SRV - File not found [Disabled] --  -- (HidServ)
SRV - [2013/05/18 02:44:51 | 000,120,832 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Documents and Settings\All Users\Application Data\jbdjm.dat -- (winmgmt)
SRV - [2013/03/19 09:17:14 | 000,968,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/11/01 22:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/07/12 13:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/02/13 22:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/19 08:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/09/06 13:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/08/03 03:22:58 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/08/07 05:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/03/22 13:11:48 | 000,107,568 | ---- | M] (Infineon Technologies AG ) [Auto] -- C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE -- (PersonalSecureDriveService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (VcommMgr)
DRV - File not found [Kernel | On_Demand] --  -- (VComm)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (netrp)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | Boot] --  -- (BTHidMgr)
DRV - File not found [Kernel | Boot] --  -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand] --  -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand] --  -- (BT)
DRV - File not found [Kernel | On_Demand] --  -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand] --  -- (BlueletAudio)
DRV - [2013/04/10 21:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/19 09:17:31 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/09 22:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/07 22:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/18 22:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/30 22:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 07:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 07:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 07:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/11/29 01:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 01:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 09:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/14 01:49:59 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/08/03 03:22:58 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 04:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 04:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 04:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/04/17 10:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/16 06:24:36 | 000,029,184 | ---- | M] (BenQ Mobile GmbH & Co. OHG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser)
DRV - [2005/10/29 00:12:32 | 001,391,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/18 10:34:22 | 000,047,744 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2005/07/18 10:34:18 | 000,015,264 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2005/01/07 11:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/26 03:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/03/22 13:11:14 | 000,034,520 | ---- | M] (Infineon Technologies AG ) [Kernel | System] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2004/03/12 18:10:28 | 000,032,640 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2003/02/19 09:04:38 | 000,041,344 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comfor.cz
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
 
IE - HKU\Menk_2_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Menk_2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\Menk_2_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Menk_2_ON_C\..\URLSearchHook: {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - Reg Error: Key error. File not found
IE - HKU\Menk_2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Menk_3_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
IE - HKU\Menk_3_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Menk_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Menk_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\Menk_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Menk_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Menk_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Menk_ON_C\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\Menk_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\Menk_ON_C\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKU\Menk_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comfor.cz
 
 
[color=#E56717]========== FireFox ==========[/color]
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Menk\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Menk\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/05/15 11:39:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2013/01/31 09:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/03/19 09:22:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 13:10:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/02 09:38:39 | 000,000,000 | ---D | M]
 
[2009/08/13 06:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Menk\Application Data\Mozilla\Extensions
[2009/08/13 06:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Menk\Application Data\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2009/08/13 06:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Menk\Application Data\Mozilla\Extensions\XulPlayer
[2010/11/07 08:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Menk\Application Data\Mozilla\Firefox\Profiles\19nsb03v.default\extensions
[2010/11/07 08:22:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Menk\Application Data\Mozilla\Firefox\Profiles\19nsb03v.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/06/16 14:08:24 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Menk\Application Data\Mozilla\Firefox\Profiles\19nsb03v.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/02/16 15:43:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Menk\Application Data\Mozilla\Firefox\Profiles\19nsb03v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2012/07/02 09:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/13 13:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/11/17 12:58:35 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/19 13:23:20 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/19 13:23:20 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/19 13:23:21 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/19 13:23:21 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/19 13:23:21 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/10/13 13:10:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/03/19 09:23:48 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2008/11/17 12:58:51 | 000,001,118 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\centrum-cz.xml
[2008/11/17 12:58:52 | 000,000,661 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2008/11/17 12:58:52 | 000,001,674 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2008/11/17 12:58:52 | 000,001,302 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2008/11/17 12:58:52 | 000,000,765 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
 
O1 HOSTS File: ([2009/08/23 05:58:58 | 000,000,753 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (BTjunkie Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BTjunkie Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BTjunkie Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Menk_2_ON_C\..\Toolbar\ShellBrowser: (no name) - {1A71246C-3EB0-4D6C-AF77-3AB756017C3A} - No CLSID value found.
O3 - HKU\Menk_2_ON_C\..\Toolbar\ShellBrowser: (BTjunkie Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Menk_2_ON_C\..\Toolbar\WebBrowser: (BTjunkie Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Menk_3_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\Menk_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\Menk_ON_C\..\Toolbar\WebBrowser: (BTjunkie Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Menk_ON_C\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [602PC SUITE PDF Saver] C:\Program Files\Common Files\soft602\pdfSaver.exe ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IfxSecurePlatformIndication] C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [Jigsaw]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [pdfSaver3]  File not found
O4 - HKLM..\Run: [PSDruntime] C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG )
O4 - HKLM..\Run: [VDownloader]  File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\Administrator_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Menk_2_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Menk_2_ON_C..\Run: [ctfmon.exe] C:\Documents and Settings\All Users\Application Data\jbdjm.dat (Microsoft Corporation)
O4 - HKU\Menk_2_ON_C..\Run: [pdfSaver3] C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKU\Menk_2_ON_C..\Run: [Rainlendar2]  File not found
O4 - HKU\Menk_2_ON_C..\Run: [swg]  File not found
O4 - HKU\Menk_3_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Menk_3_ON_C..\Run: [ctfmon.exe] C:\Documents and Settings\All Users\Application Data\jbdjm.dat (Microsoft Corporation)
O4 - HKU\Menk_ON_C..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\Menk_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Menk_ON_C..\Run: [ctfmon.exe] C:\Documents and Settings\All Users\Application Data\jbdjm.dat (Microsoft Corporation)
O4 - HKU\Menk_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Menk_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\Menk_ON_C..\Run: [pdfSaver3] C:\Program Files\PDF\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKU\Menk_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Menk\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Menk\Start Menu\Programs\Startup\msconfig.lnk =  File not found
O4 - Startup: C:\Documents and Settings\Menk\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Menk 2\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Menk 3\Start Menu\Programs\Startup\msconfig.lnk =  File not found
O4 - Startup: C:\Documents and Settings\Menk 3\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Menk_2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Menk_3_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Menk_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Menk_2_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Menk_2_ON_C Winlogon: Shell - (C:\Documents and Settings\Menk 2\Application Data\msconfig.dat) -  File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll -  File not found
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\netprp: DllName - netprp.dll -  File not found
O20 - Winlogon\Notify\PSDNtfy: DllName - C:\Program Files\Infineon\Security Platform Software\PSDNtfy.dll - C:\Program Files\Infineon\Security Platform Software\PSDNtfy.dll (Infineon Technologies AG )
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/16 04:55:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: winmgmt - C:\Documents and Settings\All Users\Application Data\jbdjm.dat (Microsoft Corporation)
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvid.dll ()
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Ad-Aware Service - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: netrp.sys -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\Documents and Settings\All Users\Application Data\jbdjm.dat (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Ad-Aware Service - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: netrp.sys -  File not found
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\Documents and Settings\All Users\Application Data\jbdjm.dat (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/05/23 12:15:03 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/05/18 07:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Ad-Aware Antivirus
[2013/05/18 02:44:35 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\jbdjm.dat
[2013/05/18 02:44:29 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\ewijdo.dat
[2013/05/18 02:44:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[73 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/05/25 03:01:14 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mjdbj.pad
[2013/05/25 03:01:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/05/25 02:59:33 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 02:59:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3633933131-1372549331-1228847700-1006.job
[2013/05/25 02:59:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3633933131-1372549331-1228847700-1005.job
[2013/05/25 02:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/25 02:59:12 | 1609,351,168 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 02:40:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/21 23:22:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1005UA.job
[2013/05/21 15:56:02 | 000,003,051 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mjdbj.js
[2013/05/19 06:17:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/19 05:54:50 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1006UA.job
[2013/05/18 08:29:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Menk\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 07:32:49 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 03:37:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/18 03:36:02 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Menk 2\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 03:02:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Menk 3\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 02:59:59 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\odjiwe.pad
[2013/05/18 02:54:29 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1006Core.job
[2013/05/18 02:46:45 | 119,933,929 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/05/18 02:44:51 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\jbdjm.dat
[2013/05/18 02:44:42 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\ewijdo.dat
[2013/05/18 02:44:25 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/18 02:22:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1005Core.job
[2013/05/17 11:56:10 | 000,449,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/17 11:56:10 | 000,075,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/17 11:04:50 | 119,882,685 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2013/05/15 23:26:44 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 11:54:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/15 11:39:45 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2013/05/15 11:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/05/01 12:41:50 | 000,236,209 | ---- | M] () -- C:\Documents and Settings\Menk 3\My Documents\2_wtu315sch.jpg
[2013/05/01 12:28:32 | 000,020,911 | ---- | M] () -- C:\Documents and Settings\Menk 3\My Documents\2_zu315sch.jpg
[73 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/05/21 15:56:02 | 000,003,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mjdbj.js
[2013/05/19 13:39:44 | 1609,351,168 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/18 08:29:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Menk\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 07:32:47 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 03:34:58 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Menk 2\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 03:02:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Menk 3\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/18 02:45:52 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\odjiwe.pad
[2013/05/18 02:45:01 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mjdbj.pad
[2013/05/01 12:28:32 | 000,020,911 | ---- | C] () -- C:\Documents and Settings\Menk 3\My Documents\2_zu315sch.jpg
[2013/05/01 12:28:10 | 000,236,209 | ---- | C] () -- C:\Documents and Settings\Menk 3\My Documents\2_wtu315sch.jpg
[2013/03/24 08:32:49 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Menk 3\Local Settings\Application Data\fusioncache.dat
[2013/02/04 13:35:25 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/12/04 12:21:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Menk 3\Application Data\$_hpcst$.hpc
[2012/11/21 11:44:50 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Menk 2\Application Data\msconfig.ini
[2012/08/12 07:28:26 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Menk 2\Local Settings\Application Data\dt.dat
[2012/07/02 09:49:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
[2012/07/02 09:41:34 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/02/16 09:44:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/02 06:04:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/08/02 06:04:39 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/08/02 06:04:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Menk\Application Data\$_hpcst$.hpc
[2011/06/13 04:17:36 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2011/06/13 04:17:34 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/06/01 08:14:42 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Menk\.recently-used.xbel
[2011/03/17 15:38:26 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/02/24 12:38:10 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/11/08 15:50:06 | 000,000,437 | ---- | C] () -- C:\WINDOWS\Marias.ini
[2010/10/18 12:26:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/02 00:06:48 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Menk 2\Local Settings\Application Data\fusioncache.dat
[2009/09/26 03:35:47 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2009/09/23 12:16:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/15 11:56:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/14 10:16:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI
[2009/06/30 17:43:56 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/06/03 00:27:34 | 000,000,109 | -HS- | C] () -- C:\WINDOWS\System32\283827690.dat
[2009/05/31 00:05:40 | 000,000,288 | ---- | C] () -- C:\WINDOWS\WINCARDS.INI
[2009/05/30 14:51:18 | 000,000,969 | ---- | C] () -- C:\WINDOWS\Seahaven.ini
[2009/05/30 14:37:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\NAMEGAME.INI
[2009/05/30 14:24:53 | 000,000,024 | ---- | C] () -- C:\WINDOWS\PATIENCE.INI
[2009/04/15 23:44:58 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/03/06 16:58:46 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Menk 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/06 15:40:22 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Menk 2\default.pls
[2009/02/18 18:52:44 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/02/18 18:52:42 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/02/18 18:52:32 | 000,183,112 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/01/22 11:02:37 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ae.INI
