Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
Hello,
I was directed here to check my laptop for malware.
OTL logfile created on: 10/8/2014 2:07:01 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MAGMAM\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: Australia | Language: EN | Date Format: dd/MM/yyyy
2.94 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 38.70% Memory free
7.32 Gb Paging File | 2.70 Gb Available in Paging File | 36.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.89 Gb Total Space | 13.57 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive D: | 16.90 Gb Total Space | 0.10 Gb Free Space | 0.61% Space Free | Partition Type: NTFS
Drive E: | 5.00 Gb Total Space | 0.18 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive G: | 1.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 0.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 300.00 Mb Total Space | 258.79 Mb Free Space | 86.27% Space Free | Partition Type: NTFS
Drive J: | 9.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 6.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 5.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MAGMAM-PC | User Name: MAGMAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\MAGMAM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Ginger\GingerUpdateService\GingerUpdateService.exe (Ginger Software)
PRC - C:\Program Files\Ginger\GingerServices\GingerServices.exe (Ginger Software)
PRC - C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\osk.exe (Microsoft Corporation)
PRC - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hotspot Shield\bin\HSSCP.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe (AVG)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
PRC - C:\Users\MAGMAM\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
PRC - C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files\netcut\netcut.exe (Arcai.com)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\WebcamMax\wcmmon.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\38.0.2125.101\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\38.0.2125.101\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\38.0.2125.101\libegl.dll ()
MOD - c:\Program Files\Real\RealPlayer\RPDS\Lib\r1api.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e8d9058b7f59f6d3d134b086916d8674\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0c9f47f2c82f0232a48a737193672197\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\349461c3a273efc2b4bd643c2645bd70\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2508b25b4d961a45659a8a8f128818a1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\af_proxy.dll ()
MOD - C:\Program Files\Notepad++\NppShell_06.dll ()
MOD - C:\Program Files\Software Informer\cef\libcef.dll ()
MOD - C:\Program Files\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Program Files\Notepad++\plugins\NppExport.dll ()
MOD - C:\Program Files\WebcamMax\wcmmon.exe ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (APNMCP) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (RealPlayer Cloud Service) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
SRV - (TeamViewer9) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GingerUpdateService) -- C:\Program Files\Ginger\GingerUpdateService\GingerUpdateService.exe (Ginger Software)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (RealPlayerUpdateSvc) -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (c2cautoupdatesvc) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (HPSupportSolutionsFrameworkService) -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (AVG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (wxpSvc) -- C:\Program Files\webcamXP5\wService.exe (Moonware Studios)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Disc Soft Bus Service) -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe (Disc Soft Ltd)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NitroReaderDriverReadSpool3) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (Nitro PDF Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (Riverbed Technology, Inc.)
SRV - (ICCS) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AIPS) -- C:\Program Files\netcut\services\aips.exe (Arcai.com)
SRV - (VmbService) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (catchme) -- C:\Users\MAGMAM\AppData\Local\Temp\catchme.sys File not found
DRV - (BprotectEx) -- C:\Windows\System32\drivers\BprotectEx.sys File not found
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgdiskx) -- C:\Windows\System32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (TBIMount) -- C:\Windows\System32\drivers\TBIMount.sys (TeraByte, Inc.)
DRV - (dtscsibus) -- C:\Windows\System32\drivers\dtscsibus.sys (Disc Soft Ltd)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (Bhbase) -- C:\Windows\System32\drivers\Bhbase.sys (Baidu, Inc.)
DRV - (phylock) -- C:\Windows\System32\drivers\phylock.sys (TeraByte, Inc.)
DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (Riverbed Technology, Inc.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (WCMVCAM) -- C:\Windows\System32\drivers\wcmvcam.sys (Windows ® Win 7 DDK provider)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (XilinxPC4Driver) -- C:\Windows\System32\drivers\xpc4drvr.sys (Xilinx, Inc.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}: "URL" = http://www.arabyonli...q={searchTerms}
IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1029031320&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mefeedia.com/mena?v=3.42
IE - HKCU\..\SearchScopes,DefaultScope = {0001612C-7A4C-413E-AE24-A0533160057F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}: "URL" = http://www.arabyonli...q={searchTerms}
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1029031320&ir=
IE - HKCU\..\SearchScopes\{7BF28D31-16C0-443C-8DF8-B8A6ABDBD87D}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={D9444AAD-89CD-4199-B024-73EC10916BD1}&mid=6bce5ce22d7947d39831b9ea824161c4-df9ce6dce916111b504e34f7134076bab6351bc4&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 14:56:29&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspo...q={searchTerms}
IE - HKCU\..\SearchScopes\5055E17DDD094F28BDB7DB89B6D45BC5: "URL" = http://search.qvo6.c...X&ts=1376413680
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.arabyonline.com/?src=117"
FF - prefs.js..extensions.enabledAddons: ffxtlbra%40softonic.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B285ACFBB-8E53-4feb-90E6-F02A128927F3%7D:1.2.6
FF - prefs.js..extensions.enabledAddons: %7Bf9d03c26-0575-497e-821d-f7956d23e0ca%7D:3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.type:
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.13.2: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.13: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.13.2: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\gingersoftware.com/gingerPlugin: C:\Program Files\Ginger\GingerServices\GingerServicesProxy.dll (Ginger Software)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/09/17 20:13:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\chknq@jrkbwgoi.org: C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\extensions\chknq@jrkbwgoi.org
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\adapter@gingersoftware.com: C:\Program Files\Ginger\Mozilla\adapter@gingersoftware.com [2014/09/16 18:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\firefox@gingersoftware.2.0.0.74.com: C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com [2014/05/18 03:47:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9D2AA73B-6049-4799-B8AC-925723370070}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/09/17 20:13:37 | 000,000,000 | ---D | M]
[2013/08/04 12:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Extensions
[2014/10/06 02:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\Extensions
[2014/10/06 02:48:18 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2014/02/14 00:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profilesop84hkh5.default\extensions
[2014/02/14 00:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profilesop84hkh5.default\extensions\staged
[2013/12/24 06:40:42 | 000,065,077 | ---- | M] () (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\Extensions\ffxtlbra@softonic.com.xpi
[2014/02/10 18:44:27 | 000,490,422 | ---- | M] () (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi
[2012/05/25 17:38:16 | 000,031,267 | ---- | M] () (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi
[2013/12/29 21:25:31 | 000,002,842 | ---- | M] () (No name found) -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
[2014/02/15 10:14:35 | 000,004,000 | ---- | M] () -- C:\Users\MAGMAM\AppData\Roaming\Mozilla\Firefox\Profiles\op84hkh5.default\searchplugins\ZenSearch.xml
[2013/08/02 16:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg\8.10_0\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_28\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\MAGMAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/02/22 15:48:54 | 000,000,221 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 anchorfree.net
O1 - Hosts: 127.0.0.1 rss2search.com
O1 - Hosts: 127.0.0.1 techbrowsing.com
O1 - Hosts: 127.0.0.1 box.anchorfree.net
O1 - Hosts: 127.0.0.1 www.mefeedia.com
O1 - Hosts: 127.0.0.3 www.anchorfree.net
O1 - Hosts: 127.0.0.2 www.mefeedia.com
O2 - BHO: (Ginger Grammar & Spell Checker) - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files\Ginger\GingerIEAddin\adxloader.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (FoxPro Class) - {598AC71E-BE58-3981-B78A-5C138F423AD6} - C:\Users\MAGMAM\AppData\Roaming\VolIE\FoxPro_32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_6116CBA5655B8B1266EAB4041CDFAAA1] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe (CBS Software)
O4 - HKCU..\Run: [uTorrent] C:\Users\MAGMAM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\wcmmon.exe ()
O4 - Startup: C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MAGMAM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra Button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.136.58.190 62.209.25.155
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D02B2D8-4A6D-423F-9874-ECF283BB2542}: DhcpNameServer = 83.136.58.190 62.209.25.155
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/12/12 00:00:00 | 000,000,041 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013/09/03 11:39:13 | 000,000,043 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/11/15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - K:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 19:03:48 | 000,000,054 | R--- | M] () - K:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/11/09 03:32:49 | 000,000,041 | R--- | M] () - L:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2013/05/07 16:57:07 | 000,000,000 | ---D | M] - M:\Autorun -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (AVG)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: vidc.mjpg - C:\Windows\System32\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: vidc.xtor - C:\Windows\System32\DxtoryCodec.dll (Dxtory Software)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/10/06 04:34:45 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\Desktop\GMT.KZ_FIFA_15_Ultimate_Team_Edition
