OTL.txt (2)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:
64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:
64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16:
64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16:
64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18DB5B4C-DBC9-4136-9C29-668FA6388BD0}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2519B594-586F-4BE1-B2C1-B6EB49D8D6E5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{589C2514-96F3-4133-87E3-C1989BC81A85}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60D2801E-D56E-4CC8-AADC-70D1CE8F86E3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58F307E-A74D-45B4-B9E5-CEAAF5A78E3C}: NameServer = 192.168.1.1
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 11:41:26 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O33 - MountPoints2\{53f4325d-0623-11e1-8a81-1c6f65d75456}\Shell - "" = AutoRun
O33 - MountPoints2\{53f4325d-0623-11e1-8a81-1c6f65d75456}\Shell\AutoRun\command - "" = I:\OriginInstaller.exe
O33 - MountPoints2\{739ca686-af19-11e0-b665-1c6f65d75456}\Shell - "" = AutoRun
O33 - MountPoints2\{739ca686-af19-11e0-b665-1c6f65d75456}\Shell\AutoRun\command - "" = G:\PERMIS.EXE
O33 - MountPoints2\{a616bd95-78a3-11e1-a4d5-98eb957f1a45}\Shell - "" = AutoRun
O33 - MountPoints2\{a616bd95-78a3-11e1-a4d5-98eb957f1a45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{c3f73984-c7eb-11e0-9488-1c6f65d75456}\Shell - "" = AutoRun
O33 - MountPoints2\{c3f73984-c7eb-11e0-9488-1c6f65d75456}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\PERMIS.EXE
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\OriginInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:
64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ========== [2012/07/26 14:08:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/26 14:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/26 14:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/26 14:02:40 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Malwarebytes
[2012/07/26 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/26 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/26 14:02:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/26 14:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/26 14:01:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/07/26 11:52:24 | 004,721,680 | ---- | C] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/07/25 23:12:11 | 000,000,000 | ---D | C] -- C:\Pre_Scan
[2012/07/25 22:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/07/25 22:31:27 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/07/25 22:31:27 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/07/25 22:31:27 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/07/25 22:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/07/25 22:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/07/25 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Ad-Aware Antivirus
[2012/07/25 22:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/25 22:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/25 22:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/25 22:15:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/25 22:13:42 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\AVG Secure Search
[2012/07/25 22:13:41 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\searchquband
[2012/07/25 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\searchqutoolbar
[2012/07/24 11:28:37 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Blender Foundation
[2012/07/24 11:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jean\.thumbnails
[2012/07/24 11:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2012/07/24 11:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2012/07/17 09:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/16 09:54:54 | 000,000,000 | ---D | C] -- C:\Users\Jean\Documents\CAPCOM
[2012/07/13 18:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/13 15:11:36 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\dxhr
[2012/07/13 15:10:20 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\28050
[2012/07/12 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Braid
[2012/07/11 17:34:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 17:34:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 17:34:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 17:34:04 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 17:34:03 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/11 17:34:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 17:34:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/09 10:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/09 10:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/09 10:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/07 13:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/07/07 13:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID
[2012/07/07 13:11:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\siscardplugins
[2012/07/07 13:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\log
[2012/07/07 13:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belgium Identity Card
[2012/07/07 13:11:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\beidpp
[2012/07/07 13:11:14 | 000,044,672 | ---- | C] (Advanced Card Systems Ltd) -- C:\Windows\SysNative\drivers\a38usb.sys
[2012/07/07 13:11:14 | 000,000,000 | ---D | C] -- C:\drivers
[2012/07/06 10:37:36 | 000,000,000 | ---D | C] -- C:\Users\Jean\Documents\ManiaPlanet
[2012/07/06 10:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
[2012/07/06 10:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2012/07/06 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Downloader
[2012/07/06 10:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader
[2012/07/06 10:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloader
[2012/07/01 17:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/07/01 17:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/06/28 14:28:41 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\AliensVsPredator
========== Files - Modified Within 30 Days ========== [2012/07/26 15:57:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/07/26 15:55:22 | 000,017,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 15:55:22 | 000,017,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 15:48:24 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/26 15:47:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 15:46:57 | 2134,450,175 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 14:28:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-347495923-140499702-146862666-1000UA.job
[2012/07/26 14:16:05 | 001,854,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/26 14:16:05 | 000,813,366 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/07/26 14:16:05 | 000,720,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/26 14:16:05 | 000,174,500 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/07/26 14:16:05 | 000,146,796 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/26 14:10:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/26 14:03:59 | 000,001,106 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/26 14:03:40 | 000,000,926 | ---- | M] () -- C:\Users\Jean\Desktop\NTREGOPT.lnk
[2012/07/26 14:03:40 | 000,000,907 | ---- | M] () -- C:\Users\Jean\Desktop\ERUNT.lnk
[2012/07/26 14:02:32 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/26 14:00:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
[2012/07/26 13:41:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 11:52:19 | 004,721,680 | ---- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2012/07/26 09:41:42 | 102,174,216 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/25 22:25:51 | 000,001,284 | ---- | M] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/25 22:25:51 | 000,001,260 | ---- | M] () -- C:\Users\Jean\Desktop\Spybot - Search & Destroy.lnk
[2012/07/25 22:13:48 | 000,027,520 | ---- | M] () -- C:\Users\Jean\AppData\Local\dt.dat
[2012/07/25 17:41:35 | 000,444,244 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/24 11:23:35 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2012/07/24 09:28:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-347495923-140499702-146862666-1000Core.job
[2012/07/23 21:47:59 | 000,000,132 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/13 18:31:59 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/12 21:10:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 21:10:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 09:29:05 | 004,978,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/07 13:11:23 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\eID Viewer.lnk
[2012/07/07 13:11:23 | 000,000,970 | ---- | M] () -- C:\Windows\beidgui.conf
[2012/07/07 13:11:14 | 000,137,216 | ---- | M] () -- C:\Windows\SysNative\usbr38.dll
[2012/07/07 13:11:14 | 000,044,672 | ---- | M] (Advanced Card Systems Ltd) -- C:\Windows\SysNative\drivers\a38usb.sys
[2012/07/06 10:37:34 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ========== [2012/07/26 15:57:14 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/07/26 14:09:48 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{c41565f6-15e1-163e-b027-6963c2cad5ab}\U\80000000.@
[2012/07/26 14:09:43 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{c41565f6-15e1-163e-b027-6963c2cad5ab}\U\00000001.@
[2012/07/26 14:03:59 | 000,001,106 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/26 14:03:40 | 000,000,926 | ---- | C] () -- C:\Users\Jean\Desktop\NTREGOPT.lnk
[2012/07/26 14:03:40 | 000,000,907 | ---- | C] () -- C:\Users\Jean\Desktop\ERUNT.lnk
[2012/07/26 14:02:32 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 22:25:51 | 000,001,284 | ---- | C] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/25 22:25:51 | 000,001,260 | ---- | C] () -- C:\Users\Jean\Desktop\Spybot - Search & Destroy.lnk
[2012/07/25 22:13:48 | 000,027,520 | ---- | C] () -- C:\Users\Jean\AppData\Local\dt.dat
[2012/07/25 22:12:36 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{c41565f6-15e1-163e-b027-6963c2cad5ab}\U\800000cb.@
[2012/07/24 11:23:35 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2012/07/13 18:31:59 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/13 18:31:43 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/13 18:31:43 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 13:11:23 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\eID Viewer.lnk
[2012/07/07 13:11:14 | 000,137,216 | ---- | C] () -- C:\Windows\SysNative\usbr38.dll
[2012/07/06 10:37:34 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk
[2012/06/17 20:09:37 | 000,039,936 | ---- | C] () -- C:\Users\Jean\murmur.sqlite
[2012/06/17 14:51:34 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/05/15 20:03:10 | 000,001,722 | ---- | C] () -- C:\Users\Jean\AppData\Local\recently-used.xbel
[2012/05/15 12:55:45 | 011,595,776 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\Sandra.mdb
[2012/05/15 12:55:45 | 000,000,064 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\Sandra.ldb
[2012/04/16 15:26:53 | 000,000,157 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/06 18:52:13 | 000,001,753 | ---- | C] () -- C:\Users\Jean\clip