[2008/12/30 03:07:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/12/21 03:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SMessenger.INI
[2008/11/03 13:54:06 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\dwin8283.dat
[2008/10/20 10:27:55 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\nxg.bin
[2008/10/13 10:29:39 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Menk\default.pls
[2008/10/04 06:23:41 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Menk\Local Settings\Application Data\fusioncache.dat
[2008/10/01 10:34:49 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wowCP.ini
[2008/09/30 11:32:18 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2008/09/30 11:32:18 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2008/09/30 11:32:18 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2008/09/27 09:20:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 09:14:03 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Menk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 03:20:18 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/08/16 06:59:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/16 06:45:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/16 06:45:03 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/16 06:36:43 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/16 06:36:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/16 05:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/16 04:51:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 08:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/18 10:34:22 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys
[2005/07/18 10:34:18 | 000,015,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys
[2004/07/12 17:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/06/27 15:49:42 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/06/27 13:15:12 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2001/12/31 18:35:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[1997/06/17 18:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/17 18:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/17 18:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/03/31 18:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1979/12/31 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1979/12/31 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 20:00:00 | 000,449,696 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 20:00:00 | 000,110,293 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[1979/12/31 20:00:00 | 000,075,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1979/12/31 20:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1979/12/31 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 20:00:00 | 000,000,844 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1979/12/31 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/08/16 06:46:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Infineon
[2006/08/16 06:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2011/09/09 17:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/12/13 02:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2011/05/16 23:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\aAvgApi
[2013/02/12 13:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\Ad-Aware Antivirus
[2012/06/11 10:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\AVG Secure Search
[2011/09/15 09:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\AVG2012
[2011/05/29 23:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\AVGTOOLBAR
[2011/02/17 03:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\COWON
[2009/03/06 16:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\DAEMON Tools
[2009/03/06 16:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\DAEMON Tools Lite
[2009/03/06 16:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\DAEMON Tools Pro
[2010/01/23 13:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\flightgear.org
[2009/11/08 14:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\fltk.org
[2010/01/15 11:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\Gearbox Software
[2008/10/03 10:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\ICQ
[2006/08/16 06:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\Infineon
[2010/06/09 10:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\Nokia
[2009/02/24 10:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\OpenOffice.org
[2009/02/24 10:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\OpenOffice.org3
[2008/10/10 23:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\Opera
[2010/06/09 10:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\PC Suite
[2010/04/07 04:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\PCenter
[2013/02/23 03:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\ProfiCAD
[2008/11/09 14:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 2\Application Data\Software602
[2012/12/19 00:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\Ad-Aware Antivirus
[2012/12/02 03:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\AVG Secure Search
[2012/12/01 08:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\AVG2012
[2006/08/16 06:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\Infineon
[2012/12/02 03:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\OpenOffice.org
[2012/12/01 08:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\Opera
[2012/12/04 12:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\PC Suite
[2013/02/04 13:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\ProfiCAD
[2012/12/04 12:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk 3\Application Data\Samsung
[2011/05/16 12:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\aAvgApi
[2012/12/17 06:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Ad-Aware Antivirus
[2012/08/06 09:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Applian FLV and Media Player
[2010/11/21 07:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Audacity
[2012/06/09 14:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\AVG Secure Search
[2011/09/10 03:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\AVG2012
[2011/09/10 03:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\AVGTOOLBAR
[2009/08/13 06:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Broad Intelligence
[2013/01/05 13:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\bwincom
[2013/02/14 13:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\cef-cache
[2010/07/09 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\COWON
[2009/02/05 13:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\DAEMON Tools
[2009/05/16 10:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\DAEMON Tools Lite
[2009/02/05 13:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\DAEMON Tools Pro
[2009/07/09 11:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\FarmingSimulator2008
[2009/02/08 11:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\flightgear.org
[2010/02/11 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\fltk.org
[2010/07/29 18:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Free Audio Editor
[2011/06/17 07:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\FreeBurner
[2010/01/01 20:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Gearbox Software
[2011/06/01 08:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\gtk-2.0
[2013/04/03 11:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\ICQ
[2006/08/16 06:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Infineon
[2009/02/18 18:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Leadertech
[2010/07/29 10:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\MobMapUpdater
[2009/05/24 13:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Mount&Blade
[2011/02/01 00:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\n-Track Software Data
[2011/02/01 00:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\n-Track Studio6
[2013/01/05 13:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Nvu
[2009/02/24 12:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\OpenOffice.org
[2009/02/24 00:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\OpenOffice.org3
[2008/10/08 10:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Opera
[2011/08/02 06:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\PC Suite
[2011/06/24 08:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\PriceGong
[2011/08/02 06:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Samsung
[2008/09/30 11:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Software602
[2012/03/17 04:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Sony
[2009/08/25 04:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Spy Emergency(2)
[2010/01/01 09:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\TuneUp Software
[2012/08/31 08:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\uTorrent
[2009/06/30 17:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\vghd
[2012/09/12 15:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Youtube to MP3 Converter
[2008/11/03 13:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Menk\Application Data\Zoner
[2013/05/18 07:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Ad-Aware Antivirus
[2009/06/15 11:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\18747654
[2009/05/16 11:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\19Rgeit2iTqrf7M2Ql65
[2012/12/13 02:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2009/05/06 11:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/07/11 06:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/10 03:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/17 13:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/24 07:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/02 09:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2011/09/10 03:15:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/05 13:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/09/04 10:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/05/22 06:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2009/05/06 11:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2011/05/24 09:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2008/11/17 05:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
[2010/11/07 08:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008/11/29 03:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2013/05/15 11:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/08/23 03:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGATE
[2008/12/14 06:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptiTex
[2010/06/09 10:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/05/18 09:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2009/05/16 11:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\t01x97GIiTqrf7M2Q
[2012/03/16 00:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/15 11:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2010/01/01 09:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/05/19 12:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/03/31 07:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2011/03/29 20:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{888803CF-24CB-4360-955A-9B6EE8BEEDC1}
[2010/01/01 08:49:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/04/21 06:00:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2010/01/23 08:01:20 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
 
