Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troube with "System Check" malware. Followed removal tutorial, and Rkill says "access is denied"


  • This topic is locked This topic is locked
47 replies to this topic

#1 ellabrow

ellabrow

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 12:45 AM

Hey All,

Got infected with this "System Check" BS.

Followed the instructions in the tutorial 2x and no luck. When I run Rkill is says "Access is Denied" and doens't give me much useful info in the log or say anything was shut down. Then when I reboot not in safe mode it pops back up instantly.

+++++++++++++++++++++++++++++++++DDS LOG+++++++++++++++++++++++++++++++++++

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by Hale-Bopp at 22:39:51 on 2012-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.3036 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
uRun: [SansaDispatch] C:\Users\Hale-Bopp\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [EPSON Stylus Photo R280 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\windows\TEMP\E_SEDF7.tmp" /EF "HKCU"
uRun: [AdobeBridge]
uRun: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
uRun: [EPSON Stylus Photo R280 Series (Copy 1)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\windows\TEMP\E_SF5F0.tmp" /EF "HKCU"
uRun: [EPSON Stylus Photo R220 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\windows\TEMP\E_S4DCB.tmp" /EF "HKCU"
uRun: [VerControl] C:\Users\HALE-B~1\AppData\Local\TempImg\VerControl.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [EPSON Stylus Photo R280 Series (Copy 2)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\windows\TEMP\E_S45A8.tmp" /EF "HKCU"
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ConnectionCenter] "C:\Users\Hale-Bopp\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [yKwSdghLSjK.exe] C:\ProgramData\yKwSdghLSjK.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\HALE-B~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hale-Bopp\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\HALE-B~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Privoxy.lnk - C:\Program Files (x86)\Privoxy\privoxy.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53
TCP: Interfaces\{1A1538B8-0C65-408C-993F-E355DA6A7566} : DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53
TCP: Interfaces\{1A1538B8-0C65-408C-993F-E355DA6A7566}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1A1538B8-0C65-408C-993F-E355DA6A7566}\345525243594445402D4F42494C454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A1538B8-0C65-408C-993F-E355DA6A7566}\4454E4F59405143535 : DhcpNameServer = 172.19.255.254
TCP: Interfaces\{1A1538B8-0C65-408C-993F-E355DA6A7566}\47D6F62696C656 : DhcpNameServer = 66.94.25.120 66.94.9.120
TCP: Interfaces\{1A1538B8-0C65-408C-993F-E355DA6A7566}\D416272796F64747 : DhcpNameServer = 66.28.0.45 66.28.0.61
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Hale-Bopp\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Hale-Bopp\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [ConnectionCenter] "C:\Users\Hale-Bopp\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [yKwSdghLSjK.exe] C:\ProgramData\yKwSdghLSjK.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\components\dtTransparency.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: CraigZilla: craigzilla@studioshorts.com - %profile%\extensions\craigzilla@studioshorts.com
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - Ext: XULRunner: {9F53E5A4-D638-4CFA-8F96-2757096861DC} - C:\Users\Hale-Bopp\AppData\Local\{9F53E5A4-D638-4CFA-8F96-2757096861DC}
FF - Ext: XULRunner: {B31A5444-2CC4-4615-961D-7BF4F3A135CB} - C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: XULRunner: {B31A5444-2CC4-4615-961D-7BF4F3A135CB} - C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}
FF - Ext: Window Shopper - Powered by Superfish: superfish@superfish.com - C:\ProgramDataMozilla\Extensions\superfish@superfish.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-24 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-28 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 652872]
S2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-11-2 87888]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-28 2314240]
S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-6-17 434864]
S3 CPen20;C-Pen 20;C:\Windows\System32\drivers\CPen20.sys [2008-5-14 14382]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-24 136176]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-28 17152]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-12-28 51512]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-14 06:26:47 359680 ----a-w- C:\ProgramData\FLd2nxg7lxZOj2.exe
2012-01-14 00:52:21 455424 ----a-w- C:\ProgramData\yKwSdghLSjK.exe
2012-01-11 16:30:46 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 16:30:46 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 16:09:39 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 16:09:38 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 16:09:38 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 16:09:38 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 15:34:33 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 15:34:33 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-11 12:03:50 -------- d-----w- C:\ProgramData\OrbNetworks
2012-01-11 12:03:43 -------- d-----w- C:\Program Files (x86)\Orb Networks
2011-12-21 04:19:07 -------- d-----w- C:\ProgramData\LGMOBILEAX
2011-12-21 04:18:51 -------- d-----w- C:\Program Files (x86)\LG Electronics
2011-12-21 04:17:08 5150720 ----a-w- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LG_VZW_United_WHQL_v2.4.0.msi
2011-12-21 04:17:07 90112 ----a-w- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2011-12-21 04:17:06 24576 ----a-w- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2011-12-21 04:16:33 1339392 ----a-w- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2011-12-21 04:15:51 90112 ----a-r- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Templates\F\LGUTchkdl.dll
2011-12-21 04:15:51 24576 ----a-r- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Templates\F\LGEUSBAutorun.dll
2011-12-19 16:16:55 -------- d-----w- C:\Users\Hale-Bopp\Tracing
2011-12-15 18:23:25 1577264 ----a-w- C:\2345.exe
.
==================== Find3M ====================
.
2012-01-11 12:07:13 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-12-10 08:05:00 161200 ----a-w- C:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2011-12-07 01:19:20 100 ----a-w- C:\windows\SysWow64\prsgrc.dll
2011-11-28 18:37:43 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-11-28 18:37:40 16432 ----a-w- C:\windows\System32\lsdelete.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-06 22:31:08 1563952 ----a-w- C:\123.com
2011-11-05 05:41:43 1188864 ----a-w- C:\windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-11-03 20:06:56 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
2011-11-02 00:21:43 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-11-02 00:21:43 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-10-29 04:53:02 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-10-29 04:53:02 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-10-26 05:21:20 43520 ----a-w- C:\windows\System32\csrsrv.dll
.
============= FINISH: 22:42:02.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:24 PM

