OTL logfile created on: 2013-10-24 14:59:05 - Run OTLPE by OldTimer - Version 3.1.29.0 Folder = Y:\Programs\OTLPE Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.10.9200.16721) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 18,45 Gb Free Space | 12,38% Space Free | Partition Type: NTFS Drive D: | 425,63 Gb Total Space | 6,28 Gb Free Space | 1,48% Space Free | Partition Type: NTFS Drive E: | 3,77 Gb Total Space | 3,33 Gb Free Space | 88,37% Space Free | Partition Type: FAT32 Drive F: | 43,88 Mb Total Space | 27,63 Mb Free Space | 62,97% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 255,54 Mb Total Space | 253,11 Mb Free Space | 99,05% Space Free | Partition Type: NTFS Drive Y: | 548,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MININT-PEEW99 Current User Name: Système Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet001 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto] -- -- (WsysSvc) SRV - File not found [Auto] -- -- (WMPNetworkSvc) SRV - File not found [Auto] -- -- (wlidsvc) SRV - File not found [Auto] -- -- (WajamUpdater) SRV - File not found [Auto] -- -- (tor) SRV - File not found [Auto] -- -- (supdate) Software Update Service (supdate) SRV - File not found [On_Demand] -- -- (Steam Client Service) SRV - File not found [Auto] -- -- (SrvUpdater) SRV - File not found [Auto] -- -- (SkypeUpdate) SRV - File not found [Auto] -- -- (Skype C2C Service) SRV - File not found [Auto] -- -- (PSI_SVC_2) SRV - File not found [Auto] -- -- (PCSUService) SRV - File not found [On_Demand] -- -- (ose) SRV - File not found [Auto] -- -- (OfferBox update service) SRV - File not found [On_Demand] -- -- (odserv) SRV - File not found [Auto] -- -- (NitroReaderDriverReadSpool2) SRV - File not found [On_Demand] -- -- (MozillaMaintenance) SRV - File not found [On_Demand] -- -- (Microsoft Office Groove Audit Service) SRV - File not found [Auto] -- -- (MBAMService) SRV - File not found [Auto] -- -- (MaConfigAgent) SRV - File not found [Auto] -- -- (IAStorDataMgrSvc) Intel(R) SRV - File not found [Auto] -- -- (desksvc) SRV - File not found [On_Demand] -- -- (BRSptSvc) SRV - File not found [Auto] -- -- (BitGuard) SRV - File not found [Auto] -- -- (ASLDRService) SRV - File not found [Auto] -- -- (APNMCP) SRV - [2013-10-15 11:05:30 | 001,432,368 | ---- | M] () [Auto] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService) SRV - [2013-07-25 12:36:32 | 003,059,184 | ---- | M] () [Auto] -- C:\Users\William\AppData\Local\tuto4pc_fr_51\supt4pc_fr_51.exe -- (supt4pc_fr_51) SRV - [2013-03-19 06:53:27 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2013-01-13 22:30:34 | 000,906,240 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2012-11-18 15:25:05 | 000,107,520 | ---- | M] () [Auto] -- C:\Users\William\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate) SRV - [2012-04-04 20:40:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011-11-28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011-03-09 23:50:32 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010-11-20 23:29:41 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2010-11-20 23:29:41 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2010-11-20 23:29:25 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) SRV - [2010-11-20 23:29:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2010-11-20 23:29:13 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2010-11-20 23:29:12 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2010-11-20 23:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2010-11-20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-07-14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009-07-14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009-07-14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009-07-14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009-07-14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009-07-14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009-07-14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (driverhardwarev2) DRV - File not found [Kernel | Boot] -- -- (c3356c841d96143d) DRV - File not found [File_System | On_Demand] -- -- (BRDriver) DRV - [2012-10-11 05:08:10 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2012-10-11 05:08:08 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012-06-02 06:45:03 | 000,134,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg) DRV - [2012-06-02 06:40:59 | 000,369,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG) DRV - [2012-04-04 20:03:33 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-03-01 07:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) [Recognizer | Boot] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2012-01-31 17:36:50 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2011-11-17 17:11:56 | 000,125,456 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\JME.sys -- (JME) DRV - [2011-03-11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2011-03-11 07:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2011-03-11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV) DRV - [2011-03-11 07:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata) DRV - [2011-03-11 07:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata) DRV - [2011-03-10 00:32:40 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011-03-09 23:15:00 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010-11-20 23:29:24 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 23:29:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2010-11-20 23:29:04 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2010-11-20 23:29:04 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 