[2014/10/06 02:36:06 | 000,039,624 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
[2014/10/06 02:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2014/10/06 02:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2014/10/06 02:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2014/10/06 02:11:53 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\AppData\Roaming\Hotspot Shield
[2014/10/03 08:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReMouse Micro
[2014/10/03 08:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\ReMouse Micro
[2014/10/03 08:32:40 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\Documents\AutomaticSolution Software
[2014/10/03 08:28:57 | 001,006,592 | ---- | C] (AutomaticSolution Software ) -- C:\Users\MAGMAM\Desktop\ReMouseMicro-Setup.exe
[2014/09/30 21:28:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014/09/24 04:47:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/09/20 03:46:34 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\Documents\New folder
[2014/09/20 00:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/20 00:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/09/17 20:15:20 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\AppData\Roaming\RealNetworks
[2014/09/17 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\AppData\Local\AskPartnerNetwork
[2014/09/17 20:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014/09/17 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014/09/17 20:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/09/17 20:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/09/17 20:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2014/09/17 20:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2014/09/14 23:28:34 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\Documents\My Received Files
[2014/09/14 01:51:12 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2014/09/14 01:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2014/09/14 01:41:29 | 001,758,592 | ---- | C] (AVM Software Inc.) -- C:\Users\MAGMAM\Desktop\pal_install_ar_r109860_a3000.exe
[2014/09/12 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\AppData\Roaming\VolIE
[2014/09/12 21:17:05 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\AppData\Roaming\ARHome
[2014/09/12 02:35:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/09/12 02:35:12 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/12 02:35:11 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/12 02:35:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/09/12 02:35:10 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/09/12 02:35:10 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/09/12 02:35:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/09/12 02:35:09 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/09/12 02:35:09 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/12 02:35:09 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/12 02:35:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/12 02:35:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/12 02:35:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/09/12 02:35:07 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/09/12 02:35:07 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/09/12 02:35:07 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/09/12 02:35:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/09/12 02:35:06 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/09/12 02:35:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/12 02:35:05 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/09/12 02:35:05 | 000,327,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/09/12 02:34:59 | 004,232,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/12 02:34:58 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/09/12 02:32:21 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2014/09/11 15:54:38 | 000,000,000 | ---D | C] -- C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hotspot Shield v2.88 Elite Final Full
[2014/09/11 15:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\S.P.D
[2014/09/11 04:01:30 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/09/11 04:01:28 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/09/11 04:01:25 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/09/11 04:01:25 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2 C:\Users\MAGMAM\Desktop\*.tmp files -> C:\Users\MAGMAM\Desktop\*.tmp -> ]
[18 C:\Users\MAGMAM\Documents\*.tmp files -> C:\Users\MAGMAM\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/10/08 02:16:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/08 01:44:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/07 22:22:28 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/07 21:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/07 21:12:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2014/10/07 13:44:01 | 000,000,826 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/07 09:19:09 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/10/07 09:18:47 | 2370,592,768 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/06 04:15:20 | 000,355,328 | ---- | M] () -- C:\Users\MAGMAM\Desktop\FIFA15Downloader__7934_il2533458.exe
[2014/10/06 02:46:17 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2014/10/06 02:45:38 | 000,000,009 | ---- | M] () -- C:\END
[2014/10/06 02:20:25 | 000,028,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/06 02:20:25 | 000,028,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/06 02:10:17 | 008,052,240 | ---- | M] () -- C:\Users\MAGMAM\Desktop\HSS-3.42-install-hss.exe
[2014/10/05 20:01:36 | 009,083,136 | ---- | M] () -- C:\Users\MAGMAM\Documents\DJ Sharaz - Shake It, Bake It, Booty Quake It _ Facebook.mp4
[2014/10/03 08:32:49 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\ReMouse Micro.lnk
[2014/10/03 08:29:04 | 001,006,592 | ---- | M] (AutomaticSolution Software ) -- C:\Users\MAGMAM\Desktop\ReMouseMicro-Setup.exe
[2014/10/01 22:52:22 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/01 22:30:45 | 000,723,764 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2014/10/01 22:30:45 | 000,719,346 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2014/10/01 22:30:45 | 000,708,626 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2014/10/01 22:30:45 | 000,651,428 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2014/10/01 22:30:45 | 000,153,656 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2014/10/01 22:30:45 | 000,148,406 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2014/10/01 22:30:45 | 000,140,750 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2014/10/01 22:30:44 | 000,735,104 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014/10/01 22:30:44 | 000,685,370 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014/10/01 22:30:44 | 000,657,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/10/01 22:30:44 | 000,504,160 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2014/10/01 22:30:44 | 000,481,930 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2014/10/01 22:30:44 | 000,156,622 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014/10/01 22:30:44 | 000,151,592 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2014/10/01 22:30:44 | 000,130,982 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014/10/01 22:30:44 | 000,122,894 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/10/01 22:30:44 | 000,099,408 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2014/10/01 22:30:44 | 000,095,656 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2014/10/01 22:25:16 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job
[2014/10/01 02:22:14 | 009,303,162 | ---- | M] () -- C:\Users\MAGMAM\Documents\Benjo Tabora _ Facebook.mp4
[2014/09/30 17:22:24 | 000,011,644 | ---- | M] () -- C:\Users\MAGMAM\Desktop\10704003_1471577439796538_4006392485479956584_n.jpg
[2014/09/30 04:02:07 | 000,009,532 | ---- | M] () -- C:\Users\MAGMAM\Desktop\10629573_814350365252447_3153925028573009385_n.jpg
[2014/09/30 04:01:01 | 000,010,940 | ---- | M] () -- C:\Users\MAGMAM\Desktop\10303294_814333115254172_3127307523454080139_n.jpg
[2014/09/30 03:47:32 | 000,020,954 | ---- | M] () -- C:\Users\MAGMAM\Desktop\10653821_678308628957196_1338467909795394739_n.jpg
[2014/09/24 10:29:37 | 000,045,550 | ---- | M] () -- C:\Users\MAGMAM\Desktop\10653767_889632104447233_5108268957931399378_n.jpg
[2014/09/24 05:16:53 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/09/24 05:16:53 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/09/23 06:20:17 | 012,443,664 | ---- | M] () -- C:\Users\MAGMAM\Documents\Nova 106.9 _ Facebook.mp4
[2014/09/20 00:53:27 | 000,001,012 | ---- | M] () -- C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/20 00:53:04 | 000,000,982 | ---- | M] () -- C:\Users\MAGMAM\Desktop\Dropbox.lnk
[2014/09/20 00:47:15 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/20 00:05:10 | 000,443,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/19 01:52:01 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/09/18 02:04:36 | 000,423,971 | ---- | M] () -- C:\Users\MAGMAM\Documents\Capturec.PNG
[2014/09/17 20:13:51 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/09/17 20:12:13 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2014/09/17 20:11:56 | 000,001,206 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/09/17 20:11:34 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2014/09/16 18:01:41 | 000,002,983 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk
[2014/09/16 18:01:41 | 000,002,949 | ---- | M] () -- C:\Users\Public\Desktop\Ginger.lnk
[2014/09/15 00:21:31 | 000,048,399 | ---- | M] () -- C:\Users\MAGMAM\Documents\Captureb.PNG
[2014/09/14 01:51:13 | 000,001,985 | ---- | M] () -- C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2014/09/14 01:51:12 | 000,001,965 | ---- | M] () -- C:\Users\MAGMAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2014/09/14 01:51:12 | 000,001,941 | ---- | M] () -- C:\Users\MAGMAM\Desktop\Paltalk Messenger.lnk
[2014/09/14 01:51:12 | 000,001,216 | ---- | M] () -- C:\Users\MAGMAM\Desktop\Upgrade to Paltalk Extreme.lnk
[2014/09/14 01:51:11 | 000,001,216 | ---- | M] () -- C:\Users\MAGMAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2014/09/14 01:42:20 | 001,758,592 | ---- | M] (AVM Software Inc.) -- C:\Users\MAGMAM\Desktop\pal_install_ar_r109860_a3000.exe
[2014/09/14 01:34:46 | 000,090,481 | ---- | M] () -- C:\Users\MAGMAM\Documents\Capturea.PNG
[2014/09/12 21:17:45 | 000,001,085 | ---- | M] () -- C:\Users\MAGMAM\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2014/09/12 21:17:45 | 000,001,061 | ---- | M] () -- C:\Users\MAGMAM\Desktop\FinalMediaPlayer.lnk
[2014/09/12 21:17:17 | 000,004,772 | ---- | M] () -- C:\Users\MAGMAM\AppData\Roaming\ext.crx
[2014/09/12 21:17:13 | 000,003,072 | ---- | M] () -- C:\Users\MAGMAM\AppData\Roaming\chrome-extension.localstorage
[2014/09/11 15:54:39 | 000,002,292 | ---- | M] () -- C:\Users\MAGMAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Best VPN Soft Special Offer.lnk
[2014/09/11 15:54:39 | 000,002,268 | ---- | M] () -- C:\Users\MAGMAM\Desktop\Best VPN Soft Special Offer.lnk
[2014/09/11 04:11:11 | 000,070,424 | ---- | M] () -- C:\Users\MAGMAM\Desktop\10511200_769102246518214_3902462020799876321_n.jpg
[2014/09/09 23:47:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2 C:\Users\MAGMAM\Desktop\*.tmp files -> C:\Users\MAGMAM\Desktop\*.tmp -> ]
[18 C:\Users\MAGMAM\Documents\*.tmp files -> C:\Users\MAGMAM\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/10/06 04:15:18 | 000,355,328 | ---- | C] () -- C:\Users\MAGMAM\Desktop\FIFA15Downloader__7934_il2533458.exe
[2014/10/06 02:46:17 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2014/10/06 02:45:37 | 000,000,009 | ---- | C] () -- C:\END
[2014/10/06 02:09:04 | 008,052,240 | ---- | C] () -- C:\Users\MAGMAM\Desktop\HSS-3.42-install-hss.exe
[2014/10/05 20:00:18 | 009,083,136 | ---- | C] () -- C:\Users\MAGMAM\Documents\DJ Sharaz - Shake It, Bake It, Booty Quake It _ Facebook.mp4
[2014/10/03 08:32:49 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\ReMouse Micro.lnk
[2014/10/01 02:20:56 | 009,303,162 | ---- | C] () -- C:\Users\MAGMAM\Documents\Benjo Tabora _ Facebook.mp4
[2014/09/30 17:22:23 | 000,011,644 | ---- | C] () -- C:\Users\MAGMAM\Desktop\10704003_1471577439796538_4006392485479956584_n.jpg
[2014/09/30 04:02:07 | 000,009,532 | ---- | C] () -- C:\Users\MAGMAM\Desktop\10629573_814350365252447_3153925028573009385_n.jpg
[2014/09/30 04:01:00 | 000,010,940 | ---- | C] () -- C:\Users\MAGMAM\Desktop\10303294_814333115254172_3127307523454080139_n.jpg
[2014/09/30 03:46:55 | 000,020,954 | ---- | C] () -- C:\Users\MAGMAM\Desktop\10653821_678308628957196_1338467909795394739_n.jpg
[2014/09/24 10:27:26 | 000,045,550 | ---- | C] () -- C:\Users\MAGMAM\Desktop\10653767_889632104447233_5108268957931399378_n.jpg
[2014/09/23 06:18:37 | 012,443,664 | ---- | C] () -- C:\Users\MAGMAM\Documents\Nova 106.9 _ Facebook.mp4
[2014/09/20 00:47:15 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/19 01:52:01 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/09/19 01:52:01 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/09/18 02:04:35 | 000,423,971 | ---- | C] () -- C:\Users\MAGMAM\Documents\Capturec.PNG
[2014/09/17 20:13:51 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/09/15 00:21:30 | 000,048,399 | ---- | C] () -- C:\Users\MAGMAM\Documents\Captureb.PNG
[2014/09/14 01:51:13 | 000,001,985 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2014/09/14 01:51:12 | 000,001,965 | ---- | C] () -- C:\Users\MAGMAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2014/09/14 01:51:12 | 000,001,941 | ---- | C] () -- C:\Users\MAGMAM\Desktop\Paltalk Messenger.lnk
[2014/09/14 01:51:12 | 000,001,216 | ---- | C] () -- C:\Users\MAGMAM\Desktop\Upgrade to Paltalk Extreme.lnk
[2014/09/14 01:51:11 | 000,001,216 | ---- | C] () -- C:\Users\MAGMAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2014/09/14 01:34:46 | 000,090,481 | ---- | C] () -- C:\Users\MAGMAM\Documents\Capturea.PNG
[2014/09/12 21:17:17 | 000,004,772 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\ext.crx
[2014/09/12 21:17:13 | 000,003,072 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\chrome-extension.localstorage
[2014/09/11 15:54:39 | 000,002,292 | ---- | C] () -- C:\Users\MAGMAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Best VPN Soft Special Offer.lnk
[2014/09/11 15:54:39 | 000,002,268 | ---- | C] () -- C:\Users\MAGMAM\Desktop\Best VPN Soft Special Offer.lnk
[2014/09/11 04:10:57 | 000,070,424 | ---- | C] () -- C:\Users\MAGMAM\Desktop\10511200_769102246518214_3902462020799876321_n.jpg
[2014/05/29 01:05:15 | 000,000,017 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\brite
[2014/05/19 23:17:31 | 000,000,408 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\CamShapes.ini
[2014/05/19 23:17:31 | 000,000,408 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\CamLayout.ini
[2014/05/19 23:17:31 | 000,000,054 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\Camdata.ini
[2014/05/19 23:13:39 | 000,004,535 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\CamStudio.cfg
[2014/05/19 23:09:10 | 000,000,096 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\version2.xml
[2014/05/06 18:23:16 | 000,723,802 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2014/05/06 18:23:16 | 000,398,136 | ---- | C] () -- C:\Windows\System32\H264Decoder.dll
[2014/05/06 18:23:15 | 000,000,988 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2014/02/20 18:14:02 | 000,179,377 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2014/01/25 18:53:27 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2014/01/25 15:06:16 | 000,000,252 | ---- | C] () -- C:\Windows\System32\msdllhlp.dll
[2014/01/23 12:57:59 | 000,091,224 | ---- | C] () -- C:\Windows\tbicd2hd.exe
[2014/01/21 21:50:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/21 21:50:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/21 21:50:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/21 21:50:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/21 21:50:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/20 13:19:33 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2014/01/19 08:01:14 | 000,010,729 | ---- | C] () -- C:\Users\MAGMAM\gsview32.ini
[2014/01/14 13:29:02 | 000,000,040 | ---- | C] () -- C:\Windows\gsview32.ini
[2014/01/07 01:40:34 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2014/01/07 01:40:33 | 000,685,370 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2014/01/07 01:40:33 | 000,130,982 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2014/01/07 01:40:33 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2014/01/07 01:40:32 | 000,289,060 | ---- | C] () -- C:\Windows\System32\perfi001.dat
[2014/01/07 01:40:29 | 000,481,930 | ---- | C] () -- C:\Windows\System32\perfh001.dat
[2014/01/07 01:40:29 | 000,095,656 | ---- | C] () -- C:\Windows\System32\perfc001.dat
[2014/01/07 01:40:29 | 000,042,056 | ---- | C] () -- C:\Windows\System32\perfd001.dat
[2013/12/19 00:19:06 | 000,000,027 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\WB.CFG
[2013/11/27 18:41:18 | 000,361,984 | ---- | C] () -- C:\Windows\System32\LiveWrapRTSP.dll
[2013/11/07 02:02:16 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/11/07 02:02:12 | 000,077,312 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/10/30 03:52:54 | 000,161,880 | ---- | C] () -- C:\Windows\System32\pca-manta.bin
[2013/10/30 03:52:54 | 000,000,092 | ---- | C] () -- C:\Windows\System32\calibration.bin
[2013/10/11 09:18:55 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/10/11 09:18:55 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/10/11 09:18:54 | 000,001,786 | ---- | C] () -- C:\Windows\unins000.dat
[2013/09/29 00:06:42 | 000,015,585 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\winboard47.ini
[2013/09/29 00:03:48 | 000,015,246 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\winboard_cct.ini
[2013/09/28 22:12:15 | 000,014,654 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\winboard-XQ.ini
[2013/09/28 22:06:53 | 000,015,178 | ---- | C] () -- C:\Users\MAGMAM\AppData\Roaming\winboard_ics.ini
[2013/09/24 02:24:01 | 000,000,588 | ---- | C] () -- C:\Users\MAGMAM\Xilinx_Connect_Later.html
[2013/08/15 20:26:19 | 000,735,104 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2013/08/15 20:26:19 | 000,723,764 | ---- | C] () -- C:\Windows\System32\prfh0816.dat
[2013/08/15 20:26:19 | 000,719,346 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2013/08/15 20:26:19 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2013/08/15 20:26:19 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2013/08/15 20:26:19 | 000,336,656 | ---- | C] () -- C:\Windows\System32\prfi0816.dat
[2013/08/15 20:26:19 | 000,156,622 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2013/08/15 20:26:19 | 000,153,656 | ---- | C] () -- C:\Windows\System32\prfc0816.dat
[2013/08/15 20:26:19 | 000,151,592 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2013/08/15 20:26:19 | 000,040,548 | ---- | C] () -- C:\Windows\System32\prfd0816.dat
[2013/08/15 20:26:19 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2013/08/15 20:26:19 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2013/08/15 20:26:18 | 000,708,626 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2013/08/15 20:26:18 | 000,504,160 | ---- | C] () -- C:\Windows\System32\perfh006.dat
[2013/08/15 20:26:18 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2013/08/15 20:26:18 | 000,306,636 | ---- | C] () -- C:\Windows\System32\perfi006.dat
[2013/08/15 20:26:18 | 000,148,406 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2013/08/15 20:26:18 | 000,099,408 | ---- | C] () -- C:\Windows\System32\perfc006.dat
[2013/08/15 20:26:18 | 000,039,236 | ---- | C] () -- C:\Windows\System32\perfd006.dat
[2013/08/15 20:26:18 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2013/08/14 19:44:58 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
[2013/08/14 19:44:57 | 000,651,428 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
[2013/08/14 19:44:57 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
[2013/08/14 19:44:56 | 000,140,750 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
[2013/08/07 17:16:18 | 000,007,595 | ---- | C] () -- C:\Users\MAGMAM\AppData\Local\Resmon.ResmonCfg
[2013/08/07 03:45:09 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2013/08/05 08:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2013/08/05 08:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2013/08/02 17:48:08 | 000,001,246 | RHS- | C] () -- C:\Users\MAGMAM\ntuser.pol
[2013/08/02 17:25:27 | 000,000,170 | ---- | C] () -- C:\Users\MAGMAM\.packettracer
[2013/03/09 01:32:48 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2013/03/01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/12/14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2012/12/14 02:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012/12/14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/12/14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2012/11/28 09:42:06 | 001,826,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2012/11/28 09:42:06 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/11/28 09:42:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/03/24 08:50:52 | 000,226,366 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
========== ZeroAccess Check ==========
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/01/23 10:52:09 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\1O1L1I1PtF1F1C1N
[2014/05/18 03:50:36 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Acapela Group
[2014/05/19 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Apowersoft
[2014/02/20 04:05:12 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Arduino
[2014/09/12 22:21:11 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\ARHome
[2014/04/28 09:27:16 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\AVG
[2014/04/28 08:52:45 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\AVG2014
[2013/08/31 01:10:23 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Baidu Security
[2013/10/11 09:52:46 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\BANDISOFT
[2013/12/29 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Bonanza
[2013/09/28 14:17:12 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\C-Free
[2013/10/15 09:09:33 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\DAEMON Tools Ult
[2013/11/14 16:29:40 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\DAEMON Tools Ultra
[2014/05/20 10:34:40 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\DefaultTab
[2014/01/21 07:29:45 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Design Science
[2013/08/13 14:13:30 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Downloaded Installations
[2014/10/07 09:21:39 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Dropbox
[2014/01/22 08:28:08 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\FileOpen
[2013/12/16 00:04:39 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\FileZilla
[2014/08/18 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\FinalMediaPlayer
[2014/01/23 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\GenuineRegistryDoctor
[2014/10/06 02:11:53 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Hotspot Shield
[2014/01/20 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Joyvy
[2013/10/15 02:49:27 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\MetalPlayer
[2014/02/14 01:00:33 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\MiniGet
[2014/04/12 16:04:39 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Nitro
[2014/06/13 11:44:34 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Nitro PDF
[2014/10/07 22:52:30 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Notepad++
[2014/09/14 03:50:48 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Paltalk
[2013/09/22 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\ShredderChess
[2014/10/08 02:43:47 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Software Informer
[2013/08/07 12:20:22 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Synaptics
[2014/05/17 03:34:40 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\TeamViewer
[2014/01/27 00:38:08 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\texstudio
[2014/02/26 12:44:09 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\The Creative Assembly
[2014/04/03 01:08:24 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Thinstall
[2013/11/14 16:29:50 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\TuneUp Software
[2014/10/08 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\uTorrent
[2014/06/25 04:43:18 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Vodafone
[2014/09/12 21:17:22 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\VolIE
[2014/02/17 16:17:09 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\WebcamMax
[2014/01/31 03:16:48 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\WinZip
[2014/04/30 03:52:03 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Wireshark
[2014/05/26 15:52:37 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Wise Game Booster
[2013/09/24 04:08:01 | 000,000,000 | ---D | M] -- C:\Users\MAGMAM\AppData\Roaming\Xilinx
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2009/07/13 18:51:38 | 000,004,127 | ---- | M] () MD5=11D428A7E849CB86FC03D5CCCBB49BAB -- C:\Windows\PolicyDefinitions\pt-BR\Explorer.adml
[2009/07/13 18:51:38 | 000,004,127 | ---- | M] () MD5=11D428A7E849CB86FC03D5CCCBB49BAB -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_24730c3a385d056d\Explorer.adml
[2009/07/13 18:48:32 | 000,005,858 | ---- | M] () MD5=18E3D562E7E80B329AE5309E368FD567 -- C:\Windows\PolicyDefinitions\ru-RU\Explorer.adml
[2009/07/13 18:48:32 | 000,005,858 | ---- | M] () MD5=18E3D562E7E80B329AE5309E368FD567 -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_6bf7ed6a1cae0375\Explorer.adml
[2010/11/21 02:38:36 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2010/11/21 02:38:36 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
[2009/07/13 18:48:48 | 000,004,323 | ---- | M] () MD5=8B464AD7793D75D23C8A4EAAA337133D -- C:\Windows\PolicyDefinitions\pt-PT\Explorer.adml
[2009/07/13 18:48:48 | 000,004,323 | ---- | M] () MD5=8B464AD7793D75D23C8A4EAAA337133D -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_2554dba637cc7549\Explorer.adml
[2009/07/13 18:43:52 | 000,004,222 | ---- | M] () MD5=8C8B21F6E582CE8E6A903BF78A8F30A4 -- C:\Windows\PolicyDefinitions\pl-PL\Explorer.adml
[2009/07/13 18:43:52 | 000,004,222 | ---- | M] () MD5=8C8B21F6E582CE8E6A903BF78A8F30A4 -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_221f219639d37189\Explorer.adml
[2009/07/13 18:45:34 | 000,005,115 | ---- | M] () MD5=91DBE271E48163962985E79F116E9EBA -- C:\Windows\PolicyDefinitions\ar-SA\Explorer.adml
[2009/07/13 18:45:34 | 000,005,115 | ---- | M] () MD5=91DBE271E48163962985E79F116E9EBA -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_8e37323606a67dee\Explorer.adml
[2009/07/13 18:46:34 | 000,003,899 | ---- | M] () MD5=CCBB9E6634BFB875E7EEC651EE423C7D -- C:\Windows\PolicyDefinitions\da-DK\Explorer.adml
[2009/07/13 18:46:34 | 000,003,899 | ---- | M] () MD5=CCBB9E6634BFB875E7EEC651EE423C7D -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_7cba6a80daf4a76f\Explorer.adml
[2009/07/13 18:51:38 | 000,004,042 | ---- | M] () MD5=D27774F906BAD75420F5C0AC0A31911A -- C:\Windows\PolicyDefinitions\tr-TR\Explorer.adml
[2009/07/13 18:51:38 | 000,004,042 | ---- | M] () MD5=D27774F906BAD75420F5C0AC0A31911A -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_b100222602930fc1\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 23:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
< MD5 for: EXPLORER.BH3 >
[2003/04/19 01:57:40 | 000,014,023 | ---- | M] () MD5=7A8BC9CC3B897C66F90F94952EE1F40E -- C:\Program Files (x86)\Microsoft Games\Rise of Nations\art\explorer.bh3
[2003/04/19 01:57:40 | 000,014,023 | ---- | M] () MD5=7A8BC9CC3B897C66F90F94952EE1F40E -- C:\Program Files\Microsoft Games\Rise of Nations\art\explorer.bh3
< MD5 for: EXPLORER.BMP >
[2001/08/03 10:44:58 | 000,000,886 | ---- | M] () MD5=A69B77C6B94CB3F0AE2077FDEEC2A6CD -- C:\Program Files\WinEdt Team\WinEdt\Bitmaps\Images\Explorer.bmp
[2001/08/03 10:44:58 | 000,001,398 | ---- | M] () MD5=F7347D709D614D76A51526BD430FE961 -- C:\Program Files\WinEdt Team\WinEdt\Bitmaps\Buttons\Explorer.bmp
< MD5 for: EXPLORER.EXE >
[2011/05/13 01:00:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/05/13 01:00:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/05/13 01:00:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/05/13 01:00:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: EXPLORER.EXE.5344.DMP >
[2014/10/08 01:43:08 | 001,408,513 | ---- | M] () MD5=52A9274C34C81CE607A6252C05B17C22 -- C:\Users\MAGMAM\AppData\Local\CrashDumps\explorer.exe.5344.dmp
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 18:43:20 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=3F17C383DA8DB4A20F404BB1F506EC88 -- C:\Windows\tr-TR\explorer.exe.mui
[2009/07/13 18:43:20 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=3F17C383DA8DB4A20F404BB1F506EC88 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_93f229b10bdf6858\explorer.exe.mui
[2009/07/13 18:42:18 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4435076659C5283C7C8019B8F840AF66 -- C:\Windows\th-TH\explorer.exe.mui
[2009/07/13 18:42:18 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4435076659C5283C7C8019B8F840AF66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_th-th_8fef011d0e6823a8\explorer.exe.mui
[2009/07/13 18:29:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=5C2E519A4194C91460DB9550F1EE0ED9 -- C:\Windows\bg-BG\explorer.exe.mui
[2009/07/13 18:29:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=5C2E519A4194C91460DB9550F1EE0ED9 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_17691b4a007327dc\explorer.exe.mui
[2009/07/13 18:43:18 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=6934C2A4C47AF9F13639699A09EE2D82 -- C:\Windows\pl-PL\explorer.exe.mui
[2009/07/13 18:43:18 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=6934C2A4C47AF9F13639699A09EE2D82 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_05112921431fca20\explorer.exe.mui
[2009/07/13 18:43:32 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=6FDFAFAAD57AD782AA22E5B68B2A01B7 -- C:\Windows\pt-BR\explorer.exe.mui
[2009/07/13 18:43:32 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=6FDFAFAAD57AD782AA22E5B68B2A01B7 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_076513c541a95e04\explorer.exe.mui
[2009/07/13 18:48:22 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=9FCCBA67F24566B16CD8163FD9256B50 -- C:\Windows\pt-PT\explorer.exe.mui
[2009/07/13 18:48:22 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=9FCCBA67F24566B16CD8163FD9256B50 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_0846e3314118cde0\explorer.exe.mui
[2010/11/21 02:38:27 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 02:38:27 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
[2009/07/13 18:42:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=C615E52F17720AE29F027EF1E6A31EBA -- C:\Windows\ro-RO\explorer.exe.mui
[2009/07/13 18:42:30 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=C615E52F17720AE29F027EF1E6A31EBA -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_4c81a969277f993c\explorer.exe.mui
[2009/07/13 18:48:08 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C8A97DC216E7986AF093FB639118D404 -- C:\Windows\ru-RU\explorer.exe.mui
[2009/07/13 18:48:08 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=C8A97DC216E7986AF093FB639118D404 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_4ee9f4f525fa5c0c\explorer.exe.mui
[2009/07/13 18:45:02 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=D237C6B971800772656BD65BD6DCF096 -- C:\Windows\ar-SA\explorer.exe.mui
[2009/07/13 18:45:02 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=D237C6B971800772656BD65BD6DCF096 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_712939c10ff2d685\explorer.exe.mui
[2009/07/13 18:46:10 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=D51032E556CC1CE31308EAA666F23D07 -- C:\Windows\da-DK\explorer.exe.mui
