========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
“” = C:\WINDOWS\SysNative\shell32.dll – [2011/05/10 00:55:40 | 014,162,944 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shell32.dll – [2011/05/10 00:55:40 | 012,867,584 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
“” = C:\WINDOWS\SysNative\wbem\fastprox.dll – [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = %systemroot%\system32\wbem\fastprox.dll – [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
“” = C:\WINDOWS\SysNative\wbem\wbemess.dll – [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/05/30 00:07:20 | 000,000,000 | —D | M] – C:\Users\DJ\AppData\Roaming\dll-files.com
[2013/05/29 23:45:27 | 000,000,000 | —D | M] – C:\Users\DJ\AppData\Roaming\raidcall
[2013/05/30 00:02:34 | 000,000,000 | —D | M] – C:\Users\DJ\AppData\Roaming\Riot Games
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%*.exe >
< MD5 for: EXPLORER.EXE >
[2011/05/10 00:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\WINDOWS\SysWOW64\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/05/10 00:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/05/10 00:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\WINDOWS\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/05/10 00:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/05/10 00:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/05/10 00:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/05/10 00:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/05/10 00:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe