininet.dll [2011/03/07 06:22:07 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=EDEB2904636B657782F824D8FF97D0B8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll [2011/06/21 06:36:36 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=EE0D7471EBF9CE40CC4A203B1F90F028 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll [2010/12/18 06:32:22 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=F019FCA21F609E34B79AE130681D08F7 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll [2012/02/28 06:40:21 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=F09F1A921CB0F1B708D23CC58F8EB21E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16968_none_1c923cf27a15a2e1\wininet.dll [2011/01/05 18:15:45 | 000,977,920 | ---- | M] (Microsoft Corporation) MD5=F1C359CE656BD76F90E0E6C4BC04A4BE -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2011/01/05 18:15:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2011/01/05 18:15:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2011/01/05 18:15:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2011/01/05 18:15:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [color=#A23BEC]< MD5 for: WS2_32.DLL >[/color] [2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll [2010/11/20 13:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color] "Debug" = "" = mnmsrvc "Kmode" = \SystemRoot\System32\win32k.sys "Optional" = Posix [binary data] "Posix" = %SystemRoot%\system32\psxss.exe "Required" = DebugWindows [binary data] "Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS] "CsrSrvSharedSectionBase" = 2137980928 [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color] [2013/02/26 11:55:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1871867490-459802785-1846952604-1989\$I1CFEW5.xls [2013/02/26 11:04:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1871867490-459802785-1846952604-1989\$IBVCVIS.jpg [2013/02/26 11:55:56 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1871867490-459802785-1846952604-1989\$IY4ZO5P.xls [2013/02/22 17:47:44 | 000,192,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1871867490-459802785-1846952604-1989\$R1CFEW5.xls [2013/02/22 15:54:52 | 000,060,584 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1871867490-459802785-1846952604-1989\$RBVCVIS.jpg [2013/02/22 17:19:00 | 000,190,464 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1871867490-459802785-1846952604-1989\$RY4ZO5P.xls [2013/02/22 12:26:10 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1871867490-459802785-1846952604-1989\desktop.ini [2009/07/14 05:53:46 | 000,032,496 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2011/02/24 15:25:38 | 000,001,030 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871867490-459802785-1846952604-1989Core.job [2011/02/24 15:25:38 | 000,001,082 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1871867490-459802785-1846952604-1989UA.job [2012/11/20 09:00:41 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report >