[2009/07/13 18:46:10 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=D51032E556CC1CE31308EAA666F23D07 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_5fac720be4410006\explorer.exe.mui
< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2014/10/07 23:27:16 | 000,049,488 | ---- | M] () MD5=A3BCBC89228E9E1BEF7A23D2709A87AA -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
< MD5 for: EXPLORER.TGA >
[2003/04/19 01:57:40 | 000,016,115 | ---- | M] () MD5=7257E1D90C422A75F20E1FFEFB959889 -- C:\Program Files (x86)\Microsoft Games\Rise of Nations\art\explorer.tga
[2003/04/19 01:57:40 | 000,016,115 | ---- | M] () MD5=7257E1D90C422A75F20E1FFEFB959889 -- C:\Program Files\Microsoft Games\Rise of Nations\art\explorer.tga
< MD5 for: EXPLORER.ZIP >
[2009/06/04 05:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
[2009/06/03 19:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
< MD5 for: IEXPLORE.EXE >
[2014/03/08 03:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_1f1cb5860a5394ee\iexplore.exe
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2013/06/12 02:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/08/03 10:37:20 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_ba672fa865e3902d\iexplore.exe
[2013/05/29 05:32:47 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=33E62E4EFC2ACA8EC63A8926F26D3889 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20606_none_b1da3f12e114fd0b\iexplore.exe
[2013/08/10 06:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_ba6c1a5265df2881\iexplore.exe
[2014/03/02 00:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_1ee4a3700a7df0ce\iexplore.exe
[2014/02/07 00:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_1ee303ae0a7f8ade\iexplore.exe
[2013/08/10 07:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_a394d1a47f8d8a3c\iexplore.exe
[2014/06/02 06:43:13 | 000,812,248 | ---- | M] (Microsoft Corporation) MD5=60F88F6CA6303E8273AF7AAA9AAFECAC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_1f0f731e0a5dfe56\iexplore.exe
[2013/07/26 05:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_ba6aa26e65e05c0d\iexplore.exe
[2011/05/13 00:56:29 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
[2013/10/12 09:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_a384a5267f9a8dfe\iexplore.exe
[2010/11/20 23:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[2013/11/29 15:59:40 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\erdnt\cache\iexplore.exe
[2013/11/29 15:59:40 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_1eeed3e40a768844\iexplore.exe
[2014/06/20 21:39:54 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=CD900EFB4F8946A2BB1950D9F45915C2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17207_none_1f028bd60a68013a\iexplore.exe
[2014/08/01 01:16:35 | 000,812,224 | ---- | M] (Microsoft Corporation) MD5=CDF01A5C7927786A708EAEE91F14797B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17239_none_1f055f240a658081\iexplore.exe
[2013/09/23 01:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_ba5bba9265ec2c43\iexplore.exe
[2013/10/12 09:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_ba5c48f465ebc5bf\iexplore.exe
[2013/09/23 02:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_a38444547f9ac140\iexplore.exe
[2013/07/26 07:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_a39175a67f90a4bb\iexplore.exe
[2013/05/29 04:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16496_none_b0ef5115c8405b93\iexplore.exe
[2014/08/19 19:39:25 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=EEA63B8CF19E59C4A51AD2D9A59DDA25 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/08/19 19:39:25 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=EEA63B8CF19E59C4A51AD2D9A59DDA25 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17280_none_1f0b2d9e0a60188b\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2013/11/29 16:02:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=0932AA1AD993263E2E56F3B56CD3B9DD -- C:\Program Files\Internet Explorer\tr-TR\iexplore.exe.mui
[2013/11/29 16:02:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=0932AA1AD993263E2E56F3B56CD3B9DD -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_tr-tr_a6c4b5cb790dd11e\iexplore.exe.mui
[2013/11/29 16:14:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=09B21C551BD19C9A11026B198A064B31 -- C:\Program Files\Internet Explorer\th-TH\iexplore.exe.mui
[2013/11/29 16:14:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=09B21C551BD19C9A11026B198A064B31 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_th-th_a2c18d377b968c6e\iexplore.exe.mui
[2013/11/29 15:59:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/29 15:59:42 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_189b695b4223c92b\iexplore.exe.mui
[2009/07/13 17:41:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=0EF97FB20FD19F9FDB175948E68800C1 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_pl-pl_ae6ceed428e183fe\iexplore.exe.mui
[2009/07/13 17:33:10 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=12C68FA60C64C2A5256BB945D3D2EFB8 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_th-th_394ac6cff429dd86\iexplore.exe.mui
[2013/11/29 16:13:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=2AEF0D19FCA781DE91ADCB75D48FE897 -- C:\Program Files\Internet Explorer\ru-RU\iexplore.exe.mui
[2013/11/29 16:13:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=2AEF0D19FCA781DE91ADCB75D48FE897 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_ru-ru_61bc810f9328c4d2\iexplore.exe.mui
[2009/07/13 17:35:30 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=3C6ACA369FFF1767AB30D03A23976F94 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_bg-bg_c0c4e0fce634e1ba\iexplore.exe.mui
[2011/05/13 00:56:29 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui
[2009/07/13 17:49:40 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=4F5AB163F1D2026CF41EB1C44CD70F21 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_pt-br_b0c0d978276b17e2\iexplore.exe.mui
[2013/11/29 16:10:11 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EA584A09C5A9F7C1F122B8D758B8C1D -- C:\Program Files\Internet Explorer\da-DK\iexplore.exe.mui
[2013/11/29 16:10:11 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=5EA584A09C5A9F7C1F122B8D758B8C1D -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_da-dk_727efe26516f68cc\iexplore.exe.mui
[2009/07/13 17:49:02 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6A3BEAC445371FE174ED49664E8DB86F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_tr-tr_3d4def63f1a12236\iexplore.exe.mui
[2009/07/13 17:37:04 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=6A4942DE97D5C7053B0174EC820F0F60 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_da-dk_090837beca02b9e4\iexplore.exe.mui
[2013/11/29 16:05:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=79A9B3211174D45EEC11ED5611EE965D -- C:\Program Files\Internet Explorer\pl-PL\iexplore.exe.mui
[2013/11/29 16:05:36 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=79A9B3211174D45EEC11ED5611EE965D -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_pl-pl_17e3b53bb04e32e6\iexplore.exe.mui
[2009/07/13 17:39:54 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=7E597787327BCC4F5EF5ACED68146DC6 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_pt-pt_b1a2a8e426da87be\iexplore.exe.mui
[2013/03/30 12:11:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/08/03 10:37:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2009/07/13 17:32:32 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=9237D5B1F00C05B7AD88D559A6F73377 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_ro-ro_f5dd6f1c0d41531a\iexplore.exe.mui
[2009/07/13 17:39:10 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=9A35E917E4B5C27A51B756BAF7D7F815 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_ru-ru_f845baa80bbc15ea\iexplore.exe.mui
[2013/11/29 16:03:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A477F8F74F549BBF798E2DB193EB0DBB -- C:\Program Files\Internet Explorer\pt-PT\iexplore.exe.mui
[2013/11/29 16:03:54 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A477F8F74F549BBF798E2DB193EB0DBB -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_pt-pt_1b196f4bae4736a6\iexplore.exe.mui
[2013/11/29 16:15:17 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A8A118655EAAC902111CC859B56A1B20 -- C:\Program Files\Internet Explorer\bg-BG\iexplore.exe.mui
[2013/11/29 16:15:17 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=A8A118655EAAC902111CC859B56A1B20 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_bg-bg_2a3ba7646da190a2\iexplore.exe.mui
[2013/11/29 16:11:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AA961A309B4A5E877E2EF217EE4097A1 -- C:\Program Files\Internet Explorer\ro-RO\iexplore.exe.mui
[2013/11/29 16:11:51 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AA961A309B4A5E877E2EF217EE4097A1 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_ro-ro_5f54358394ae0202\iexplore.exe.mui
[2013/11/29 16:08:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AC01ED6E0675DD94EB7A0CA60BECF933 -- C:\Program Files\Internet Explorer\pt-BR\iexplore.exe.mui
[2013/11/29 16:08:43 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=AC01ED6E0675DD94EB7A0CA60BECF933 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_pt-br_1a379fdfaed7c6ca\iexplore.exe.mui
[2009/07/13 17:35:22 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E744B41E15F382EE38057D5559574DF8 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_ar-sa_1a84ff73f5b49063\iexplore.exe.mui
[2009/07/14 04:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui
[2014/05/03 17:18:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FDC8BC1FF3993673FD148FD1119FE78E -- C:\Program Files\Internet Explorer\ar-SA\iexplore.exe.mui
[2014/05/03 17:18:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FDC8BC1FF3993673FD148FD1119FE78E -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_ar-sa_83fbc5db7d213f4b\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2014/10/07 22:34:32 | 000,070,976 | ---- | M] () MD5=5323255CDFF1AFB1894BE15AF498E4BC -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
< MD5 for: SERVICES >
[2013/06/05 19:48:34 | 002,557,368 | ---- | M] () MD5=0BD54F76704E0E4302947C6D531C6297 -- C:\Program Files (x86)\Wireshark\services
[2014/04/20 19:03:18 | 000,930,834 | ---- | M] () MD5=3F8D39D7F13AC4D479BED1C1D456E013 -- C:\Program Files\Wireshark\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010/11/21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009/07/13 18:47:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0F006BAEB5F7BF8128B634046B6AFC20 -- C:\Windows\System32\ru-RU\services.exe.mui
[2009/07/13 18:47:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0F006BAEB5F7BF8128B634046B6AFC20 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_b2f4b4eed84dbed9\services.exe.mui
[2009/07/13 18:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\System32\ro-RO\services.exe.mui