 
[color=#A23BEC]< MD5 for: ACPI.SYS  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:acpi.sys
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:acpi.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:acpi.sys
[2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\drivers\acpi.sys
[2006/03/15 10:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=A10C7534F7223F4A73A948967D00E69B -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
 
[color=#A23BEC]< MD5 for: AFD.SYS  >[/color]
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2006/03/15 10:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/15 10:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: AUTOCHK.EXE  >[/color]
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006/03/15 10:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\I386\AUTOCHK.EXE
[2006/03/15 10:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006/03/15 10:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: CMD.EXE  >[/color]
[2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=6D778E0F95447E6546553EEEA709D03C -- C:\WINDOWS\ServicePackFiles\i386\cmd.exe
[2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=6D778E0F95447E6546553EEEA709D03C -- C:\WINDOWS\system32\cmd.exe
[2006/03/15 10:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) MD5=EEB024F2C81F0D55936FB825D21A91D6 -- C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
 
[color=#A23BEC]< MD5 for: CRYPTSVC.DLL  >[/color]
[2006/03/15 10:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: CSRSS.EXE  >[/color]
[2008/04/13 20:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 20:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2006/03/15 10:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/15 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/03/15 10:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
[color=#A23BEC]< MD5 for: FASTFAT.SYS  >[/color]
[2006/03/15 10:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
[2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
[2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:hal.dll
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008/04/13 14:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008/04/13 14:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2006/03/15 10:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
 
[color=#A23BEC]< MD5 for: I8042PRT.SYS  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:i8042prt.sys
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2006/03/15 10:00:00 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
 
[color=#A23BEC]< MD5 for: ISAPNP.SYS  >[/color]
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001/08/17 07:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2006/03/15 10:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
 
[color=#A23BEC]< MD5 for: KBDCLASS.SYS  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:kbdclass.sys
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2006/03/15 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys
 
[color=#A23BEC]< MD5 for: LSASS.EXE  >[/color]
[2006/03/15 10:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006/03/15 10:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/15 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: NTFS.SYS  >[/color]
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2006/03/15 10:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\I386\NTFS.SYS
[2006/03/15 10:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
 