Posted 14 January 2012 - 03:12 AM

Hello ellabrow ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





We need to run an OTL Custom Scan


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - On the upper right be sure Use Company-Name WhiteList, Skip Microsoft Files and Use No-Company-Name-Whitelist are checked
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\temp\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\GAC_32\*.* /S /MD5
    %systemroot%\assembly\GAC_64\*.* /S /MD5 
    %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    /md5start
    hlp.dat
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Regards,
Georgi

cXfZ4wS.png


#3 ellabrow

ellabrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 08:35 AM

Hey Georgi,

Thanks so much for taking the time to help me. I really appreciate it! Usually the tutorials on this site allow me to fix about any problem I run into. Glad to know there are good people like you that are here to help out when the tutorials don't get the job done.

THANKS!,

Ellabrow

OTL logfile created on: 1/14/2012 5:50:39 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hale-Bopp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 80.34% Memory free
7.61 Gb Paging File | 6.93 Gb Available in Paging File | 91.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.89 Gb Total Space | 15.85 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 415.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HALE-BOPP-PC | User Name: Hale-Bopp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 05:49:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hale-Bopp\Desktop\OTL.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/11/03 12:06:56 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/10 13:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/10/29 14:14:02 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/09/28 14:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/02 11:58:08 | 000,087,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/22 00:29:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/27 20:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/17 12:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/04/25 03:22:24 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/12 10:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/26 17:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/04/16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/10/30 11:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 06:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/20 11:01:46 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CPen20.sys -- (CPen20)
DRV:64bit: - [2009/10/15 20:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 18:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 12:02:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011/11/28 10:37:43 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/14 04:31:36 | 000,032,376 | ---- | M] (Anoto AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pendfu.sys -- (pendfu) PenDfu (pendfu.sys)
DRV - [2008/05/14 04:31:34 | 000,014,382 | ---- | M] (Anoto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CPen20.sys -- (CPen20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://127.0.0.1:8888/pac