23:29:03 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci) DRV - [2010-11-20 23:29:03 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp) DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 23:29:03 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 23:29:03 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi) DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-11-17 09:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-11-05 23:39:18 | 000,354,840 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor) DRV - [2009-09-17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009-07-14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2009-07-14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2009-07-14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2009-07-14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdsbs.sys -- (amdsbs) DRV - [2009-07-14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2009-07-14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2009-07-14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2009-07-14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2009-07-14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2009-07-14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2009-07-14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\MegaSR.sys -- (MegaSR) DRV - [2009-07-14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009-07-14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2009-07-14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009-07-14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2009-07-14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2009-07-14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2009-07-14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2009-07-14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD) DRV - [2009-07-14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009-07-14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2009-07-14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2009-07-14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2009-07-14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2009-07-14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2009-07-14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009-07-14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\SiSRaid2.sys -- (SiSRaid2) DRV - [2009-07-14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\drivers\stexstor.sys -- (stexstor) DRV - [2009-07-14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009-07-14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009-07-14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009-07-14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009-07-14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009-07-14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) DRV - [2009-07-14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009-07-14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\umpass.sys -- (UmPass) DRV - [2009-07-14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009-07-14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\MTConfig.sys -- (MTConfig) DRV - [2009-07-14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009-07-14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HidBatt.sys -- (HidBatt) DRV - [2009-07-14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdppm.sys -- (AmdPPM) DRV - [2009-07-14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009-07-14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009-07-14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009-07-14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\BrFiltLo.sys -- (BrFiltLo) DRV - [2009-07-14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\BrFiltUp.sys -- (BrFiltUp) DRV - [2009-07-14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009-07-14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbdx.sys -- (ebdrv) DRV - [2009-07-14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbdx.sys -- (b06bdrv) DRV - [2009-07-14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-07-13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock) DRV - [2009-07-13 22:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2008-08-07 02:09:32 | 000,905,728 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGUx86.sys -- (A5AGU) DRV - [2007-07-31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD6400BEVT-80A0RT0_WD-WXB1AA04413344133&ts=1380441605 IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD6400BEVT-80A0RT0_WD-WXB1AA04413344133&ts=1380441605 IE - HKLM\..\URLSearchHook: {cfcb809c-3a22-4616-a916-6c007bd9d920} - C:\Program Files\FileConverter_1.5\prxtbFile.dll File not found IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll File not found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\William_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?babsrc=HP_ss_sps&mntrId=280F14DAE90DDE23&affID=123621&tsp=4940 IE - HKU\William_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD6400BEVT-80A0RT0_WD-WXB1AA04413344133&ts=1380441605 IE - HKU\William_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\William_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\William_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?p2=%5EAKH%5Ezzz004%5EYY%5EFR&gct=hp&o=APN10457&apn_ptnrs=%5EAKH&apn_dtid=%5Ezzz004%5EYY%5EFR&tpid=MYC3&apn_dbr=ie_9.0.8112.16457&trgb=&apn_uid=25583931-969E-4CB2-B287-C44C68B406CF&itbv=11.5.0.792&doi=2012-12-29&psv= IE - HKU\William_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKU\William_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKU\William_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\William_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\William_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.offerbox.com IE - HKU\William_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56847 FF - HKLM\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com File not found FF - HKLM\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Services x86) - {11111111-1111-1111-1111-110211701196} - C:\Program Files\Services x86\Services x86-bho.dll File not found O2 - BHO: (Ask Toolbar) - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\MYC3\Passport.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found O2 - BHO: (Lyrics-Pal) - {74457aa3-0c15-4e8b-a3a6-e05d526e6ae1} - C:\Program Files\LyricsPal\131.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\William\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll File not found O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (holasearch Helper Object) - {DFF9B2DA-EF99-4B26-83CB-7058299999D8} - C:\Program Files\holasearch\holasearch\1.8.16.16\bh\holasearch.dll File not found O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\MYC3\Passport.dll File not found O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll File not found O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (Holasearch Toolbar) - {C510DFFB-0AFE-484C-BA40-CED5B74C4EEF} - C:\Program Files\holasearch\holasearch\1.8.16.16\holasearchTlbr.dll File not found O3 - HKLM\..\Toolbar: (FileConverter 1.5 Toolbar) - {cfcb809c-3a22-4616-a916-6c007bd9d920} - C:\Program Files\FileConverter_1.5\prxtbFile.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKU\William_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll File not found O3 - HKU\William_ON_C\..\Toolbar\WebBrowser: (FileConverter 1.5 Toolbar) - {CFCB809C-3A22-4616-A916-6C007BD9D920} - C:\Program Files\FileConverter_1.5\prxtbFile.dll File not found O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe File not found O4 - HKLM..\Run: [Boxore Client] C:\Program Files\Boxore\BoxoreClient\boxore.exe File not found O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe File not found O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe File not found O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe File not found O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe File not found O4 - HKLM..\Run: [offerbox] C:\Program Files\OfferBox\OfferBox.exe File not found O4 - HKLM..\Run: [QuickTime Task] D:\QTTask.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe File not found O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe File not found O4 - HKU\William_ON_C..\Run: [Desk 365] C:\Program Files\Desk 365\desk365.exe File not found O4 - HKU\William_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe File not found O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) F3 - HKU\William_ON_C WinNT: Load - (c:\users\william\dxqfnlv.exe) - c:\users\william\dxqfnlv.exe (PreEmptive Solutions, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0 O7 - HKU\William_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll File not found O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File not found O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found O20 - AppInit_DLLs: (c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\William_ON_C Winlogon: Shell - (cmd.exe) - cmd.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-10-24 14:43:47 | 000,000,000 | ---D | C] -- X:\Users\Default\Desktop\FRST [2013-10-20 23:35:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013-10-20 00:19:13 | 000,194,048 | ---- | C] () -- C:\Users\William\AppData\Roaming\VLzh0fl2Uh [2013-10-20 00:19:13 | 000,194,048 | ---- | C] () -- C:\Users\William\AppData\Local\F8aQUTXE [2013-10-20 00:17:53 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\b5Qdq3DCZ [2013-10-17 18:52:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-10-15 22:55:33 | 000,007,138 | ---- | C] () -- C:\Users\William\AppData\Local\recently-used.xbel [2013-10-13 03:05:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin [2013-10-13 03:05:00 | 000,000,000 | ---D | C] -- C:\Riot Games [2013-10-13 03:01:49 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Riot Games [2013-10-12 13:51:36 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\.mineria [2013-10-11 12:57:04 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013-10-11 12:57:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2013-10-11 12:57:03 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013-10-11 12:57:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013-10-11 12:57:03 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013-10-11 12:57:02 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013-10-11 12:57:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013-10-11 12:57:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013-10-11 12:57:02 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013-10-11 12:57:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013-10-11 12:57:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013-10-10 18:53:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2013-10-10 18:53:27 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2013-10-10 18:53:25 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013-10-10 18:53:24 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013-10-10 18:53:24 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll [2013-10-10 18:53:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013-10-10 18:53:23 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2013-10-10 18:53:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2013-10-10 