[color=#A23BEC]< MD5 for: NTKRNLPA.EXE  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:ntkrnlpa.exe
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntkrnlpa.exe
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntkrnlpa.exe
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntkrnlpa.exe
[2012/04/11 08:42:22 | 002,069,120 | ---- | M] (Microsoft Corporation) MD5=063A0F8A90D8E2B802E5243FE9AABCF3 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[2012/04/11 08:35:52 | 002,069,120 | ---- | M] (Microsoft Corporation) MD5=0C9E44D256948FA68AE10D67984862CE -- C:\WINDOWS\$NtUninstallKB2707511$\ntkrnlpa.exe
[2008/04/13 14:31:21 | 002,065,792 | ---- | M] (Microsoft Corporation) MD5=109F8E3E3C82E337BB71B6BC9B895D61 -- C:\WINDOWS\$NtUninstallKB956572$\ntkrnlpa.exe
[2008/04/13 14:31:21 | 002,065,792 | ---- | M] (Microsoft Corporation) MD5=109F8E3E3C82E337BB71B6BC9B895D61 -- C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
[2013/01/06 20:45:13 | 002,069,760 | ---- | M] (Microsoft Corporation) MD5=1251D608DFCE4B6801AD27A59B74985C -- C:\WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[2009/02/06 12:49:02 | 002,057,728 | ---- | M] (Microsoft Corporation) MD5=3006410E24772CC6953F0B5C01BEB35F -- C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
[2009/08/04 12:47:50 | 002,066,176 | ---- | M] (Microsoft Corporation) MD5=363B2BBEE0AEDC9E5433616D0AD0236A -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[2008/08/14 05:33:16 | 002,066,048 | ---- | M] (Microsoft Corporation) MD5=4AC58F03EB94A72809949D757FC39D80 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[2009/02/07 13:02:58 | 002,066,048 | ---- | M] (Microsoft Corporation) MD5=5BA7F2141BC6DB06100D0E5A732C617A -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[2009/02/07 13:02:58 | 002,066,048 | ---- | M] (Microsoft Corporation) MD5=5BA7F2141BC6DB06100D0E5A732C617A -- C:\WINDOWS\$NtUninstallKB971486$\ntkrnlpa.exe
[2012/05/04 08:32:19 | 002,069,120 | ---- | M] (Microsoft Corporation) MD5=5DD80D56AF1CEFBFF4F25951069B55BB -- C:\WINDOWS\$NtUninstallKB2724197$\ntkrnlpa.exe
[2009/02/06 06:30:40 | 002,066,176 | ---- | M] (Microsoft Corporation) MD5=607352B9CB3D708C67F6039097801B5A -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[2008/08/14 05:18:44 | 002,062,976 | ---- | M] (Microsoft Corporation) MD5=63EC865DFF6CCFC7BEF94B5C50297CAD -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[2009/08/04 10:20:08 | 002,066,048 | ---- | M] (Microsoft Corporation) MD5=7437BA6F538E89381A2E3643AED296C7 -- C:\WINDOWS\$NtUninstallKB977165$\ntkrnlpa.exe
[2010/04/28 01:14:16 | 002,066,944 | ---- | M] (Microsoft Corporation) MD5=756362706DE8BC92F11E197C98A73844 -- C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[2005/03/01 20:34:40 | 002,056,832 | ---- | M] (Microsoft Corporation) MD5=81013F36B21C7F72CF784CC6731E0002 -- C:\WINDOWS\$NtUninstallKB956841_0$\ntkrnlpa.exe
[2010/12/09 09:07:05 | 002,069,376 | ---- | M] (Microsoft Corporation) MD5=84FF488E249DBD2050EB39EA81C6F5C2 -- C:\WINDOWS\$NtUninstallKB2633171$\ntkrnlpa.exe
[2013/01/06 20:36:58 | 002,069,760 | ---- | M] (Microsoft Corporation) MD5=864E6F476699C1E3E020CE66462785FE -- C:\WINDOWS\$NtUninstallKB2813170$\ntkrnlpa.exe
[2012/05/04 08:41:08 | 002,069,120 | ---- | M] (Microsoft Corporation) MD5=8E99A0CE02C1BEDA6C0935A4DDE9CEAA -- C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[2013/03/06 20:50:28 | 002,070,016 | ---- | M] (Microsoft Corporation) MD5=9C8E896FCF103F943EB3F405A974447D -- C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
[2013/03/06 20:50:28 | 002,070,016 | ---- | M] (Microsoft Corporation) MD5=9C8E896FCF103F943EB3F405A974447D -- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
[2013/03/06 20:50:28 | 002,070,016 | ---- | M] (Microsoft Corporation) MD5=9C8E896FCF103F943EB3F405A974447D -- C:\WINDOWS\system32\ntkrnlpa.exe
[2009/02/06 05:49:25 | 002,062,976 | ---- | M] (Microsoft Corporation) MD5=9D832AF3FD1917DB0E1E8B2F000A2E3A -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[2013/03/06 20:53:34 | 002,070,016 | ---- | M] (Microsoft Corporation) MD5=9EBEDA306E5EABDABCFF8B695FCD4CD6 -- C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) MD5=A046C627EC20456E2959B7BD628E1FD0 -- C:\WINDOWS\$NtUninstallKB981852$\ntkrnlpa.exe
[2008/08/14 09:39:46 | 002,066,048 | ---- | M] (Microsoft Corporation) MD5=A25E9B86EFFB2AF33BF51E676B68BFB0 -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[2009/12/08 14:43:50 | 002,066,048 | ---- | M] (Microsoft Corporation) MD5=A6683E23468776F75EB2D8C6A02AAD3B -- C:\WINDOWS\$NtUninstallKB979683$\ntkrnlpa.exe
[2012/08/21 08:58:06 | 002,069,632 | ---- | M] (Microsoft Corporation) MD5=B2D4FD49DDEF6DEF6900DAAC5730F425 -- C:\WINDOWS\$NtUninstallKB2799494$\ntkrnlpa.exe
[2012/08/21 09:05:55 | 002,069,632 | ---- | M] (Microsoft Corporation) MD5=B326D5E256D2F32B23E64F49DEBCE31B -- C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[2008/08/14 05:22:13 | 002,057,728 | ---- | M] (Microsoft Corporation) MD5=BA002228743B6824D87F0551DBC86D45 -- C:\WINDOWS\$NtUninstallKB956572_0$\ntkrnlpa.exe
[2011/10/25 08:52:03 | 002,069,376 | ---- | M] (Microsoft Corporation) MD5=CE1A2FEDBD001ECDC5AD1975AFAD040A -- C:\WINDOWS\$NtUninstallKB2676562$\ntkrnlpa.exe
[2005/03/01 10:36:42 | 002,056,832 | ---- | M] (Microsoft Corporation) MD5=D8ABA3EAB509627E707A3B14F00FBB6B -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[2011/10/25 08:52:32 | 002,069,376 | ---- | M] (Microsoft Corporation) MD5=DB19FFF0C805664CB95062C027B11FE9 -- C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[2010/04/27 09:05:00 | 002,066,816 | ---- | M] (Microsoft Corporation) MD5=DC57ABED7BDE1487E658968B4423BED7 -- C:\WINDOWS\$NtUninstallKB2393802$\ntkrnlpa.exe
[2010/02/16 08:12:52 | 002,066,944 | ---- | M] (Microsoft Corporation) MD5=DED8B5A89B085284634502E9D75AC78C -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[2010/12/09 13:39:28 | 002,069,376 | ---- | M] (Microsoft Corporation) MD5=F67CD97282E0ABFAF91A9A1359B16F2D -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[2009/12/08 18:10:32 | 002,066,176 | ---- | M] (Microsoft Corporation) MD5=FFDCE1EEA79C678C40237D4E031E5B51 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
 
[color=#A23BEC]< MD5 for: NTOSKRNL.EXE  >[/color]
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:ntoskrnl.exe
[2006/03/15 10:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2009/04/17 10:18:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2009/12/08 18:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2012/05/04 09:20:50 | 002,192,640 | ---- | M] (Microsoft Corporation) MD5=099A0F80A563EBE935F4A9750F96C219 -- C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2008/08/14 06:00:45 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=21C91DA9CB53AA8A37041BA9684A8458 -- C:\WINDOWS\$NtUninstallKB956572_0$\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 10:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2013/03/06 21:28:24 | 002,193,408 | ---- | M] (Microsoft Corporation) MD5=3FD65320312C8411B72E33DA8661D36A -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2013/03/06 21:28:24 | 002,193,408 | ---- | M] (Microsoft Corporation) MD5=3FD65320312C8411B72E33DA8661D36A -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2013/03/06 21:28:24 | 002,193,408 | ---- | M] (Microsoft Corporation) MD5=3FD65320312C8411B72E33DA8661D36A -- C:\WINDOWS\system32\ntoskrnl.exe
[2010/04/27 22:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=472059774023F80EB7227EAF9A7ACDA1 -- C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe
[2012/08/21 09:29:19 | 002,192,896 | ---- | M] (Microsoft Corporation) MD5=49FB9F4A7CE25B82B1E00C402783F5C5 -- C:\WINDOWS\$NtUninstallKB2799494$\ntoskrnl.exe
[2005/03/01 20:59:53 | 002,179,328 | ---- | M] (Microsoft Corporation) MD5=4D4CF2C14550A4B7718E94A6E581856E -- C:\WINDOWS\$NtUninstallKB956841_0$\ntoskrnl.exe
[2012/04/11 09:10:58 | 002,192,640 | ---- | M] (Microsoft Corporation) MD5=536168936EBF326E36C655EC5AE34B03 -- C:\WINDOWS\$NtUninstallKB2707511$\ntoskrnl.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=64C1ADF6DF629F340C5A439FE0EF8ED1 -- C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe
[2009/02/06 06:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2009/08/04 14:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[2011/10/25 09:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=892CDDFF7EF96951B9B0B50974070E47 -- C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe
[2012/04/11 09:22:15 | 002,192,640 | ---- | M] (Microsoft Corporation) MD5=8D061BB825BC606C2B1C6F7452D1BAAA -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[2013/03/06 21:31:48 | 002,193,536 | ---- | M] (Microsoft Corporation) MD5=9FC16E5EBFE88F3C844FFE2E6CB7F1E8 -- C:\WINDOWS\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[2010/04/27 09:50:44 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=A2ABBEC40CDB57454645D06B7EBD22F5 -- C:\WINDOWS\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[2010/12/09 09:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2013/01/06 21:28:34 | 002,193,152 | ---- | M] (Microsoft Corporation) MD5=AE2FEE63789F5DF6B19DD9A39E26D03E -- C:\WINDOWS\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[2013/01/06 21:16:02 | 002,193,024 | ---- | M] (Microsoft Corporation) MD5=CB8E341AFD9042EE70E51715D9A23B1E -- C:\WINDOWS\$NtUninstallKB2813170$\ntoskrnl.exe
[2008/08/14 05:57:20 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=CE69DBD54221F2D40E49FF6DB77C6507 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[2010/02/17 03:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=D41C3CBAD0E1C0728D1CDFD541F60CFA -- C:\WINDOWS\$NtUninstallKB981852$\ntoskrnl.exe
[2012/05/04 09:12:30 | 002,192,640 | ---- | M] (Microsoft Corporation) MD5=DDF0CB8CD3C6007CDF4AD8F0409ED930 -- C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe
[2010/02/16 08:52:12 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=E1F653A542449D54FA2D27463D99B6B6 -- C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2012/08/21 09:48:40 | 002,193,024 | ---- | M] (Microsoft Corporation) MD5=ECA5980E1A78DBF9CB7F49F76791C0D1 -- C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[2008/08/14 06:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[2009/02/07 13:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2011/10/25 09:34:49 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=F512C662874D7545E5BD8005E6800A44 -- C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[2009/02/06 13:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2006/03/15 10:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\I386\REGEDIT.EXE
[2006/03/15 10:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2006/03/15 10:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/03/15 10:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
 
[color=#A23BEC]< MD5 for: SMSS.EXE  >[/color]
[2008/04/13 20:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/13 20:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2006/03/15 10:00:00 | 000,470,016 | ---- | M] (Microsoft Corporation) MD5=9A98937A980831729D21343754FF9D59 -- C:\I386\SYSTEM32\SMSS.EXE
[2006/03/15 10:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
 
[color=#A23BEC]< MD5 for: SPOOLSV.EXE  >[/color]
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 20:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/03/15 10:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2006/04/20 07:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006/01/13 13:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/03/15 10:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: USER32.DLL  >[/color]
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2006/03/15 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WIN32K.SYS  >[/color]
[2009/02/09 07:13:27 | 001,846,784 | ---- | M] (Microsoft Corporation) MD5=16B961A0552BC09B9E3A338FC816FFE5 -- C:\WINDOWS\$hf_mig$\KB958690\SP3GDR\win32k.sys
[2009/02/09 07:13:27 | 001,846,784 | ---- | M] (Microsoft Corporation) MD5=16B961A0552BC09B9E3A338FC816FFE5 -- C:\WINDOWS\$NtUninstallKB968537$\win32k.sys
[2009/02/09 07:08:53 | 001,847,552 | ---- | M] (Microsoft Corporation) MD5=1D20198F208006C3BB5ACB50D32CFC66 -- C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys
[2012/06/13 09:29:09 | 001,875,072 | ---- | M] (Microsoft Corporation) MD5=2EBAAFEF08BD9C0521DB300FE20E26CF -- C:\WINDOWS\$hf_mig$\KB2718523\SP3QFE\win32k.sys
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) MD5=2F2D6B7515363E855EE44D88199ADD5F -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2012/02/03 05:26:17 | 001,869,184 | ---- | M] (Microsoft Corporation) MD5=44CA80C67F0D97921C1E9AA3B4F78549 -- C:\WINDOWS\$hf_mig$\KB2641653\SP3QFE\win32k.sys
[2012/02/03 05:22:18 | 001,860,096 | ---- | M] (Microsoft Corporation) MD5=4C1CA2B98543ADF66C032E301F936D54 -- C:\WINDOWS\$NtUninstallKB2676562$\win32k.sys
[2010/12/31 09:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) MD5=4F404415E13DDC541CB34294D266B65C -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011/03/03 09:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) MD5=4F97E6BAAA847EA90EBBCD90A3FFA8E5 -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2010/08/31 09:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2012/01/12 12:53:24 | 001,859,968 | ---- | M] (Microsoft Corporation) MD5=5820A858AB8F413E86707C2E54F28265 -- C:\WINDOWS\$NtUninstallKB2641653$\win32k.sys
[2010/12/31 09:14:45 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=62FC2280FBEA1DCC64A276BCF71709D9 -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[2011/11/23 09:29:56 | 001,868,544 | ---- | M] (Microsoft Corporation) MD5=679592ECA1DAEBC7D912AFF21F68A682 -- C:\WINDOWS\$hf_mig$\KB2639417\SP3QFE\win32k.sys
[2008/09/15 08:25:27 | 001,846,912 | ---- | M] (Microsoft Corporation) MD5=692E8FC363300FA7951594A1A7A1F193 -- C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys
[2009/08/14 09:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) MD5=716ED09D8D9A9E1E4A03549B32B68186 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2012/11/13 07:20:36 | 001,875,456 | ---- | M] (Microsoft Corporation) MD5=719C5A45036DF9BE7B9F0D8D147DB4C3 -- C:\WINDOWS\$hf_mig$\KB2779030\SP3QFE\win32k.sys
[2009/04/17 06:50:18 | 001,847,808 | ---- | M] (Microsoft Corporation) MD5=7CEDA3396DECF312144BC788D699EE48 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys
[2013/03/01 21:25:02 | 001,867,264 | ---- | M] (Microsoft Corporation) MD5=860AC2E4711D2DACF12D98A42105A611 -- C:\WINDOWS\$NtUninstallKB2829361$\win32k.sys
[2008/09/15 08:17:07 | 001,846,912 | ---- | M] (Microsoft Corporation) MD5=88D9ED62433A8C3F1F8D20E97F20A1AD -- C:\WINDOWS\$hf_mig$\KB954211\SP2QFE\win32k.sys
[2012/01/12 12:54:47 | 001,869,056 | ---- | M] (Microsoft Corporation) MD5=8BA29CE11D73CC2C1C42FD00854C398B -- C:\WINDOWS\$hf_mig$\KB2660465\SP3QFE\win32k.sys
[2005/10/05 20:10:04 | 001,839,360 | ---- | M] (Microsoft Corporation) MD5=98D0393AEBA65F52FE5B66845C5F3A6A -- C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys
[2012/10/22 04:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) MD5=9A5E4D7820FF9A55B4639B32420B10EC -- C:\WINDOWS\$NtUninstallKB2779030$\win32k.sys
[2011/11/23 09:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) MD5=A3952692FE63986981A54AEB7BCC39C8 -- C:\WINDOWS\$NtUninstallKB2660465$\win32k.sys
[2010/05/02 02:34:15 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2010/08/31 09:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2005/10/05 20:05:59 | 001,839,488 | ---- | M] (Microsoft Corporation) MD5=AD247B4B1EB5FA17C73908CFAE001237 -- C:\WINDOWS\$NtUninstallKB954211_0$\win32k.sys
[2008/09/15 07:57:41 | 001,846,016 | ---- | M] (Microsoft Corporation) MD5=B34375E53CDEDF4BDFE3EB2A271FB398 -- C:\WINDOWS\$NtUninstallKB958690_0$\win32k.sys
[2013/01/03 21:32:36 | 001,876,224 | ---- | M] (Microsoft Corporation) MD5=B57F6110AC77DFE6BA7E58A0FF699915 -- C:\WINDOWS\$hf_mig$\KB2778344\SP3QFE\win32k.sys
[2009/04/17 08:26:40 | 001,847,168 | ---- | M] (Microsoft Corporation) MD5=B707EA8E261F47B51CAC6FB7AF7770F6 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) MD5=B9D41312F6D9FFA8D1D80488D9FDE849 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2013/01/03 21:20:00 | 001,867,264 | ---- | M] (Microsoft Corporation) MD5=BD39EC6064A1B5DFDABCF312A38A37EE -- C:\WINDOWS\$NtUninstallKB2808735$\win32k.sys
[2011/06/02 10:07:35 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=BE79F0A0273DEF353BA5D1F43CBAD858 -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2011/09/06 09:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=BFE37C3B420D2CA00D83554182130D32 -- C:\WINDOWS\$NtUninstallKB2639417$\win32k.sys
[2010/06/23 22:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2011/09/06 09:25:11 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=C30AAF3B63F3BE3B515B50FB7292EA9F -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2012/05/15 09:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) MD5=C39711FE4E2829092026D07E3ED08D43 -- C:\WINDOWS\$NtUninstallKB2718523$\win32k.sys
[2009/02/09 06:19:34 | 001,846,272 | ---- | M] (Microsoft Corporation) MD5=CBE3C46513AE586C6AFEE810DDDD122D -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2012/10/22 04:43:24 | 001,875,328 | ---- | M] (Microsoft Corporation) MD5=D0E30DF0D550D0B8FFCAA85CCF57914F -- C:\WINDOWS\$hf_mig$\KB2761226\SP3QFE\win32k.sys
[2008/09/15 08:12:56 | 001,846,400 | ---- | M] (Microsoft Corporation) MD5=D21A189185D3A74512CC8E68F16E3FCF -- C:\WINDOWS\$hf_mig$\KB954211\SP3GDR\win32k.sys
[2008/09/15 08:12:56 | 001,846,400 | ---- | M] (Microsoft Corporation) MD5=D21A189185D3A74512CC8E68F16E3FCF -- C:\WINDOWS\$NtUninstallKB958690$\win32k.sys
[2011/03/03 09:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=D302C0D9ADC931B598405D2C953B334B -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2012/07/03 09:40:15 | 001,866,112 | ---- | M] (Microsoft Corporation) MD5=D6F934A361D7F0BE8271673988D4E7FD -- C:\WINDOWS\$NtUninstallKB2761226$\win32k.sys
[2012/05/15 09:27:44 | 001,872,128 | ---- | M] (Microsoft Corporation) MD5=D7F261E01473BD2C7DF9BC37FF1DB6AA -- C:\WINDOWS\$hf_mig$\KB2709162\SP3QFE\win32k.sys
[2013/03/01 21:31:30 | 001,876,224 | ---- | M] (Microsoft Corporation) MD5=DC4F6FBAB1E0F57AECDCAE613FD2643C -- C:\WINDOWS\$hf_mig$\KB2808735\SP3QFE\win32k.sys
[2012/04/11 09:12:06 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=DD2D2198857A2140EFCE4171CA0635F1 -- C:\WINDOWS\$NtUninstallKB2709162$\win32k.sys
[2008/04/13 15:30:10 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=DE01D79A607C7B9AE7FF88E934D0FFB2 -- C:\WINDOWS\$NtUninstallKB954211$\win32k.sys
[2008/04/13 15:30:10 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=DE01D79A607C7B9AE7FF88E934D0FFB2 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2012/06/13 09:19:59 | 001,866,112 | ---- | M] (Microsoft Corporation) MD5=DFF851C4D8977A26F95B929A0B89BB5D -- C:\WINDOWS\$NtUninstallKB2731847$\win32k.sys
[2010/10/26 09:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) MD5=E40E572FD5DA970921A893B05FB217D9 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2012/04/11 09:23:21 | 001,871,360 | ---- | M] (Microsoft Corporation) MD5=E61826863010CD45C4682731F6E4D232 -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\win32k.sys
[2011/06/02 10:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys
[2012/07/03 09:40:18 | 001,875,072 | ---- | M] (Microsoft Corporation) MD5=EB77EAB8BD8BB38F78F493CC3592708A -- C:\WINDOWS\$hf_mig$\KB2731847\SP3QFE\win32k.sys
[2009/02/09 06:20:05 | 001,847,424 | ---- | M] (Microsoft Corporation) MD5=EC24AD3CDA5F04A4F76FE2659B5E6CBE -- C:\WINDOWS\$hf_mig$\KB958690\SP2QFE\win32k.sys
[2010/10/26 09:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=ED970A04FDAEAB9D9A5FA9B25E9196A8 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2009/08/14 08:19:38 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2005/03/01 21:11:25 | 001,836,160 | ---- | M] (Microsoft Corporation) MD5=F92DA2BB088A56B3A5FB8151E58F2964 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
[2012/11/12 21:25:12 | 001,866,368 | ---- | M] (Microsoft Corporation) MD5=F984CAE54E536681B209F7816D8F68DA -- C:\WINDOWS\$NtUninstallKB2778344$\win32k.sys
[2013/04/09 21:31:19 | 001,876,352 | ---- | M] (Microsoft Corporation) MD5=FC8A1F72A8097910A11D5184BC3F887B -- C:\WINDOWS\SoftwareDistribution\Download\fe79986ce1c6960ea9a9fc388c17aea1\sp3qfe\win32k.sys
[2013/04/09 21:31:19 | 001,876,352 | ---- | M] (Microsoft Corporation) MD5=FC8A1F72A8097910A11D5184BC3F887B -- C:\WINDOWS\system32\dllcache\win32k.sys
[2013/04/09 21:31:19 | 001,876,352 | ---- | M] (Microsoft Corporation) MD5=FC8A1F72A8097910A11D5184BC3F887B -- C:\WINDOWS\system32\win32k.sys
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2006/03/15 10:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< MD5 for: WINSRV.DLL  >[/color]
[2005/03/02 14:19:56 | 000,291,328 | ---- | M] (Microsoft Corporation) MD5=0F292F96B5967F31793C74007A0368AB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
[2008/04/13 20:12:09 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\$NtUninstallKB2121546$\winsrv.dll
[2008/04/13 20:12:09 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2005/08/31 21:41:54 | 000,291,840 | ---- | M] (Microsoft Corporation) MD5=31F2735965A8AD1EB56F774D703DDAF9 -- C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll
[2005/08/31 21:44:05 | 000,291,840 | ---- | M] (Microsoft Corporation) MD5=3642C99D14EC986DDE123C9D2846427D -- C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
[2011/06/20 13:43:21 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=3C733ABE4F13206414F670F86C5F79D8 -- C:\WINDOWS\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
[2010/06/18 13:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=42B5427FAC23BF6F1F31E466B7FEB084 -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2013/03/08 04:36:22 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=69AE2B2E6968C316536E5B10B9702E63 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2013/03/08 04:36:22 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=69AE2B2E6968C316536E5B10B9702E63 -- C:\WINDOWS\system32\winsrv.dll
[2010/06/18 13:43:57 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=6DC05976FB5B8E1358EAC8BEDFD1FA47 -- C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
[2011/11/25 17:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\$NtUninstallKB2820917$\winsrv.dll
[2011/06/20 13:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=95CF3446911A6E25EE4086DF8A45B2AA -- C:\WINDOWS\$NtUninstallKB2646524$\winsrv.dll
[2013/03/08 04:35:47 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=A6430B97C05DA8A4BA70E8280B2E6287 -- C:\WINDOWS\$hf_mig$\KB2820917\SP3QFE\winsrv.dll
[2011/11/25 17:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
[2011/04/26 07:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\$NtUninstallKB2567680$\winsrv.dll
[2011/04/26 07:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F52D3C601CF618479F9AD43B07599BED -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
 