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..extensions.enabledItems: {9F53E5A4-D638-4CFA-8F96-2757096861DC}:1.9.1
FF - prefs.js..extensions.enabledItems: {B31A5444-2CC4-4615-961D-7BF4F3A135CB}:1.9.1
FF - prefs.js..extensions.enabledItems: craigzilla@studioshorts.com:1.1.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.9.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.8
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/20 03:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/20 03:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} [2011/03/02 20:21:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\ProgramDataMozilla\Extensions\superfish@superfish.com [2011/05/12 10:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/01 16:21:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 01:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 01:00:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F53E5A4-D638-4CFA-8F96-2757096861DC}: C:\Users\Hale-Bopp\AppData\Local\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ [2010/03/06 18:10:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} [2011/03/02 20:21:14 | 000,000,000 | ---D | M]

[2010/01/21 18:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Extensions
[2012/01/13 00:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions
[2010/08/06 19:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2011/12/05 23:08:51 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/11/28 10:34:04 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/12/05 23:08:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/23 16:13:24 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/12/05 23:08:50 | 000,000,000 | ---D | M] (Check4Change) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\check4change-owner@mozdev.org
[2010/10/05 22:18:32 | 000,000,000 | ---D | M] (CraigZilla) -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\extensions\craigzilla@studioshorts.com
[2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\askcom.xml
[2011/05/12 07:33:48 | 000,001,919 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\bing-zugo.xml
[2010/06/29 20:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/20 03:00:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/20 03:00:08 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/11/01 16:21:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/12 10:00:44 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\PROGRAMDATAMOZILLA\EXTENSIONS\SUPERFISH@SUPERFISH.COM
[2010/03/06 18:10:58 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC}
[2011/03/02 20:21:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/10/17 10:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Hale-Bopp\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [yKwSdghLSjK.exe] C:\ProgramData\yKwSdghLSjK.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [EPSON Stylus Photo R220 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\windows\TEMP\E_S4DCB.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [EPSON Stylus Photo R280 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\windows\TEMP\E_SEDF7.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [EPSON Stylus Photo R280 Series (Copy 1)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\windows\TEMP\E_SF5F0.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [EPSON Stylus Photo R280 Series (Copy 2)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\windows\TEMP\E_S45A8.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [SansaDispatch] C:\Users\Hale-Bopp\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [VerControl] C:\Users\Hale-Bopp\AppData\Local\TempImg\VerControl.exe ()
O4 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001..\Run: [Vidalia] C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hale-Bopp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-1899940234-2321534448-96688503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A1538B8-0C65-408C-993F-E355DA6A7566}: DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Hale-Bopp\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Hale-Bopp\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1075d469-2a7e-11e1-b1ac-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{1075d469-2a7e-11e1-b1ac-00266c3d1c0c}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{316e7e00-48f5-11df-88c2-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{316e7e00-48f5-11df-88c2-00266c3d1c0c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{4590bb42-88c3-11e0-82f1-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{4590bb42-88c3-11e0-82f1-00266c3d1c0c}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O33 - MountPoints2\{49cf8e6b-ec75-11df-898b-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{49cf8e6b-ec75-11df-898b-00266c3d1c0c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{4a3ecb96-2d36-11e0-a901-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{4a3ecb96-2d36-11e0-a901-00266c3d1c0c}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O33 - MountPoints2\{65586739-12f3-11e0-8e8e-0026b6a9da49}\Shell - "" = AutoRun
O33 - MountPoints2\{65586739-12f3-11e0-8e8e-0026b6a9da49}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{71078dba-fa83-11df-8f5e-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{71078dba-fa83-11df-8f5e-00266c3d1c0c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c342bd78-0d9d-11e0-adae-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{c342bd78-0d9d-11e0-adae-00266c3d1c0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c342bd7e-0d9d-11e0-adae-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{c342bd7e-0d9d-11e0-adae-00266c3d1c0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c342bd93-0d9d-11e0-adae-00266c3d1c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{c342bd93-0d9d-11e0-adae-00266c3d1c0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2012/01/14 05:49:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Hale-Bopp\Desktop\OTL.exe