18:53:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013-10-10 18:53:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2013-10-10 18:53:21 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll [2013-10-10 18:52:43 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013-10-10 18:52:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2013-10-05 21:08:19 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Mumble [2013-10-02 20:39:56 | 000,000,000 | ---D | C] -- C:\AMD [2013-09-29 12:41:26 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\gtk-2.0 [2013-09-29 12:35:51 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\gegl-0.2 [2013-09-29 11:19:13 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\eUpdate [2013-09-25 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Local\avgchrome [2013-09-25 12:29:58 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2013-09-25 12:29:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll [2013-09-25 12:29:56 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013-09-25 12:29:56 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013-09-25 12:29:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013-09-25 12:29:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013-09-25 12:29:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013-09-25 12:29:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013-09-25 12:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013-09-25 12:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013-09-25 12:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013-09-25 12:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013-09-25 12:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013-09-25 12:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013-09-25 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\William\AppData\Roaming\Reg [2013-03-17 21:58:01 | 000,114,176 | ---- | C] () -- C:\Users\William\AppData\Roaming\BabMaint.exe [2013-03-14 01:27:47 | 000,102,912 | ---- | C] () -- C:\Users\William\AppData\Roaming\CheckRun22find.exe [2012-11-14 21:14:16 | 000,415,232 | ---- | C] () -- C:\Users\William\AppData\Roaming\Adobe.exe [2012-10-14 12:05:16 | 000,000,068 | ---- | C] () -- C:\Users\William\AppData\Roaming\mbam.context.scan [2012-10-09 13:30:38 | 000,000,008 | ---- | C] () -- C:\Users\William\AppData\Roaming\DofusAppId0_4 [2012-10-04 18:14:58 | 000,013,824 | ---- | C] () -- C:\Users\William\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-05 20:53:11 | 000,000,008 | ---- | C] () -- C:\Users\William\AppData\Roaming\DofusAppId0_3 [2012-04-05 12:03:06 | 000,000,008 | ---- | C] () -- C:\Users\William\AppData\Roaming\DofusAppId0_1 [2012-04-05 00:57:28 | 000,000,117 | ---- | C] () -- C:\Users\William\AppData\Roaming\D2Info0 [2012-04-05 00:57:28 | 000,000,008 | ---- | C] () -- C:\Users\William\AppData\Roaming\DofusAppId0_2 [2012-04-04 20:32:02 | 000,115,288 | ---- | C] () -- C:\Users\William\AppData\Local\GDIPFONTCACHEV1.DAT [2012-04-04 19:47:48 | 001,521,836 | -H-- | C] () -- C:\Users\William\AppData\Local\IconCache.db [2011-12-08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2009-07-14 06:52:31 | 000,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2009-07-14 06:52:31 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009-07-14 06:52:31 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009-07-14 06:52:31 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-10-24 14:38:27 | 000,001,663 | ---- | M] () -- X:\Users\Default\Desktop\PENetwork.lnk [2013-10-24 14:38:27 | 000,001,560 | ---- | M] () -- X:\Users\Default\Desktop\Command Prompt.lnk [2013-10-24 14:38:27 | 000,001,444 | ---- | M] () -- X:\Users\Default\Desktop\Explorer.lnk [2013-10-24 14:38:27 | 000,000,637 | ---- | M] () -- X:\Users\Default\Desktop\HD Tune v2.55.lnk [2013-10-24 14:38:26 | 000,000,891 | ---- | M] () -- X:\Users\Default\Desktop\OTLPE.lnk [2013-10-24 14:38:26 | 000,000,697 | ---- | M] () -- X:\Users\Default\Desktop\RogueKiller.lnk [2013-10-24 14:38:26 | 000,000,625 | ---- | M] () -- X:\Users\Default\Desktop\Opera12.lnk [2013-10-24 14:38:26 | 000,000,591 | ---- | M] () -- X:\Users\Default\Desktop\FRST.lnk [2013-10-24 12:31:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-10-24 12:30:58 | 2400,616,448 | -HS- | M] () -- C:\hiberfil.sys [2013-10-21 00:18:42 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\spmonitor.job [2013-10-21 00:18:42 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2013-10-21 00:18:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2013-10-20 23:35:31 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Lyrics-Pal Update.job [2013-10-20 23:32:34 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\SoftwareUpdateTaskMachineCore.job [2013-10-20 00:19:03 | 000,194,048 | ---- | M] () -- C:\Users\William\AppData\Roaming\VLzh0fl2Uh [2013-10-20 00:19:03 | 000,194,048 | ---- | M] () -- C:\Users\William\AppData\Local\F8aQUTXE [2013-10-19 23:57:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\SoftwareUpdateTaskMachineUA.job [2013-10-19 23:34:39 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-10-19 23:34:39 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-10-19 15:01:00 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013-10-18 17:06:12 | 001,521,836 | -H-- | M] () -- C:\Users\William\AppData\Local\IconCache.db [2013-10-18 14:56:42 | 000,000,182 | ---- | M] () -- C:\Users\William\Desktop\La Belle et la Bête Résumé de l'histoire.url [2013-10-18 13:36:15 | 000,011,036 | ---- | M] () -- C:\Users\William\Documents\Dofus mail.docx [2013-10-15 22:55:33 | 000,007,138 | ---- | M] () -- C:\Users\William\AppData\Local\recently-used.xbel [2013-10-15 20:12:14 | 001,549,936 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2013-10-15 20:12:14 | 000,704,714 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2013-10-15 20:12:14 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-10-15 20:12:14 | 000,130,988 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2013-10-15 20:12:14 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-10-15 11:05:30 | 001,432,368 | ---- | M] () -- C:\Windows\System32\dmwu.exe [2013-10-15 10:58:14 | 000,027,136 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\System32\ImHttpComm.dll [2013-10-14 00:12:07 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job [2013-10-11 13:09:13 | 000,436,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-10-10 18:31:03 | 000,000,252 | ---- | M] () -- C:\Users\William\Desktop\PGW 2013 Un tournoi League of Legends organisé par Asus - Actualités - 10-10-2013 - JeuxVideo.com.url [2013-10-09 12:35:46 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013-10-07 12:04:52 | 000,000,260 | ---- | M] () -- C:\Users\William\Desktop\Escape the Fate Ungrateful  Escape The Fate Ungrateful Bundle 1  Shop the Escape the Fate Official Store.url [2013-10-06 14:11:06 | 001,275,500 | ---- | M] () -- C:\Users\William\Documents\Mumble-2013-10-06-14-10-57-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:16:22 | 000,606,188 | ---- | M] () -- C:\Users\William\Documents\Mumble-2013-10-05-21-16-17-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:16:15 | 000,563,180 | ---- | M] () -- C:\Users\William\Documents\Mumble-2013-10-05-21-16-11-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:15:18 | 000,490,778 | ---- | M] () -- C:\Users\William\Documents\ZECHT.wav [2013-10-05 21:15:09 | 000,723,080 | ---- | M] () -- C:\Users\William\Documents\Mumble-2013-10-05-21-15-04-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:08:27 | 000,002,393 | ---- | M] () -- C:\Users\William\Documents\MumbleAutomaticCertificateBackup.p12 [2013-10-03 13:53:49 | 000,000,283 | ---- | M] () -- C:\Users\William\Desktop\Square Enix Boutique LIGHTNING RETURNS FINAL FANTASY XIII + Bonus de précommande [PS3].url [2013-10-02 20:21:39 | 000,001,165 | ---- | M] () -- C:\Users\William\Desktop\Driver Genius.lnk [2013-10-01 18:02:34 | 000,000,254 | ---- | M] () -- C:\Users\William\Desktop\Veste en Jean sans manches - Veste sans manches par EMP Black Premium - Référence de l'Article 260883 - à partir de 36,99 € - EMP LE MAILORDER ROCK & METAL Le Merchandising & tellement plus encore....url [2013-09-30 17:53:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll [2013-09-30 17:53:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll [2013-09-30 17:53:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll [2013-09-30 17:53:04 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll [2013-09-30 17:53:04 | 000,001,870 | ---- | M] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest [2013-09-30 07:46:23 | 000,000,237 | ---- | M] () -- C:\Users\William\Desktop\League of Fucktards Flaming OP - LeagueCraft.url [2013-09-26 07:28:05 | 000,000,000 | ---- | M] () -- C:\end [2013-09-25 20:45:35 | 000,000,008 | ---- | M] () -- C:\Users\William\AppData\Roaming\DofusAppId0_2 [2013-09-25 19:23:52 | 000,000,117 | ---- | M] () -- C:\Users\William\AppData\Roaming\D2Info0 [2013-09-25 12:43:23 | 000,000,008 | ---- | M] () -- C:\Users\William\AppData\Roaming\DofusAppId0_1 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-10-24 14:38:27 | 000,001,663 | ---- | C] () -- X:\Users\Default\Desktop\PENetwork.lnk [2013-10-24 14:38:27 | 000,001,560 | ---- | C] () -- X:\Users\Default\Desktop\Command Prompt.lnk [2013-10-24 14:38:27 | 000,001,444 | ---- | C] () -- X:\Users\Default\Desktop\Explorer.lnk [2013-10-24 14:38:27 | 000,000,637 | ---- | C] () -- X:\Users\Default\Desktop\HD Tune v2.55.lnk [2013-10-24 14:38:26 | 000,000,891 | ---- | C] () -- X:\Users\Default\Desktop\OTLPE.lnk [2013-10-24 14:38:26 | 000,000,697 | ---- | C] () -- X:\Users\Default\Desktop\RogueKiller.lnk [2013-10-24 14:38:26 | 000,000,625 | ---- | C] () -- X:\Users\Default\Desktop\Opera12.lnk [2013-10-24 14:38:26 | 000,000,591 | ---- | C] () -- X:\Users\Default\Desktop\FRST.lnk [2013-10-18 14:56:41 | 000,000,182 | ---- | C] () -- C:\Users\William\Desktop\La Belle et la Bête Résumé de l'histoire.url [2013-10-10 18:31:03 | 000,000,252 | ---- | C] () -- C:\Users\William\Desktop\PGW 2013 Un tournoi League of Legends organisé par Asus - Actualités - 10-10-2013 - JeuxVideo.com.url [2013-10-07 12:04:51 | 000,000,260 | ---- | C] () -- C:\Users\William\Desktop\Escape the Fate Ungrateful  Escape The Fate Ungrateful Bundle 1  Shop the Escape the Fate Official Store.url [2013-10-06 14:10:57 | 001,275,500 | ---- | C] () -- C:\Users\William\Documents\Mumble-2013-10-06-14-10-57-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:16:17 | 000,606,188 | ---- | C] () -- C:\Users\William\Documents\Mumble-2013-10-05-21-16-17-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:16:11 | 000,563,180 | ---- | C] () -- C:\Users\William\Documents\Mumble-2013-10-05-21-16-11-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:15:14 | 000,490,778 | ---- | C] () -- C:\Users\William\Documents\ZECHT.wav [2013-10-05 21:15:04 | 000,723,080 | ---- | C] () -- C:\Users\William\Documents\Mumble-2013-10-05-21-15-04-mn1.upmania.eu-Mixdown.wav [2013-10-05 21:08:27 | 000,002,393 | ---- | C] () -- C:\Users\William\Documents\MumbleAutomaticCertificateBackup.p12 [2013-10-03 13:53:49 | 000,000,283 | ---- | C] () -- C:\Users\William\Desktop\Square Enix Boutique LIGHTNING RETURNS FINAL FANTASY XIII + Bonus de précommande [PS3].url [2013-10-02 20:21:39 | 000,001,165 | ---- | C] () -- C:\Users\William\Desktop\Driver