[color=#A23BEC]< MD5 for: WS2_32.DLL  >[/color]
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2006/03/15 10:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
 
[color=#A23BEC]< MD5 for: WSCRIPT.EXE  >[/color]
[2006/03/15 10:00:00 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=3ADCE7346E279C8E7ADEC5F2428385C6 -- C:\WINDOWS\$NtServicePackUninstall$\wscript.exe
[2008/04/13 20:12:41 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=3E235D5E9093B8BAC47D9C8B124EA16C -- C:\WINDOWS\$NtUninstallKB951978$\wscript.exe
[2008/04/13 20:12:41 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=3E235D5E9093B8BAC47D9C8B124EA16C -- C:\WINDOWS\ServicePackFiles\i386\wscript.exe
[2008/05/08 07:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
[2008/05/08 07:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\system32\dllcache\wscript.exe
[2008/05/08 07:24:44 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=CEA8F7E45B7B098F5FB085BB6A6A4432 -- C:\WINDOWS\system32\wscript.exe
 
 
 
 
[color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\*.* /s >[/color]
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/04/08 14:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp3xu.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 08:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\x64\filterpipelineprintproc.dll
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /10 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /X  >[/color]
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2005/10/28 23:20:32 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2005/10/13 00:15:18 | 001,114,674 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.cpa
[2005/10/13 00:15:18 | 000,000,929 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.vp
[2005/06/08 16:45:54 | 000,058,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativckxx.vp
[2004/07/17 06:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2005/10/29 03:56:28 | 000,024,976 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativvpxx.vp
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/07/17 17:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2006/03/15 10:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2006/03/15 10:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2004/07/17 06:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.* /10 >[/color]
[2013/05/18 03:37:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2013/05/17 11:56:10 | 000,075,364 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2013/05/17 11:56:10 | 000,449,696 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2013/05/17 11:56:10 | 000,513,814 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2013/05/25 02:40:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2011/03/03 02:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2013/04/16 17:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2012/06/08 10:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\system32\*.* /lockedfiles >[/color]
[2011/03/03 02:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2013/04/16 17:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2012/06/08 10:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\system32\config\*.sav  >[/color]
[2006/08/16 06:43:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/16 06:43:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/16 06:43:28 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
 
 
 
[color=#A23BEC]< %systemroot%\Tasks\*.job >[/color]
[2013/04/21 06:00:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/05/25 02:59:33 | 000,000,936 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013/05/19 06:17:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/05/18 02:22:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1005Core.job
[2013/05/21 23:22:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1005UA.job
[2013/05/18 02:54:29 | 000,000,992 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1006Core.job
[2013/05/19 05:54:50 | 000,001,044 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3633933131-1372549331-1228847700-1006UA.job
[2010/01/23 08:01:20 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2013/05/25 02:59:32 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3633933131-1372549331-1228847700-1005.job
[2013/05/25 02:59:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3633933131-1372549331-1228847700-1006.job
[2013/03/17 03:24:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3633933131-1372549331-1228847700-1005.job
[2013/04/13 01:03:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3633933131-1372549331-1228847700-1006.job
 
[color=#A23BEC]< %systemroot%\*.* /U /s >[/color]
[73 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[36 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[62 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[6 C:\WINDOWS\system32\CatRoot\*.tmp files -> C:\WINDOWS\system32\CatRoot\*.tmp -> ]
[2774 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\Temp\avg_a02168\ProgData\*.tmp files -> C:\WINDOWS\Temp\avg_a02168\ProgData\*.tmp -> ]
[1 C:\WINDOWS\Temp\avg_a02444\ProgData\*.tmp files -> C:\WINDOWS\Temp\avg_a02444\ProgData\*.tmp -> ]
[1 C:\WINDOWS\Temp\avg_a02444\ProgFiles\AVG Secure Search\*.tmp files -> C:\WINDOWS\Temp\avg_a02444\ProgFiles\AVG Secure Search\*.tmp -> ]
[1 C:\WINDOWS\Temp\avg_a03076\ProgData\*.tmp files -> C:\WINDOWS\Temp\avg_a03076\ProgData\*.tmp -> ]
[1 C:\WINDOWS\Temp\avg_a03076\ProgFiles\AVG Secure Search\*.tmp files -> C:\WINDOWS\Temp\avg_a03076\ProgFiles\AVG Secure Search\*.tmp -> ]
[1 C:\WINDOWS\Temp\avg_a04088\ProgData\*.tmp files -> C:\WINDOWS\Temp\avg_a04088\ProgData\*.tmp -> ]
[1 C:\WINDOWS\Temp\avg_a04088\ProgFiles\AVG Secure Search\*.tmp files -> C:\WINDOWS\Temp\avg_a04088\ProgFiles\AVG Secure Search\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\*. /rp /s >[/color]
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Data Aplikac\*.*
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Data Aplikac\*.exe
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Data Aplikac\*.tmp
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Nabdka Start\*.lnk
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Data Aplikci\*.*
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Data Aplikci\*.exe
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.tmp
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk
 
Invalid Environment Variable: %APPDATA%\*.
 
Invalid Environment Variable: %APPDATA%\*.*
 
Invalid Environment Variable: %APPDATA%\*.exe
 
Invalid Environment Variable: %APPDATA%\*.tmp
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >[/color]
"ctfmon.exe" = C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe c:\docume~1\alluse~1\applic~1\jbdjm.dat,FG00 -- [2013/05/18 02:44:25 | 000,033,280 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2006/06/01 07:32:12 | 000,094,208 | ---- | M] (Nero AG)
"pdfSaver3" = "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe" -- [2004/05/19 08:29:22 | 000,385,024 | ---- | M] (Tracker Software Products Ltd.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun -- [2008/12/29 06:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd)
"Google Update" = "C:\Documents and Settings\Menk\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2011/06/03 06:47:32 | 000,136,176 | ---- | M] (Google Inc.)
"AutoStartNPSAgent" = C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe -- [2009/08/03 03:29:04 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.)
"ICQ" = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -- [2011/01/05 04:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2012/11/01 15:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com)
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun /s >[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun /s >[/color]
 