[2012/01/13 22:38:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hale-Bopp\Desktop\dds.scr
[2012/01/13 20:21:08 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hale-Bopp\Desktop\334455.exe
[2012/01/13 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/11 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\Desktop\Orb
[2012/01/11 04:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\OrbNetworks
[2012/01/11 04:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orb Networks
[2012/01/11 04:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orb Networks
[2012/01/11 04:02:17 | 077,645,872 | ---- | C] (Orb Networks) -- C:\Users\Hale-Bopp\Desktop\setupOrb.exe
[2012/01/06 14:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/04 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\Desktop\Grad Apps
[2012/01/04 15:09:13 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\Documents\Avery Templates
[2011/12/20 20:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2011/12/20 20:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2011/12/19 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\Tracing
[2011/12/15 10:23:25 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\2345.exe
[2011/12/10 00:04:45 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\Documents\Expstudio Audio Editor
[2011/12/10 00:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expstudio Audio Editor
[2011/12/10 00:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Expstudio
[2011/12/10 00:04:44 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\EXP
[2011/12/09 23:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/12/05 23:16:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Users\Hale-Bopp\AppData\Local\lsj.exe
[2011/12/04 14:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vertus Fluid Mask 3
[2011/12/04 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vertus Fluid Mask 3
[2011/12/03 13:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011/12/03 13:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2011/12/03 13:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/12/03 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/12/03 13:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/12/03 13:29:53 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Winamp
[2011/12/03 13:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/11/28 10:37:43 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/11/28 10:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/11/28 10:34:05 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Local\adaware
[2011/11/28 10:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/28 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/11/28 10:33:59 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\windows\SysNative\drivers\Lbd.sys
[2011/11/28 10:33:59 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/11/28 10:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/28 10:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/11/28 10:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/11/23 01:19:05 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Ufybi
[2011/11/23 01:19:05 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Ubafa
[2011/11/18 17:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2011/11/18 17:23:25 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Garmin
[2011/11/18 17:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/11/18 17:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2011/11/13 03:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/06 14:31:08 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\123.com
[2011/11/01 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/11/01 16:21:45 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2011/11/01 16:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/11/01 16:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/11/01 16:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/11/01 16:21:37 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Real
[2011/10/28 20:31:38 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/10/28 20:29:53 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/10/19 09:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WNR
[2011/10/18 14:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJScan
[2011/10/18 14:33:04 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Canon
[2011/10/18 13:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011/10/18 13:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonEPP
[2011/10/18 13:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2011/10/18 13:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series User Registration
[2011/10/18 13:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/10/18 13:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011/10/18 13:40:05 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\FirefoxPortable
[2011/10/18 13:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/10/18 13:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/10/18 13:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
[2011/10/18 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2011/10/18 13:37:47 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2011/10/18 13:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
[2011/10/18 13:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2011/10/18 13:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/10/18 13:26:47 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\WNR
[2011/10/16 12:50:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/01/14 05:49:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Hale-Bopp\Desktop\OTL.exe
[2012/01/14 05:39:21 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/14 05:38:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/14 05:38:16 | 3063,005,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 05:36:05 | 000,000,336 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT
[2012/01/14 05:35:37 | 000,359,680 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT.exe
[2012/01/14 05:32:39 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/14 05:32:32 | 000,000,316 | -HS- | M] () -- C:\windows\tasks\YBNZXQQCA.job
[2012/01/13 22:38:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Hale-Bopp\Desktop\dds.scr
[2012/01/13 22:37:40 | 000,000,000 | ---- | M] () -- C:\Users\Hale-Bopp\defogger_reenable
[2012/01/13 22:37:22 | 000,050,477 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\Defogger.exe
[2012/01/13 22:29:20 | 000,000,280 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2
[2012/01/13 22:29:20 | 000,000,176 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2r
[2012/01/13 22:27:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\FLd2nxg7lxZOj2
[2012/01/13 22:07:52 | 000,684,297 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\unhide.exe
[2012/01/13 20:21:08 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hale-Bopp\Desktop\334455.exe
[2012/01/13 19:59:00 | 001,008,141 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\iExplore.exe
[2012/01/13 19:40:08 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/13 19:06:06 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/13 19:06:05 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/13 16:56:01 | 000,000,456 | ---- | M] () -- C:\ProgramData\69F6lDwaWhigBv
[2012/01/13 16:54:57 | 000,000,280 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBv
[2012/01/13 16:54:57 | 000,000,176 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBvr
[2012/01/13 16:54:55 | 000,000,688 | ---- | M] () -- C:\Users\Hale-Bopp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/13 16:54:55 | 000,000,664 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\System Check.lnk
[2012/01/13 16:52:21 | 000,455,424 | ---- | M] () -- C:\ProgramData\yKwSdghLSjK.exe
[2012/01/12 09:16:12 | 000,048,619 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\Sallie Mae - Pay now Payment confirmation.htm
[2012/01/11 13:09:03 | 000,758,102 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/11 13:09:03 | 000,636,084 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/11 13:09:03 | 000,111,626 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/11 04:03:52 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Orb Caster.lnk
[2012/01/11 04:03:52 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Orb Mini Controller.lnk
[2012/01/11 04:02:17 | 077,645,872 | ---- | M] (Orb Networks) -- C:\Users\Hale-Bopp\Desktop\setupOrb.exe
[2012/01/09 12:34:28 | 000,153,058 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\Img248206_electroformed_mixed_media_126.jpg
[2012/01/09 12:34:11 | 000,176,569 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\Img248200_P1010012.jpg
[2012/01/09 12:33:43 | 000,156,104 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\Img248226_electroformed_mixed_media_141.jpg
[2012/01/09 12:33:18 | 000,187,557 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\Img248652_newglass2009_058.jpg
[2012/01/09 12:33:02 | 000,140,074 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\Img248653_newglass2009_036.jpg
[2012/01/05 11:24:55 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/01/05 11:24:55 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2011/12/21 16:36:00 | 000,038,454 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\norad tracks santa.JPG
[2011/12/19 12:15:38 | 005,027,048 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/17 10:06:18 | 528,933,304 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/12/15 10:23:33 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\2345.exe
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/12/10 00:05:00 | 000,161,200 | ---- | M] () -- C:\windows\Expstudio Audio Editor FREE Uninstaller.exe
[2011/12/06 17:19:20 | 000,000,355 | ---- | M] () -- C:\windows\SysWow64\fr1d1xw.tgz
[2011/12/06 17:19:20 | 000,000,114 | ---- | M] () -- C:\windows\SysWow64\prsgrc.tgz
[2011/12/06 17:19:20 | 000,000,100 | ---- | M] () -- C:\windows\SysWow64\prsgrc.dll
[2011/12/06 17:19:20 | 000,000,086 | ---- | M] () -- C:\windows\SysWow64\ssprs.tgz
[2011/12/06 01:22:44 | 000,028,256 | ---- | M] () -- C:\Users\Hale-Bopp\Documents\cc_20111206_012240.reg
[2011/12/06 01:10:49 | 000,013,158 | -HS- | M] () -- C:\ProgramData\l3y7fpd4251
[2011/12/06 01:10:48 | 000,013,158 | -HS- | M] () -- C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251
[2011/12/03 13:35:13 | 000,001,019 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\My Music Tools.lnk
[2011/12/03 13:05:45 | 021,073,936 | ---- | M] () -- C:\Users\Hale-Bopp\Documents\vlc-1.1.11-win32.exe
[2011/11/28 10:37:43 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/11/28 10:37:40 | 000,016,432 | ---- | M] () -- C:\windows\SysNative\lsdelete.exe
[2011/11/23 18:48:43 | 000,000,215 | ---- | M] () -- C:\Users\Hale-Bopp\Documents\DATASET
[2011/11/23 18:47:37 | 000,000,073 | ---- | M] () -- C:\Users\Hale-Bopp\Documents\123.Salt
[2011/11/21 12:10:29 | 000,009,294 | ---- | M] () -- C:\Users\Hale-Bopp\Documents\cc_20111121_121026.reg
[2011/11/09 00:51:49 | 000,096,507 | ---- | M] () -- C:\front today.JPG
[2011/11/09 00:51:16 | 000,089,331 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\front today
[2011/11/09 00:46:19 | 000,025,326 | ---- | M] () -- C:\front today.pdf
[2011/11/08 01:01:04 | 000,710,764 | ---- | M] () -- C:\valpriceline.mht
[2011/11/06 14:31:08 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\123.com
[2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\windows\SysNative\drivers\Lbd.sys
[2011/11/01 16:21:45 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2011/10/26 11:40:57 | 000,000,069 | ---- | M] () -- C:\Users\Hale-Bopp\Documents\Fe Chelate.Salt
[2011/10/18 14:53:28 | 002,332,189 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\IMG.pdf
[2011/10/18 11:42:59 | 000,078,785 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\launch.htm
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