[2012/01/30 09:12:51 | 000,000,600 | ---- | C] () -- C:\Users\Jean\AppData\Local\PUTTY.RND
[2012/01/19 15:23:08 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012/01/11 16:31:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c41565f6-15e1-163e-b027-6963c2cad5ab}\@
[2012/01/11 16:31:27 | 000,002,048 | -HS- | C] () -- C:\Users\Jean\AppData\Local\{c41565f6-15e1-163e-b027-6963c2cad5ab}\@
[2011/11/29 14:10:02 | 000,001,046 | ---- | C] () -- C:\Users\Jean\AppData\Local\Cracklock.settings
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/24 16:24:22 | 000,000,036 | ---- | C] () -- C:\Users\Jean\.org.eclipse.epp.usagedata.recording.userId
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/12 17:05:22 | 000,000,079 | ---- | C] () -- C:\Users\Jean\AppData\Local\CrystalDiskMark30.ini
[2011/09/08 15:33:08 | 001,832,056 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/30 09:44:08 | 000,000,102 | ---- | C] () -- C:\Windows\permis.ini
[2011/07/27 15:42:42 | 000,000,132 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/15 23:53:01 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/15 23:52:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/15 23:52:52 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/06/28 11:18:42 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\belpicppgui.dll
[2011/06/19 16:18:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/19 16:06:13 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/06/19 16:00:42 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== LOP Check ========== [2012/07/26 14:11:36 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Ad-Aware Antivirus
[2011/09/04 23:30:56 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Atari
[2012/06/17 15:01:46 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Audacity
[2012/07/25 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\AVG Secure Search
[2012/02/12 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\AVG2012
[2012/01/06 18:39:28 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Beat Hazard
[2012/07/24 11:28:37 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Blender Foundation
[2012/07/12 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Braid
[2011/06/19 22:21:42 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Canneverbe Limited
[2012/06/02 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\DAEMON Tools Lite
[2012/04/19 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\DB-Main
[2012/07/26 15:48:25 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Dropbox
[2012/02/10 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\EurekaLog
[2012/06/28 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\FileZilla
[2011/10/11 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\fltk.org
[2012/06/17 14:57:15 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\FreeAudioPack
[2012/02/14 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\FreeFLVConverter
[2011/10/19 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\GameRanger
[2011/06/27 09:19:34 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Home Media Center
[2011/09/04 12:51:38 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\JAM Software
[2011/06/19 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Leadertech
[2011/08/17 18:17:27 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\LolClient
[2012/03/04 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\LOVE
[2012/06/17 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Mount&Blade Warband
[2012/06/17 21:20:30 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Mumble
[2011/06/23 10:00:31 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Notepad++
[2012/01/14 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Origin
[2011/07/11 09:44:31 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\pokerth
[2012/05/29 17:06:07 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Rainmeter
[2012/02/27 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\RotMG.Production
[2012/07/25 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\searchquband
[2012/07/25 22:13:52 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\searchqutoolbar
[2011/11/14 20:37:09 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Simple Logiciel
[2012/06/29 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Spotify
[2011/07/18 21:53:08 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\System
[2012/03/26 10:02:56 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\SystemRequirementsLab
[2011/07/17 04:41:21 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Teeworlds
[2011/11/15 14:28:46 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Thinstall
[2011/11/22 22:24:51 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\thriXXX
[2012/03/06 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\TS3Client
[2011/12/20 15:58:14 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\ts3overlay
[2011/09/26 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\TuneUp Software
[2012/07/25 22:10:36 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\uTorrent
[2011/06/27 09:19:45 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Verimatrix
[2011/11/24 23:57:01 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\XRay Engine
[2012/06/20 08:41:08 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: CTFMON.EXE >[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
< MD5 for: EXPLORER.EXE >[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USERINIT.EXE >[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles >< End of report >