Genius.lnk [2013-10-01 18:02:33 | 000,000,254 | ---- | C] () -- C:\Users\William\Desktop\Veste en Jean sans manches - Veste sans manches par EMP Black Premium - Référence de l'Article 260883 - à partir de 36,99 € - EMP LE MAILORDER ROCK & METAL Le Merchandising & tellement plus encore....url [2013-09-30 07:46:23 | 000,000,237 | ---- | C] () -- C:\Users\William\Desktop\League of Fucktards Flaming OP - LeagueCraft.url [2012-08-23 18:41:45 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\8F70568298.sys [2012-08-23 18:32:54 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2012-07-03 03:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012-06-09 10:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012-05-22 01:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll [2011-03-09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007-02-05 17:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [color=#E56717]========== LOP Check ==========[/color] [2013-09-27 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\.minecraft [2013-10-19 15:51:04 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\.mineria [2013-07-11 10:44:31 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Advanced [2013-03-07 19:05:42 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\AnkamaCertificates [2013-09-06 11:42:16 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\app [2013-10-08 22:00:19 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Audacity [2013-06-02 00:52:22 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\BabSolution [2012-08-23 23:09:19 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Babylon [2012-08-23 23:09:58 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\BabylonToolbar [2013-03-14 01:47:06 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013-03-05 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\DAEMON Tools Lite [2013-02-16 21:17:35 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\DealPly [2012-11-18 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\DefaultTab [2013-01-31 21:57:28 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Delta [2013-08-15 21:47:47 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Desk 365 [2013-07-04 22:07:10 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Dofus [2013-07-04 23:52:40 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Dofus-2 [2012-04-05 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2012-04-05 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2012-10-09 13:30:38 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2012-04-05 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2013-09-25 12:43:43 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Dofus2 [2013-03-09 14:43:08 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\DofusTesting [2013-03-07 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\DofusTesting-2 [2013-03-11 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\DofusTesting-3 [2013-04-16 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\DofusTesting-4 [2012-04-04 20:15:47 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Downloaded Installations [2013-09-29 11:19:13 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\eUpdate [2013-07-08 10:46:59 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\File Scout [2012-10-01 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\GameCenter [2012-05-20 16:59:26 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\GetRightToGo [2012-10-01 16:46:36 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\GoforFiles [2013-07-11 10:59:06 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\holasearch [2012-08-23 10:58:17 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Image Zone Express [2012-08-26 21:31:52 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Iminent [2012-04-04 22:44:30 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\LolClient [2012-05-24 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\LolClient2 [2012-12-29 18:00:02 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\ManyCam [2013-10-18 21:13:33 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Mumble [2012-04-04 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Nitro PDF [2013-07-05 12:29:27 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\OfferBox [2013-05-28 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\OpenOffice.org [2013-07-11 10:58:59 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\PerformerSoft [2013-09-07 16:12:01 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\PhotoFiltre [2013-09-25 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Reg [2012-04-05 00:57:30 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2013-10-13 03:05:28 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Riot Games [2012-08-26 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\SYSTEMAX Software Development [2013-10-07 21:53:47 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\TS3Client [2012-06-30 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Tuto4pc [2012-08-23 23:41:27 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Ulead Systems [2013-08-17 13:45:05 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\Uniblue [2013-09-05 19:20:32 | 000,000,000 | ---D | M] -- C:\Users\William\AppData\Roaming\WebPlayerBdd [2013-10-20 23:35:31 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Lyrics-Pal Update.job [2013-10-19 15:01:00 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\PC Performer_DEFAULT.job [2013-10-09 12:35:46 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\PC Performer_UPDATES.job [2013-10-14 00:12:07 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\PC SpeedUp Service Deactivator.job [2013-08-12 12:29:45 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013-10-20 23:32:34 | 000,001,072 | ---- | M] () -- C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job [2013-10-19 23:57:00 | 000,001,076 | ---- | M] () -- C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job [2013-10-21 00:18:42 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\SpeedUpMyPC.job [2013-10-21 00:18:42 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\spmonitor.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2013-07-11 10:41:45 | 000,073,728 | ---- | M] () -- C:\1036.MST [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010-11-20 23:29:06 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2012-04-04 20:29:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012-12-07 13:36:29 | 000,053,696 | ---- | M] () -- C:\bootsqm.dat [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013-09-26 07:28:05 | 000,000,000 | ---- | M] () -- C:\end [2013-10-24 12:30:58 | 2400,616,448 | -HS- | M] () -- C:\hiberfil.sys [2013-10-24 12:31:01 | 3200,823,296 | -HS- | M] () -- C:\pagefile.sys [2013-07-11 10:41:49 | 029,277,696 | ---- | M] () -- C:\Shark007 Advanced Codecs.msi [2012-08-23 23:09:50 | 000,000,304 | ---- | M] () -- C:\user.js [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009-07-14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys [2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys [color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color] [2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe [2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009-07-14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010-11-20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2010-11-05 23:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys [2010-11-05 23:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2011-03-11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011-03-11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011-03-11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011-03-11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010-11-20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010-11-20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [color=#A23BEC]< MD5 for: IMM32.DLL >[/color] [2010-11-20 23:29:20 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\System32\imm32.dll [2010-11-20 23:29:20 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll [color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color] [2013-08-02 07:54:18 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=071350D18F2ABC93496040F44D44F592 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_964bd085cdae14d1\kernel32.dll [2012-10-04 18:43:05 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=3ED262888758E350C29E02207AF9AC59 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll [2010-11-20 23:29:19 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll [2012-10-04 18:32:16 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=63350392C018D28C87E6FCB638DFCFE8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll [2013-08-02 03:49:19 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6933E2AFF444A7A95D5C67E98449163E -- C:\Windows\System32\kernel32.dll [2013-08-02 03:49:19 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6933E2AFF444A7A95D5C67E98449163E -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_95bf6438b4915e89\kernel32.dll [2012-11-30 07:01:46 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6D0D4B00C7CB4FA829F396A83B327894 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll [2012-08-20 19:40:01 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=6F93A0F455963DC8A9A16BB682C8D589 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll [2012-08-20 19:34:45 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=9139B25AA9CA8749A11F2BE863EF391B -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll [2011-07-16 06:54:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=921F8B3FF01501C9934CCB3C270833D7 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll [2012-11-30 06:47:44 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=AE09B85158C66E2C154C5C9B3C0027B3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll [2011-07-16 06:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll [2013-01-04 06:46:46 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=F14125F0B2ACB29963E896E3441DC30C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_965e9ef5cd9ec94a\kernel32.dll [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2013-09-07 04:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll [2010-11-20 23:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll [2013-09-08 04:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\System32\mswsock.dll [2013-09-08 04:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2012-08-22 19:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys [2012-08-22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys [2012-08-22 19:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys [2010-11-20 23:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2010-11-20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010-11-20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [color=#A23BEC]< MD5 for: NTFS.SYS >[/color] [2012-08-31 19:18:09 | 001,211,760 | ---- | M] (Microsoft Corporation) MD5=0D87503986BB3DFED58E343FE39DDE13 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_a8592bc67b451464\ntfs.sys [2010-11-20 23:29:12 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys [2013-04-12 15:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\System32\drivers\ntfs.sys [2013-04-12 15:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) MD5=5E43D2B0EE64123D4880DFA6626DEFDE -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_a870a63a7b333f99\ntfs.sys [2011-03-11 07:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys [2013-03-02 07:07:36 | 001,212,264 | ---- | M] (Microsoft Corporation) MD5=9CDAEBE5160B9AF02AE17C62BDB6C4B5 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18106_none_a88545c87b23ee60\ntfs.sys [2013-04-12 15:53:03 | 001,213,288 | ---- | M] (Microsoft Corporation) MD5=A543D7FD38F51123CA6B8B4722E4D322 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_a8ae93919489a2fa\ntfs.sys [2013-03-02 06:30:20 | 001,213,272 | ---- | M] (Microsoft Corporation) MD5=BDC9CE1B497B6C266ED70E3D34184F40 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22272_none_a8bf31f7947dec65\ntfs.sys [2011-03-11 07:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys [2012-08-31 19:01:43 | 001,212,272 | ---- | M] (Microsoft Corporation) MD5=E6C295C6F8E639957235FEE1D95077F4 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_a90ce01994435e55\ntfs.sys [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2011-03-11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011-03-11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011-03-11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011-03-11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010-11-20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010-11-20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color] [2010-11-20 23:29:21 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\System32\proquota.exe [2010-11-20 23:29:21 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2010-11-20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll [2010-11-20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll [color=#A23BEC]< MD5 for: RUNDLL32.EXE >[/color] [2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\LOLPBE\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\System32\rundll32.exe [2009-07-14 03:14:31 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=51138BEEA3E2C21EC44D0932C71762A8 -- C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color] [2010-11-20 23:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe [2012-02-11 07:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\System32\spoolsv.exe [2012-02-11 07:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=9AEA093B8F9C37CF45538382CABA2475 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe [2012-02-11 07:21:14 | 000,317,952 | ---- | M] (Microsoft Corporation) MD5=CAE10A25F936C053E41CBE0FA06FF15D -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\LOLPBE\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color] [2010-11-20 23:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll [2010-11-20 23:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2010-11-20 23:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys [2010-11-20 23:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys [2010-11-20 23:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\LOLPBE\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010-11-20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010-11-20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [color=#A23BEC]< MD5 for: WS2_32.DLL >[/color] [2010-11-20 23:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll [2010-11-20 23:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\​*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*​.sav >[/color] [color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color] [2013-10-24 12:23:54 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-18\desktop.ini [2012-04-04 19:44:57 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1417247945-650706221-736886784-1000\desktop.ini [2013-07-13 03:52:28 | 000,002,048 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1417247945-650706221-736886784-1000\$463b978021d695b0d08624843527290d\@ [2013-07-06 23:28:40 | 000,000,912 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1417247945-650706221-736886784-1000\$463b978021d695b0d08624843527290d\U\00000001.@ [2013-07-09 11:17:05 | 000,011,776 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1417247945-650706221-736886784-1000\$463b978021d695b0d08624843527290d\U\80000000.@ [2013-07-06 23:28:40 | 000,022,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1417247945-650706221-736886784-1000\$463b978021d695b0d08624843527290d\U\800000cb.@ [color=#E56717]========== Files - Unicode (All) ==========[/color] [2013-10-18 14:53:31 | 000,000,203 | ---- | M] ()(C:\Users\William\Desktop\? Falling in Reverse - Game Over (Music Video) - YouTube.url) -- C:\Users\William\Desktop\▶ Falling in Reverse - Game Over (Music Video) - YouTube.url [2013-10-18 14:53:30 | 000,000,203 | ---- | C] ()(C:\Users\William\Desktop\? Falling in Reverse - Game Over (Music Video) - YouTube.url) -- C:\Users\William\Desktop\▶ Falling in Reverse - Game Over (Music Video) - YouTube.url [2013-10-12 16:02:36 | 000,000,227 | ---- | M] ()(C:\Users\William\Desktop\? GAREN BRAVO - La macarena en Español - GOTH - YouTube.url) -- C:\Users\William\Desktop\▶ GAREN BRAVO - La macarena en Español - GOTH - YouTube.url [2013-10-12 16:02:36 | 000,000,227 | ---- | C] ()(C:\Users\William\Desktop\? GAREN BRAVO - La macarena en Español - GOTH - YouTube.url) -- C:\Users\William\Desktop\▶ GAREN BRAVO - La macarena en Español - GOTH - YouTube.url [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 183584 bytes -> c:\$recycle.bin\S-1-5-21-1417247945-650706221-736886784-1000\$463b978021d695b0d08624843527290d\@:@ < End of report >