Edited by ellabrow, 14 January 2012 - 08:43 AM.


#4 ellabrow

ellabrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 08:40 AM

========== Files Created - No Company Name ==========

[2012/01/14 05:36:05 | 000,000,336 | ---- | C] () -- C:\ProgramData\ba9i2iLt6lNlzT
[2012/01/14 05:35:37 | 000,359,680 | ---- | C] () -- C:\ProgramData\ba9i2iLt6lNlzT.exe
[2012/01/13 22:37:40 | 000,000,000 | ---- | C] () -- C:\Users\Hale-Bopp\defogger_reenable
[2012/01/13 22:37:22 | 000,050,477 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\Defogger.exe
[2012/01/13 22:29:20 | 000,000,176 | ---- | C] () -- C:\ProgramData\~FLd2nxg7lxZOj2r
[2012/01/13 22:29:19 | 000,000,280 | ---- | C] () -- C:\ProgramData\~FLd2nxg7lxZOj2
[2012/01/13 22:27:37 | 000,000,336 | ---- | C] () -- C:\ProgramData\FLd2nxg7lxZOj2
[2012/01/13 19:55:45 | 000,000,408 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/13 18:44:07 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\Orb Caster.lnk
[2012/01/13 18:44:07 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Orb Mini Controller.lnk
[2012/01/13 18:44:05 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/13 18:44:05 | 000,002,010 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/01/13 18:44:05 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/01/13 18:44:05 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
[2012/01/13 18:36:54 | 000,684,297 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\unhide.exe
[2012/01/13 16:54:57 | 000,000,280 | ---- | C] () -- C:\ProgramData\~69F6lDwaWhigBv
[2012/01/13 16:54:57 | 000,000,176 | ---- | C] () -- C:\ProgramData\~69F6lDwaWhigBvr
[2012/01/13 16:54:55 | 000,000,688 | ---- | C] () -- C:\Users\Hale-Bopp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/13 16:54:55 | 000,000,664 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\System Check.lnk
[2012/01/13 16:54:53 | 000,000,456 | ---- | C] () -- C:\ProgramData\69F6lDwaWhigBv
[2012/01/13 16:52:21 | 000,455,424 | ---- | C] () -- C:\ProgramData\yKwSdghLSjK.exe
[2012/01/12 09:16:12 | 000,048,619 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\Sallie Mae - Pay now Payment confirmation.htm
[2012/01/09 12:34:31 | 000,153,058 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\Img248206_electroformed_mixed_media_126.jpg
[2012/01/09 12:34:16 | 000,176,569 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\Img248200_P1010012.jpg
[2012/01/09 12:33:56 | 000,156,104 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\Img248226_electroformed_mixed_media_141.jpg
[2012/01/09 12:33:27 | 000,187,557 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\Img248652_newglass2009_058.jpg
[2012/01/09 12:33:12 | 000,140,074 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\Img248653_newglass2009_036.jpg
[2011/12/28 11:45:08 | 001,012,449 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\DSCN2346.JPG
[2011/12/21 16:35:59 | 000,038,454 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\norad tracks santa.JPG
[2011/12/17 10:06:18 | 528,933,304 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/12/10 00:05:00 | 000,161,200 | ---- | C] () -- C:\windows\Expstudio Audio Editor FREE Uninstaller.exe
[2011/12/06 01:22:42 | 000,028,256 | ---- | C] () -- C:\Users\Hale-Bopp\Documents\cc_20111206_012240.reg
[2011/12/06 01:22:29 | 001,008,141 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\iExplore.exe
[2011/12/05 23:22:23 | 000,016,432 | ---- | C] () -- C:\windows\SysNative\lsdelete.exe
[2011/12/05 23:16:30 | 000,013,158 | -HS- | C] () -- C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251
[2011/12/05 23:16:30 | 000,013,158 | -HS- | C] () -- C:\ProgramData\l3y7fpd4251
[2011/12/03 13:35:13 | 000,001,019 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\My Music Tools.lnk
[2011/12/03 13:03:03 | 021,073,936 | ---- | C] () -- C:\Users\Hale-Bopp\Documents\vlc-1.1.11-win32.exe
[2011/12/01 10:35:31 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/12/01 10:35:31 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/11/23 18:47:37 | 000,000,073 | ---- | C] () -- C:\Users\Hale-Bopp\Documents\123.Salt
[2011/11/21 12:10:27 | 000,009,294 | ---- | C] () -- C:\Users\Hale-Bopp\Documents\cc_20111121_121026.reg
[2011/11/09 00:51:49 | 000,096,507 | ---- | C] () -- C:\front today.JPG
[2011/11/09 00:46:19 | 000,025,326 | ---- | C] () -- C:\front today.pdf
[2011/11/09 00:45:13 | 000,089,331 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\front today
[2011/11/08 01:00:56 | 000,710,764 | ---- | C] () -- C:\valpriceline.mht
[2011/10/26 11:43:40 | 000,000,215 | ---- | C] () -- C:\Users\Hale-Bopp\Documents\DATASET
[2011/10/26 11:40:57 | 000,000,069 | ---- | C] () -- C:\Users\Hale-Bopp\Documents\Fe Chelate.Salt