[2009/07/13 18:41:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=13D87E1A0FCE47C4743C2DED1F569F52 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_b08c6962d9d2fc09\services.exe.mui
[2009/07/13 18:29:26 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=246EC174DA214349EF15DC8183BFE32D -- C:\Windows\System32\bg-BG\services.exe.mui
[2009/07/13 18:29:26 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=246EC174DA214349EF15DC8183BFE32D -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_7b73db43b2c68aa9\services.exe.mui
[2009/07/13 18:43:52 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=33F631CFD6AEBF0F4EA34E7AA7484CEF -- C:\Windows\System32\da-DK\services.exe.mui
[2009/07/13 18:43:52 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=33F631CFD6AEBF0F4EA34E7AA7484CEF -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_c3b73205969462d3\services.exe.mui
[2009/07/13 18:34:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6826E85A4586EFAC6121261AA68CAC3C -- C:\Windows\System32\th-TH\services.exe.mui
[2009/07/13 18:34:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=6826E85A4586EFAC6121261AA68CAC3C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_th-th_f3f9c116c0bb8675\services.exe.mui
[2009/07/13 18:44:10 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=6D8E63A4DB8C1761AD4440C7D1818CF4 -- C:\Windows\System32\ar-SA\services.exe.mui
[2009/07/13 18:44:10 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=6D8E63A4DB8C1761AD4440C7D1818CF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_d533f9bac2463952\services.exe.mui
[2009/07/13 18:50:14 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=A23ED3C2245080D27C9ED860C2837B42 -- C:\Windows\System32\pl-PL\services.exe.mui
[2009/07/13 18:50:14 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=A23ED3C2245080D27C9ED860C2837B42 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_691be91af5732ced\services.exe.mui
[2009/07/13 18:47:30 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B8C084BB518768C7F4B8428A51686D55 -- C:\Windows\System32\pt-PT\services.exe.mui
[2009/07/13 18:47:30 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B8C084BB518768C7F4B8428A51686D55 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_6c51a32af36c30ad\services.exe.mui
[2009/07/13 18:42:32 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=C92BECF5C5A6E982E4005445183F604F -- C:\Windows\System32\tr-TR\services.exe.mui
[2009/07/13 18:42:32 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=C92BECF5C5A6E982E4005445183F604F -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_f7fce9aabe32cb25\services.exe.mui
[2009/07/13 18:42:32 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui
[2009/07/13 18:42:32 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui
< MD5 for: SERVICES.FRM >
[2012/09/21 17:12:26 | 000,008,820 | ---- | M] () MD5=DCEB8781CA633992CB031D74110A604E -- C:\Program Files (x86)\ManageEngine\OpManager\mysql\data\opmanagerdb\services.frm
< MD5 for: SERVICES.LNK >
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.M >
[2008/11/10 21:53:30 | 000,024,015 | ---- | M] () MD5=31ECE8300894A8BBD2B512625FC85011 -- C:\Program Files\Wolfram Research\Mathematica\7.0\SystemFiles\Autoload\PacletManager\Kernel\Services.m
< MD5 for: SERVICES.MOF >
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
< MD5 for: SERVICES.MSC >
[2009/07/13 18:36:10 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\System32\ru-RU\services.msc
[2009/07/13 18:36:10 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ed3684daaeb758cc\services.msc
[2009/07/13 18:41:10 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\System32\da-DK\services.msc
[2009/07/13 18:41:10 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_fdf901f16cfdfcc6\services.msc
[2010/11/21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010/11/21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 18:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\System32\ar-SA\services.msc
[2009/07/13 18:40:10 | 000,092,781 | ---- | M] () MD5=8AE3EDA71772B6C307111DCC9336F8C8 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_0f75c9a698afd345\services.msc
[2009/07/13 18:45:44 | 000,092,758 | ---- | M] () MD5=A513B67E9C7A17FEE1126FDD0677434E -- C:\Windows\System32\tr-TR\services.msc
[2009/07/13 18:45:44 | 000,092,758 | ---- | M] () MD5=A513B67E9C7A17FEE1126FDD0677434E -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_323eb996949c6518\services.msc
[2009/07/13 18:37:46 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\System32\pl-PL\services.msc
[2009/07/13 18:37:46 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_a35db906cbdcc6e0\services.msc
[2009/07/13 18:44:26 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\System32\pt-PT\services.msc
[2009/07/13 18:44:26 | 000,092,750 | ---- | M] () MD5=D10CEC9EE745D47F175851A96897BA51 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_a6937316c9d5caa0\services.msc
[2009/07/13 18:46:26 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2009/07/13 18:46:26 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
< MD5 for: SERVICES.PNG >
[2012/07/04 14:15:54 | 000,001,772 | ---- | M] () MD5=A2543F2B616F782FFB08BD76F89EE544 -- C:\Program Files (x86)\ManageEngine\OpManager\webclient\devices\images\Services.png
< MD5 for: SERVICES.PTXML >
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
< MD5 for: SERVICES.TICO >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files\AVG\AVG PC TuneUp\data\services.tico
< MD5 for: SERVICES.XML >
[2012/07/04 14:15:56 | 000,000,588 | ---- | M] () MD5=560829A05258CE86EE5517B5AE30CFEC -- C:\Program Files (x86)\ManageEngine\OpManager\conf\services.xml
< MD5 for: WINLOGON.ADML >
[2009/07/13 18:39:58 | 000,013,486 | ---- | M] () MD5=0C0FE7ABF455EC3BCBE3EE70EE01E948 -- C:\Windows\PolicyDefinitions\ru-RU\WinLogon.adml
[2009/07/13 18:39:58 | 000,013,486 | ---- | M] () MD5=0C0FE7ABF455EC3BCBE3EE70EE01E948 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ddfb7f5f8f3a8ae1\WinLogon.adml
[2009/07/13 18:43:58 | 000,012,218 | ---- | M] () MD5=110C3B16C987CCCE651A623DF8943DEE -- C:\Windows\PolicyDefinitions\ar-SA\WinLogon.adml
[2009/07/13 18:43:58 | 000,012,218 | ---- | M] () MD5=110C3B16C987CCCE651A623DF8943DEE -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_003ac42b7933055a\WinLogon.adml
[2009/07/13 18:49:50 | 000,009,285 | ---- | M] () MD5=24253B0728C6EFB515839DBF8E74DF3F -- C:\Windows\PolicyDefinitions\pl-PL\WinLogon.adml
[2009/07/13 18:49:50 | 000,009,285 | ---- | M] () MD5=24253B0728C6EFB515839DBF8E74DF3F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_9422b38bac5ff8f5\WinLogon.adml
[2009/07/13 18:40:52 | 000,009,721 | ---- | M] () MD5=392A832C05008717B119B1A156C836B8 -- C:\Windows\PolicyDefinitions\pt-PT\WinLogon.adml
[2009/07/13 18:40:52 | 000,009,721 | ---- | M] () MD5=392A832C05008717B119B1A156C836B8 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_97586d9baa58fcb5\WinLogon.adml
[2009/07/13 18:44:54 | 000,008,821 | ---- | M] () MD5=39FE1BDAD812A44C3003778EC1DDB269 -- C:\Windows\PolicyDefinitions\da-DK\WinLogon.adml
[2009/07/13 18:44:54 | 000,008,821 | ---- | M] () MD5=39FE1BDAD812A44C3003778EC1DDB269 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_eebdfc764d812edb\WinLogon.adml
[2009/07/13 18:50:40 | 000,008,891 | ---- | M] () MD5=498099F2EFD6B1499575582C58B87D34 -- C:\Windows\PolicyDefinitions\pt-BR\WinLogon.adml
[2009/07/13 18:50:40 | 000,008,891 | ---- | M] () MD5=498099F2EFD6B1499575582C58B87D34 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_96769e2faae98cd9\WinLogon.adml
[2010/11/21 02:38:36 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2010/11/21 02:38:36 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
[2009/07/13 18:49:50 | 000,009,229 | ---- | M] () MD5=ED7BD76407AA339F2A4D2532884D0255 -- C:\Windows\PolicyDefinitions\tr-TR\WinLogon.adml
[2009/07/13 18:49:50 | 000,009,229 | ---- | M] () MD5=ED7BD76407AA339F2A4D2532884D0255 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_2303b41b751f972d\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 23:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014/03/04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\System32\winlogon.exe
[2014/03/04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014/03/04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 04:47:30 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=01C32D1482344A54336F63095AD0318B -- C:\Windows\System32\tr-TR\winlogon.exe.mui
[2010/11/20 04:47:30 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=01C32D1482344A54336F63095AD0318B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_tr-tr_5b2947e699429338\winlogon.exe.mui
[2010/11/20 04:35:46 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=23EA2D4C545ED87E2F2063B558F0C6AB -- C:\Windows\System32\ro-RO\winlogon.exe.mui
[2010/11/20 04:35:46 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=23EA2D4C545ED87E2F2063B558F0C6AB -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_ro-ro_13b8c79eb4e2c41c\winlogon.exe.mui
[2010/11/20 04:33:58 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=457F07AB81E9245CB30605D8507A33CA -- C:\Windows\System32\da-DK\winlogon.exe.mui
[2010/11/20 04:33:58 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=457F07AB81E9245CB30605D8507A33CA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_da-dk_26e3904171a42ae6\winlogon.exe.mui
[2010/11/21 02:38:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2010/11/21 02:38:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
[2010/11/20 04:55:58 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=713FA5D57583A7F08628371497E92E64 -- C:\Windows\System32\pt-BR\winlogon.exe.mui
[2010/11/20 04:55:58 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=713FA5D57583A7F08628371497E92E64 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_ce9c31facf0c88e4\winlogon.exe.mui
[2010/11/20 04:46:24 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=7BD4B15378DA488B8CD51EED275447D4 -- C:\Windows\System32\ru-RU\winlogon.exe.mui
[2010/11/20 04:46:24 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=7BD4B15378DA488B8CD51EED275447D4 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_ru-ru_1621132ab35d86ec\winlogon.exe.mui
[2010/11/20 04:46:32 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=B11892C84B25EAD09065E948C509A63E -- C:\Windows\System32\pt-PT\winlogon.exe.mui
[2010/11/20 04:46:32 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=B11892C84B25EAD09065E948C509A63E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_pt-pt_cf7e0166ce7bf8c0\winlogon.exe.mui
[2010/11/20 04:33:56 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B32EA0DCF202619AA9670D2ED72F22FA -- C:\Windows\System32\bg-BG\winlogon.exe.mui
[2010/11/20 04:33:56 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=B32EA0DCF202619AA9670D2ED72F22FA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_bg-bg_dea0397f8dd652bc\winlogon.exe.mui