[color=#A23BEC]< HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon /s >[/color]
"AutoRestartShell" = 1
"DefaultUserName" = Menk 3
"LegalNoticeCaption" = 
"LegalNoticeText" = 
"PowerdownAfterShutdown" = 0
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
"ShutdownWithoutLogon" = 0
"System" = 
"Userinit" = C:\WINDOWS\system32\userinit.exe,
"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
"SfcQuota" = -1
"allocatecdroms" = 0
"allocatedasd" = 0
"allocatefloppies" = 0
"cachedlogonscount" = 10
"forceunlocklogon" = 0
"passwordexpirywarning" = 14
"scremoveoption" = 0
"AllowMultipleTSSessions" = 1
"UIHost" = logonui.exe -- [2008/04/13 20:12:24 | 000,514,560 | ---- | M] (Microsoft Corporation)
"LogonType" = 1
"Background" = 0 0 0
"DebugServerCommand" = no
"SFCDisable" = 0
"WinStationsDisabled" = 0
"HibernationPreviouslyEnabled" = 1
"ShowLogonOptions" = 0
"AltDefaultUserName" = Menk 3
"AltDefaultDomainName" = DC056081
"DefaultDomainName" = DC056081
"ChangePasswordUseKerberos" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"" = Wireless
"ProcessGroupPolicy" = ProcessWIRELESSPolicy
"DllName" = gptext.dll -- [2008/04/13 20:11:54 | 000,199,680 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"" = Folder Redirection
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"DllName" = fdeploy.dll -- [2008/04/13 20:11:53 | 000,073,728 | ---- | M] (Microsoft Corporation)
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"NoGPOListChanges" = 0
"NoBackgroundPolicy" = 0
"GenerateGroupPolicy" = GenerateGroupPolicy
"EventSources" = (Folder Redirection,Application) [binary data]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"" = Microsoft Disk Quota
"NoMachinePolicy" = 0
"NoUserPolicy" = 1
"NoSlowLink" = 1
"NoBackgroundPolicy" = 1
"NoGPOListChanges" = 1
"PerUserLocalSettings" = 0
"RequiresSuccessfulRegistry" = 1
"EnableAsynchronousProcessing" = 0
"DllName" = dskquota.dll -- [2008/04/13 20:11:52 | 000,092,672 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicy
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"" = QoS Packet Scheduler
"ProcessGroupPolicy" = ProcessPSCHEDPolicy
"DllName" = gptext.dll -- [2008/04/13 20:11:54 | 000,199,680 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"" = Scripts
"ProcessGroupPolicy" = ProcessScriptsGroupPolicy
"ProcessGroupPolicyEx" = ProcessScriptsGroupPolicyEx
"GenerateGroupPolicy" = GenerateScriptsGroupPolicy
"DllName" = gptext.dll -- [2008/04/13 20:11:54 | 000,199,680 | ---- | M] (Microsoft Corporation)
"NoSlowLink" = 1
"NoGPOListChanges" = 1
"NotifyLinkTransition" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"" = Internet Explorer Zonemapping
"DllName" = iedkcs32.dll -- [2008/04/13 20:11:54 | 000,323,584 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap
"NoGPOListChanges" = 1
"RequiresSucessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO
"GenerateGroupPolicy" = SceGenerateGroupPolicy
"ExtensionRsopPlanningDebugLevel" = 1
"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx
"ExtensionDebugLevel" = 1
"DllName" = scecli.dll -- [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
"" = Security -- [2008/04/13 20:12:05 | 000,005,632 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"EnableAsynchronousProcessing" = 1
"MaxNoGPOListChangesInterval" = 960
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"ProcessGroupPolicy" = ProcessGroupPolicy
"DllName" = iedkcs32.dll -- [2008/04/13 20:11:54 | 000,323,584 | ---- | M] (Microsoft Corporation)
"" = Internet Explorer Branding
"NoSlowLink" = 1
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessEFSRecoveryGPO
"DllName" = scecli.dll -- [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
"" = EFS recovery
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"" = 802.3 Group Policy
"DisplayName" = @dot3gpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessLANPolicyEx
"GenerateGroupPolicy" = GenerateLANPolicy
"DllName" = dot3gpclnt.dll -- [2008/04/13 20:11:52 | 000,039,936 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"" = Microsoft Offline Files
"DllName" = %SystemRoot%\System32\cscui.dll -- [2008/04/13 20:11:51 | 000,326,656 | ---- | M] (Microsoft Corporation)
"EnableAsynchronousProcessing" = 0
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 0
"NoMachinePolicy" = 0
"NoSlowLink" = 0
"NoUserPolicy" = 1
"PerUserLocalSettings" = 0
"ProcessGroupPolicy" = ProcessGroupPolicy
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"" = Software Installation
"DllName" = appmgmts.dll -- [2008/04/13 20:11:49 | 000,167,936 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicyEx" = ProcessGroupPolicyObjectsEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoBackgroundPolicy" = 0
"RequiresSucessfulRegistry" = 0
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"EventSources" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"" = IP Security
"ProcessGroupPolicy" = ProcessIPSECPolicy
"DllName" = gptext.dll -- [2008/04/13 20:11:54 | 000,199,680 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\AtiExtEvent]
"DLLName" = Ati2evxx.dll -- [2005/10/29 00:07:28 | 000,047,616 | ---- | M] (ATI Technologies Inc.)
"Asynchronous" = 0
"Impersonate" = 1
"Lock" = AtiLockEvent
"Logoff" = AtiLogoffEvent
"Logon" = AtiLogonEvent
"Disconnect" = AtiDisConnectEvent
"Reconnect" = AtiReConnectEvent
"Safe" = 0
"Shutdown" = AtiShutdownEvent
"StartScreenSaver" = AtiStartScreenSaverEvent
"StartShell" = AtiStartShellEvent
"Startup" = AtiStartupEvent
"StopScreenSaver" = AtiStopScreenSaverEvent
"Unlock" = AtiUnLockEvent
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\avgrsstarter]
"DLLName" = avgrsstx.dll
"Startup" = AvgStartup
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\crypt32chain]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = crypt32.dll -- [2012/06/01 12:50:06 | 000,601,088 | ---- | M] (Microsoft Corporation)
"Logoff" = ChainWlxLogoffEvent
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\cryptnet]
"Asynchronous" = 0
"Impersonate" = 0
"DllName" = cryptnet.dll -- [2008/04/13 20:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation)
"Logoff" = CryptnetWlxLogoffEvent
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\cscdll]
"DLLName" = cscdll.dll -- [2008/04/13 20:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation)
"Logon" = WinlogonLogonEvent
"Logoff" = WinlogonLogoffEvent
"ScreenSaver" = WinlogonScreenSaverEvent
"Startup" = WinlogonStartupEvent
"Shutdown" = WinlogonShutdownEvent
"StartShell" = WinlogonStartShellEvent
"Impersonate" = 0
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\dimsntfy]
"Asynchronous" = 1
"DllName" = %SystemRoot%\System32\dimsntfy.dll -- [2008/04/13 20:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Startup" = WlDimsStartup
"Shutdown" = WlDimsShutdown
"Logon" = WlDimsLogon
"Logoff" = WlDimsLogoff
"StartShell" = WlDimsStartShell
"Lock" = WlDimsLock
"Unlock" = WlDimsUnlock
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\IfxWlxEN]
"DllName" = IfxWlxEN.dll -- [2004/03/22 21:02:46 | 000,360,448 | ---- | M] (Infineon Technologies AG)
"Logon" = LogonEvent
"Logoff" = LogoffEvent
"Lock" = LockEvent
"UnLock" = UnlockEvent
"Enabled" = 1
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\netprp]
"Startup" = netprp
"Impersonate" = 1
"Asynchronous" = 1
"MaxWait" = 1
"ng950" = [0C3F458A11578AE73]
"DllName" = netprp.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\PSDNtfy]
"DLLName" = C:\Program Files\Infineon\Security Platform Software\PSDNtfy.dll -- [2004/03/22 13:11:36 | 000,054,320 | ---- | M] (Infineon Technologies AG )
"Impersonate" = 1
"Asynchronous" = 0
"Startup" = StartupGSX
"Logoff" = LogoffGSX
"Shutdown" = ShutdownGSX
"Logon" = LogonGSX
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\ScCertProp]
"DLLName" = wlnotify.dll -- [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
"Logon" = SCardStartCertProp
"Logoff" = SCardStopCertProp
"Lock" = SCardSuspendCertProp
"Unlock" = SCardResumeCertProp
"Enabled" = 1
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\Schedule]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"StartShell" = SchedStartShell
"Logoff" = SchedEventLogOff
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\sclgntfy]
"Logoff" = WLEventLogoff
"Impersonate" = 0
"Asynchronous" = 1
"DllName" = sclgntfy.dll -- [2008/04/13 20:12:05 | 000,020,480 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\SensLogn]
"DLLName" = WlNotify.dll -- [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
"Lock" = SensLockEvent
"Logon" = SensLogonEvent
"Logoff" = SensLogoffEvent
"Safe" = 1
"MaxWait" = 600
"StartScreenSaver" = SensStartScreenSaverEvent
"StopScreenSaver" = SensStopScreenSaverEvent
"Startup" = SensStartupEvent
"Shutdown" = SensShutdownEvent
"StartShell" = SensStartShellEvent
"PostShell" = SensPostShellEvent
"Disconnect" = SensDisconnectEvent
"Reconnect" = SensReconnectEvent
"Unlock" = SensUnlockEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\termsrv]
"Asynchronous" = 0
"DllName" = wlnotify.dll -- [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
"Impersonate" = 0
"Logoff" = TSEventLogoff
"Logon" = TSEventLogon
"PostShell" = TSEventPostShell
"Shutdown" = TSEventShutdown
"StartShell" = TSEventStartShell
"Startup" = TSEventStartup
"MaxWait" = 600
"Reconnect" = TSEventReconnect
"Disconnect" = TSEventDisconnect
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\Notify\wlballoon]
"DLLName" = wlnotify.dll -- [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
"Logon" = RegisterTicketExpiredNotificationEvent
"Logoff" = UnregisterTicketExpiredNotificationEvent
"Impersonate" = 1
"Asynchronous" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\SCLogon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon\SpecialAccounts\UserList]
"HelpAssistant" = 0
"TsInternetUser" = 0
"SQLAgentCmdExec" = 0
"NetShowServices" = 0
"IWAM_" = 65536
"IUSR_" = 65536
"VUSR_" = 65536
"ASPNET" = 0
 
[color=#A23BEC]< HKCU\Software\Microsoft\Windows NT\CurrentVersion\winlogon /s >[/color]
"ParseAutoexec" = 1
"ExcludeProfileDirs" = Local Settings;Temporary Internet Files;History;Temp
"BuildNumber" = 2600
 
[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:C3212BAE727911DD
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:810B9F0D
< End of report >