[2011/10/18 14:49:27 | 002,332,189 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\IMG.pdf
[2011/10/18 13:37:44 | 000,012,800 | ---- | C] () -- C:\windows\SysWow64\CNC1746D.TBL
[2011/10/18 13:37:44 | 000,012,800 | ---- | C] () -- C:\windows\SysNative\CNC1746D.TBL
[2011/10/18 11:42:50 | 000,078,785 | ---- | C] () -- C:\Users\Hale-Bopp\Desktop\launch.htm
[2011/08/11 23:09:28 | 000,000,341 | ---- | C] () -- C:\windows\SysWow64\fr1d1xw.dll
[2011/07/09 21:21:51 | 000,010,024 | -HS- | C] () -- C:\Users\Hale-Bopp\AppData\Local\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
[2011/07/09 21:21:51 | 000,010,024 | -HS- | C] () -- C:\ProgramData\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
[2011/07/09 20:45:02 | 000,004,416 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Roaming\40D2.298
[2011/05/16 01:29:52 | 000,133,120 | RHS- | C] () -- C:\windows\SysWow64\basecsp8.dll
[2011/04/30 04:11:44 | 000,011,374 | -HS- | C] () -- C:\Users\Hale-Bopp\AppData\Local\0v0y14704x557f7yddg074fb3873
[2011/04/30 04:11:44 | 000,011,374 | -HS- | C] () -- C:\ProgramData\0v0y14704x557f7yddg074fb3873
[2010/12/22 19:16:54 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2010/08/08 21:03:50 | 000,000,024 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Roaming\bawuho.dat
[2010/08/04 16:35:31 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2010/08/04 16:35:31 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2010/08/04 16:35:31 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2010/08/04 16:35:31 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2010/08/04 16:35:31 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2010/08/04 16:35:31 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2010/08/04 16:35:31 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2010/08/04 16:35:31 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2010/08/04 16:35:31 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2010/08/04 16:35:31 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2010/08/04 16:35:31 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2010/08/04 16:35:31 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2010/08/04 16:35:31 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2010/08/04 16:35:31 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2010/08/04 16:35:31 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2010/08/04 16:35:31 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2010/08/04 16:34:42 | 000,000,044 | ---- | C] () -- C:\windows\EPSPR280.ini
[2010/07/17 21:59:26 | 000,202,342 | ---- | C] () -- C:\windows\hpoins18.dat
[2010/07/17 21:59:26 | 000,005,355 | ---- | C] () -- C:\windows\hpomdl18.dat
[2010/06/28 20:36:43 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/17 14:46:30 | 000,004,096 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Local\keyfile3.drm
[2010/03/11 20:39:31 | 000,000,037 | ---- | C] () -- C:\windows\QTW.INI
[2010/03/06 18:10:59 | 000,000,120 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Local\Atetokaradewilul.dat
[2010/03/06 18:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Local\Bwociqusolet.bin
[2010/02/08 09:16:57 | 000,000,000 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Roaming\wklnhst.dat
[2010/01/21 21:54:56 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/01/21 19:56:43 | 000,761,508 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009/12/28 19:57:16 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/10/30 11:21:18 | 000,870,544 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2009/10/30 11:21:18 | 000,127,896 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2009/10/30 11:21:18 | 000,050,028 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2009/10/30 10:06:24 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2009/10/30 10:06:24 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:16:42 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\xm4qohk.dll
[2009/07/13 15:16:42 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll
[2009/07/13 15:16:42 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll
[2009/07/13 15:16:42 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth2.dll
[2009/07/13 15:16:42 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth1.dll
[2009/07/13 15:16:42 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll
[2009/07/13 15:16:42 | 000,000,072 | ---- | C] () -- C:\windows\SysWow64\ssprs.dll
[2009/07/13 15:16:42 | 000,000,016 | ---- | C] () -- C:\windows\SysWow64\v16qi5y.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2007/11/14 09:42:27 | 000,237,568 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2007/11/09 03:01:59 | 000,000,164 | ---- | C] () -- C:\windows\SysWow64\psyswin32.dll