[2010/11/20 04:35:46 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=BB7EE60E5D03373F049EF9716E96BC2E -- C:\Windows\System32\th-TH\winlogon.exe.mui
[2010/11/20 04:35:46 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=BB7EE60E5D03373F049EF9716E96BC2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_th-th_57261f529bcb4e88\winlogon.exe.mui
[2010/11/20 04:35:38 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=DD149ED9747AE77AF6220E0BC25AF64F -- C:\Windows\System32\ar-SA\winlogon.exe.mui
[2010/11/20 04:35:38 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=DD149ED9747AE77AF6220E0BC25AF64F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_386057f69d560165\winlogon.exe.mui
[2010/11/20 04:40:38 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=FCDB1BB88BFFB01B8744825524F7F41D -- C:\Windows\System32\pl-PL\winlogon.exe.mui
[2010/11/20 04:40:38 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=FCDB1BB88BFFB01B8744825524F7F41D -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_pl-pl_cc484756d082f500\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009/07/13 18:42:28 | 000,001,080 | ---- | M] () MD5=02345C56B022772AA29A6D249CBDDF62 -- C:\Windows\System32\wbem\pt-PT\winlogon.mfl
[2009/07/13 18:42:28 | 000,001,080 | ---- | M] () MD5=02345C56B022772AA29A6D249CBDDF62 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_2b0f3f69ecc5cebb\winlogon.mfl
[2010/11/21 02:38:26 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2010/11/21 02:38:26 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
[2009/07/13 18:42:46 | 000,001,080 | ---- | M] () MD5=29D2D7CADA55AF5A1AC8B80FC9D75371 -- C:\Windows\System32\wbem\ro-RO\winlogon.mfl
[2009/07/13 18:42:46 | 000,001,080 | ---- | M] () MD5=29D2D7CADA55AF5A1AC8B80FC9D75371 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_6f4a05a1d32c9a17\winlogon.mfl
[2009/07/13 18:51:26 | 000,001,080 | ---- | M] () MD5=43DFDBFDFB7703B4E0E1533766E0C9C7 -- C:\Windows\System32\wbem\pl-PL\winlogon.mfl
[2009/07/13 18:51:26 | 000,001,080 | ---- | M] () MD5=43DFDBFDFB7703B4E0E1533766E0C9C7 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_27d98559eecccafb\winlogon.mfl
[2009/07/13 18:38:44 | 000,001,080 | ---- | M] () MD5=5EA7D2D62B1125D9E9D17AD55F86C1DD -- C:\Windows\System32\wbem\da-DK\winlogon.mfl
[2009/07/13 18:38:44 | 000,001,080 | ---- | M] () MD5=5EA7D2D62B1125D9E9D17AD55F86C1DD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_8274ce448fee00e1\winlogon.mfl
[2009/07/13 18:43:20 | 000,001,080 | ---- | M] () MD5=7692E2CEBFFA255EC64C28299416665F -- C:\Windows\System32\wbem\tr-TR\winlogon.mfl
[2009/07/13 18:43:20 | 000,001,080 | ---- | M] () MD5=7692E2CEBFFA255EC64C28299416665F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_b6ba85e9b78c6933\winlogon.mfl
[2009/07/13 18:51:48 | 000,001,080 | ---- | M] () MD5=A728BE28643DDDCDA8D9A0477A28CB0E -- C:\Windows\System32\wbem\pt-BR\winlogon.mfl
[2009/07/13 18:51:48 | 000,001,080 | ---- | M] () MD5=A728BE28643DDDCDA8D9A0477A28CB0E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_2a2d6ffded565edf\winlogon.mfl
[2009/07/13 18:41:22 | 000,001,080 | ---- | M] () MD5=AC3DB6214BE53F6D948067FDFAEA8467 -- C:\Windows\System32\wbem\ru-RU\winlogon.mfl
[2009/07/13 18:41:22 | 000,001,080 | ---- | M] () MD5=AC3DB6214BE53F6D948067FDFAEA8467 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_71b2512dd1a75ce7\winlogon.mfl
[2009/07/13 18:35:34 | 000,001,080 | ---- | M] () MD5=B992736896EF493AA07E4A9F1E11BE51 -- C:\Windows\System32\wbem\th-TH\winlogon.mfl
[2009/07/13 18:35:34 | 000,001,080 | ---- | M] () MD5=B992736896EF493AA07E4A9F1E11BE51 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_th-th_b2b75d55ba152483\winlogon.mfl
[2009/07/13 18:37:50 | 000,001,080 | ---- | M] () MD5=D3EFBC11EEB056EA49C066DD5ABCF0F2 -- C:\Windows\System32\wbem\ar-SA\winlogon.mfl
[2009/07/13 18:37:50 | 000,001,080 | ---- | M] () MD5=D3EFBC11EEB056EA49C066DD5ABCF0F2 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_93f195f9bb9fd760\winlogon.mfl
[2009/07/13 18:32:36 | 000,001,080 | ---- | M] () MD5=EBFDF32FB385DB23B47F99B5D1841759 -- C:\Windows\System32\wbem\bg-BG\winlogon.mfl
[2009/07/13 18:32:36 | 000,001,080 | ---- | M] () MD5=EBFDF32FB385DB23B47F99B5D1841759 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_3a317782ac2028b7\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009/07/13 22:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2014/01/21 22:21:58 | 000,054,606 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/09/14 03:44:25 | 000,000,748 | ---- | M] () -- C:\console.log
[2014/10/06 02:45:38 | 000,000,009 | ---- | M] () -- C:\END
[2007/11/07 18:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 18:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 18:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 18:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 18:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 18:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 18:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 18:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 18:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2012/10/08 01:26:43 | 000,000,876 | ---- | M] () -- C:\Exe.reg
[2014/09/16 18:03:43 | 000,004,238 | ---- | M] () -- C:\GingerSetup.log
[2014/09/16 18:03:43 | 000,029,326 | ---- | M] () -- C:\GingerSetupHelper.log
[2007/11/07 18:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2014/01/14 13:29:56 | 000,001,054 | ---- | M] () -- C:\GSview 4.6.LNK
[2014/10/07 09:18:47 | 2370,592,768 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 18:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 18:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 18:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 18:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 18:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 18:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 18:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 18:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 18:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 18:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2014/10/08 01:49:47 | 402,935,807 | -HS- | M] () -- C:\pagefile.sys
[2013/05/19 22:12:52 | 000,312,273 | ---- | M] () -- C:\Section 1.rar
[2012/11/30 18:19:27 | 000,000,360 | ---- | M] () -- C:\SetSearchAndHomepageInBrowserLog.txt
[2013/08/03 23:20:15 | 339,909,456 | ---- | M] (Hewlett Packard Company ) -- C:\sp55947.exe
[2013/08/04 21:57:41 | 090,242,800 | ---- | M] (Hewlett Packard ) -- C:\sp56282.exe
[2012/10/22 03:58:25 | 000,001,392 | ---- | M] () -- C:\user.js
[2007/11/07 18:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 18:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 18:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 23:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 62CB-5226
Directory of C:\
07/14/2009 06:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Evernote
05/05/2011 03:06 AM <SYMLINKD> Evernote3.5 [C:\Program Files (x86)\Evernote\Evernote]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 06:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 06:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 06:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 06:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 06:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 06:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 06:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\123321
01/14/2014 10:32 AM <JUNCTION> Application Data [C:\Users\123321\AppData\Roaming]
01/14/2014 10:32 AM <JUNCTION> Cookies [C:\Users\123321\AppData\Roaming\Microsoft\Windows\Cookies]
01/14/2014 10:32 AM <JUNCTION> Local Settings [C:\Users\123321\AppData\Local]
01/14/2014 10:32 AM <JUNCTION> My Documents [C:\Users\123321\Documents]
01/14/2014 10:32 AM <JUNCTION> NetHood [C:\Users\123321\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/14/2014 10:32 AM <JUNCTION> PrintHood [C:\Users\123321\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/14/2014 10:32 AM <JUNCTION> Recent [C:\Users\123321\AppData\Roaming\Microsoft\Windows\Recent]
01/14/2014 10:32 AM <JUNCTION> SendTo [C:\Users\123321\AppData\Roaming\Microsoft\Windows\SendTo]
01/14/2014 10:32 AM <JUNCTION> Start Menu [C:\Users\123321\AppData\Roaming\Microsoft\Windows\Start Menu]
01/14/2014 10:32 AM <JUNCTION> Templates [C:\Users\123321\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\123321\AppData\Local
01/14/2014 10:32 AM <JUNCTION> Application Data [C:\Users\123321\AppData\Local]
01/14/2014 10:32 AM <JUNCTION> History [C:\Users\123321\AppData\Local\Microsoft\Windows\History]
01/14/2014 10:32 AM <JUNCTION> Temporary Internet Files [C:\Users\123321\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\123321\Documents
01/14/2014 10:32 AM <JUNCTION> My Music [C:\Users\123321\Music]
01/14/2014 10:32 AM <JUNCTION> My Pictures [C:\Users\123321\Pictures]
01/14/2014 10:32 AM <JUNCTION> My Videos [C:\Users\123321\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 06:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 06:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 06:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 06:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 06:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 06:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 06:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 06:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 06:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 06:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 06:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 06:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 06:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 06:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 06:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 06:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 06:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 06:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 06:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\MAGMAM
08/02/2013 01:25 PM <JUNCTION> Application Data [C:\Users\MAGMAM\AppData\Roaming]
08/02/2013 01:25 PM <JUNCTION> Cookies [C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Cookies]
08/02/2013 01:25 PM <JUNCTION> Local Settings [C:\Users\MAGMAM\AppData\Local]
08/02/2013 01:25 PM <JUNCTION> My Documents [C:\Users\MAGMAM\Documents]
08/02/2013 01:25 PM <JUNCTION> NetHood [C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/02/2013 01:25 PM <JUNCTION> PrintHood [C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/02/2013 01:25 PM <JUNCTION> Recent [C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Recent]
08/02/2013 01:25 PM <JUNCTION> SendTo [C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\SendTo]
08/02/2013 01:25 PM <JUNCTION> Start Menu [C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Start Menu]
08/02/2013 01:25 PM <JUNCTION> Templates [C:\Users\MAGMAM\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\MAGMAM\AppData\Local
08/02/2013 01:25 PM <JUNCTION> Application Data [C:\Users\MAGMAM\AppData\Local]
08/02/2013 01:25 PM <JUNCTION> History [C:\Users\MAGMAM\AppData\Local\Microsoft\Windows\History]
08/02/2013 01:25 PM <JUNCTION> Temporary Internet Files [C:\Users\MAGMAM\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\MAGMAM\Desktop\arduino-1.0.5-linux32\arduino-1.0.5\hardware\tools\avr\bin
02/20/2014 12:35 AM <SYMLINK> avr-c++ [avr-g++]
02/20/2014 12:35 AM <SYMLINK> avr-gcc-4.3.2 [avr-gcc]
2 File(s) 0 bytes
Directory of C:\Users\MAGMAM\Desktop\arduino-1.0.5-linux32\arduino-1.0.5\hardware\tools\avr\lib
02/20/2014 12:35 AM <SYMLINK> libgmp.so.3 [libgmp.so.3.4.4]
02/20/2014 12:35 AM <SYMLINK> libmpfr.so.1 [libmpfr.so.1.2.0]
2 File(s) 0 bytes
Directory of C:\Users\MAGMAM\Desktop\arduino-1.0.5-linux32\arduino-1.0.5\hardware\tools\avr\lib\avr\bin
02/20/2014 12:35 AM <SYMLINK> ar [..\..\..\bin\avr-ar]
02/20/2014 12:35 AM <SYMLINK> as [..\..\..\bin\avr-as]
02/20/2014 12:35 AM <SYMLINK> ld [..\..\..\bin\avr-ld]
02/20/2014 12:35 AM <SYMLINK> nm [..\..\..\bin\avr-nm]
02/20/2014 12:35 AM <SYMLINK> objcopy [..\..\..\bin\avr-objcopy]
02/20/2014 12:35 AM <SYMLINK> objdump [..\..\..\bin\avr-objdump]
02/20/2014 12:35 AM <SYMLINK> ranlib [..\..\..\bin\avr-ranlib]
02/20/2014 12:35 AM <SYMLINK> strip [..\..\..\bin\avr-strip]
8 File(s) 0 bytes
Directory of C:\Users\MAGMAM\Documents
08/02/2013 01:25 PM <JUNCTION> My Music [C:\Users\MAGMAM\Music]
08/02/2013 01:25 PM <JUNCTION> My Pictures [C:\Users\MAGMAM\Pictures]
08/02/2013 01:25 PM <JUNCTION> My Videos [C:\Users\MAGMAM\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 06:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 06:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 06:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
12 File(s) 0 bytes
66 Dir(s) 14,232,317,952 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/08/02 13:27:39 | 000,000,221 | -HS- | M] () -- C:\Users\MAGMAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2014/04/28 08:26:49 | 004,485,816 | ---- | M] (AVG Technologies) -- C:\Users\MAGMAM\Desktop\avg_avct_stb_all_2014_4569.exe
[2014/04/28 09:23:59 | 070,658,472 | ---- | M] (AVG) -- C:\Users\MAGMAM\Desktop\avg_tuh_stf_all_2014_380_24c28.exe
[2014/01/21 21:41:33 | 005,172,786 | R--- | M] (Swearware) -- C:\Users\MAGMAM\Desktop\ComboFix.exe
[2014/10/06 04:15:20 | 000,355,328 | ---- | M] () -- C:\Users\MAGMAM\Desktop\FIFA15Downloader__7934_il2533458.exe
[2014/10/06 02:10:17 | 008,052,240 | ---- | M] () -- C:\Users\MAGMAM\Desktop\HSS-3.42-install-hss.exe
[2014/01/22 07:18:10 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\MAGMAM\Desktop\JRT.exe
[2014/01/19 11:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MAGMAM\Desktop\OTL.exe
[2014/09/14 01:42:20 | 001,758,592 | ---- | M] (AVM Software Inc.) -- C:\Users\MAGMAM\Desktop\pal_install_ar_r109860_a3000.exe
[2014/04/23 21:40:14 | 049,259,608 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MAGMAM\Desktop\realplayercloud.exe
[2014/10/03 08:29:04 | 001,006,592 | ---- | M] (AutomaticSolution Software ) -- C:\Users\MAGMAM\Desktop\ReMouseMicro-Setup.exe
[2014/05/08 14:45:54 | 000,640,792 | ---- | M] () -- C:\Users\MAGMAM\Desktop\safari-browser.exe
[2014/02/17 23:10:43 | 005,855,856 | ---- | M] (TeamViewer GmbH) -- C:\Users\MAGMAM\Desktop\TeamViewer_Setup_ar.exe
[2014/01/27 08:12:53 | 001,307,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\MAGMAM\Desktop\utorrent.exe
[2014/07/23 18:29:23 | 000,441,856 | ---- | M] () -- C:\Users\MAGMAM\Desktop\war of nations gold generator.exe
[2014/02/17 15:43:59 | 026,562,872 | ---- | M] () -- C:\Users\MAGMAM\Desktop\WebcamMax-7.8.1.6.MultiLanguage.Setup.exe
[2014/07/03 06:28:01 | 009,304,408 | ---- | M] (Wargaming.net ) -- C:\Users\MAGMAM\Desktop\WoT_internet_install_eu.exe
[2 C:\Users\MAGMAM\Desktop\*.tmp files -> C:\Users\MAGMAM\Desktop\*.tmp -> ]
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
[2012/11/28 09:42:06 | 000,013,021 | ---- | M] () -- C:\Windows\snp2uvc.src
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-10-01 01:07:58
========== Files - Unicode (All) ==========
[2014/07/25 02:22:38 | 020,064,795 | ---- | M] ()(C:\Users\MAGMAM\Documents\Alex D?az.mp4) -- C:\Users\MAGMAM\Documents\Alex Díaz.mp4
[2014/07/23 03:48:43 | 020,064,795 | ---- | C] ()(C:\Users\MAGMAM\Documents\Alex D?az.mp4) -- C:\Users\MAGMAM\Documents\Alex Díaz.mp4
[2014/07/21 14:35:23 | 001,747,888 | ---- | M] ()(C:\Users\MAGMAM\Documents\SA Ward?ga - Korean Samara.mp4) -- C:\Users\MAGMAM\Documents\SA Wardęga - Korean Samara.mp4
[2014/07/21 14:34:02 | 001,747,888 | ---- | C] ()(C:\Users\MAGMAM\Documents\SA Ward?ga - Korean Samara.mp4) -- C:\Users\MAGMAM\Documents\SA Wardęga - Korean Samara.mp4
[2014/07/04 02:51:33 | 003,477,070 | ---- | M] ()(C:\Users\MAGMAM\Documents\??????? TVPool Buffet _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\ทีวีพูล TVPool Buffet _ Facebook.mp4
[2014/07/04 02:48:08 | 003,477,070 | ---- | C] ()(C:\Users\MAGMAM\Documents\??????? TVPool Buffet _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\ทีวีพูล TVPool Buffet _ Facebook.mp4
[2014/06/20 00:34:11 | 004,082,194 | ---- | M] ()(C:\Users\MAGMAM\Documents\???Sonr?e!! Que tengas un buen d?a. - Amigos de los Animales Chihuahua _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\¡¡¡Sonríe!! Que tengas un buen día. - Amigos de los Animales Chihuahua _ Facebook.mp4
[2014/06/20 00:33:35 | 004,082,194 | ---- | C] ()(C:\Users\MAGMAM\Documents\???Sonr?e!! Que tengas un buen d?a. - Amigos de los Animales Chihuahua _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\¡¡¡Sonríe!! Que tengas un buen día. - Amigos de los Animales Chihuahua _ Facebook.mp4
[2014/06/19 02:44:08 | 027,822,915 | ---- | M] ()(C:\Users\MAGMAM\Documents\Jamich - SOBRANG KILIG!!!! PANOODIN NIYO!! _)) ? _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\Jamich - SOBRANG KILIG!!!! PANOODIN NIYO!! _)) ♥ _ Facebook.mp4
[2014/06/19 02:39:44 | 027,822,915 | ---- | C] ()(C:\Users\MAGMAM\Documents\Jamich - SOBRANG KILIG!!!! PANOODIN NIYO!! _)) ? _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\Jamich - SOBRANG KILIG!!!! PANOODIN NIYO!! _)) ♥ _ Facebook.mp4
[2014/06/17 03:49:10 | 026,224,572 | ---- | M] ()(C:\Users\MAGMAM\Documents\Bedirhan G?kçe - Alk??? Hak Edenler _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\Bedirhan Gökçe - Alkışı Hak Edenler _ Facebook.mp4
[2014/06/17 03:45:24 | 026,224,572 | ---- | C] ()(C:\Users\MAGMAM\Documents\Bedirhan G?kçe - Alk??? Hak Edenler _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\Bedirhan Gökçe - Alkışı Hak Edenler _ Facebook.mp4
[2014/06/16 17:16:22 | 018,978,704 | ---- | M] ()(C:\Users\MAGMAM\Documents\En iyi uykudan uyand?rma y?ntemleri _)))) - Abi çok iyi yaa. _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\En iyi uykudan uyandırma yöntemleri _)))) - Abi çok iyi yaa. _ Facebook.mp4
[2014/06/16 17:13:22 | 018,978,704 | ---- | C] ()(C:\Users\MAGMAM\Documents\En iyi uykudan uyand?rma y?ntemleri _)))) - Abi çok iyi yaa. _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\En iyi uykudan uyandırma yöntemleri _)))) - Abi çok iyi yaa. _ Facebook.mp4
[2014/06/15 23:57:24 | 004,159,448 | ---- | M] ()(C:\Users\MAGMAM\Documents\Climatologia Geogr?fica _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\Climatologia Geográfica _ Facebook.mp4
[2014/06/15 23:56:40 | 004,159,448 | ---- | C] ()(C:\Users\MAGMAM\Documents\Climatologia Geogr?fica _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\Climatologia Geográfica _ Facebook.mp4
[2014/06/13 21:39:26 | 009,422,854 | ---- | M] ()(C:\Users\MAGMAM\Documents\D.A.A.S - El v?deo mas enternecedor del MUNDO!! _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\D.A.A.S - El vídeo mas enternecedor del MUNDO!! _ Facebook.mp4
[2014/06/13 21:34:34 | 009,422,854 | ---- | C] ()(C:\Users\MAGMAM\Documents\D.A.A.S - El v?deo mas enternecedor del MUNDO!! _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\D.A.A.S - El vídeo mas enternecedor del MUNDO!! _ Facebook.mp4
[2014/06/11 09:37:30 | 014,251,930 | ---- | M] ()(C:\Users\MAGMAM\Documents\??????????? _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\真愛談戀愛。真愛橋到底 _ Facebook.mp4
[2014/06/11 09:37:21 | 014,251,930 | ---- | C] ()(C:\Users\MAGMAM\Documents\??????????? _ Facebook.mp4) -- C:\Users\MAGMAM\Documents\真愛談戀愛。真愛橋到底 _ Facebook.mp4
========== Alternate Data Streams ==========
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:07F6D9E4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6FE816BE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:CB9FA647
< End of report >
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:10:19 am, on 08/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\bin\hsscp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Ginger\GingerServices\GingerServices.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MAGMAM\Desktop\HiJackThis.exe
C:\Windows\System32\osk.exe
c:\program files\real\realplayer\RealPlay.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mefeedia.com/mena?v=3.42
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.0.3 www.anchorfree.net
O1 - Hosts: 127.0.0.2 www.mefeedia.com
O2 - BHO: Ginger Grammar & Spell Checker - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files\Ginger\GingerIEAddin\adxloader.dll (file missing)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: FoxPro - {598AC71E-BE58-3981-B78A-5C138F423AD6} - C:\Users\MAGMAM\AppData\Roaming\VolIE\FoxPro_32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\wcmmon.exe" -a
O4 - HKCU\..\Run: [uTorrent] "C:\Users\MAGMAM\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6116CBA5655B8B1266EAB4041CDFAAA1] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] osk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Windows\System32\osk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] osk.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\MAGMAM\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Ginger.lnk = ?
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)
O9 - Extra 'Tools' menuitem: WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - (no file)
O9 - Extra button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - (no file)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - C:\Program Files\netcut\services\AIPS.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: GingerUpdateService - Ginger Software - C:\Program Files\Ginger\GingerUpdateService\GingerUpdateService.exe
O23 - Service: خدمة Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: webcamXP Service (wxpSvc) - Moonware Studios - C:\Program Files\webcamXP5\wService.exe
--
End of file - 13550 bytes
Attached Files
-
DDS.txt 25.61KB
238 downloads
Edited by ComputerEngineer, 07 October 2014 - 09:14 PM.
, Replaced,[6e9b93800775d660629be26cdf267c84] 