========== LOP Check ==========

[2011/06/02 18:45:59 | 000,000,000 | ---D | M] -- C:\Users\BB2G\AppData\Roaming\ICAClient
[2011/06/02 18:48:51 | 000,000,000 | ---D | M] -- C:\Users\BB2G\AppData\Roaming\Toshiba
[2010/08/17 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\acccore
[2011/05/05 23:42:42 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\AnvSoft
[2012/01/11 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\BitTorrent
[2010/01/21 20:17:58 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\C Technologies AB
[2011/10/18 14:33:54 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Canon
[2010/08/02 01:10:35 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/16 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B
[2012/01/13 19:16:02 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Dropbox
[2010/08/05 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\eFax Messenger
[2010/04/06 10:21:13 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\ESBUnitConv
[2011/05/25 01:57:16 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\FMZilla
[2011/11/18 17:23:25 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Garmin
[2011/05/25 01:55:55 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\GetRight
[2011/01/20 03:07:07 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\GetRightToGo
[2011/11/27 16:08:24 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Gygan
[2010/01/25 19:27:17 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\ICAClient
[2010/08/05 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\j2 Global
[2011/10/18 13:21:40 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\JonDo
[2010/08/04 16:41:39 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Leadertech
[2011/07/25 09:57:39 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Lexmark Productivity Studio
[2011/01/20 03:00:10 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Local
[2010/12/28 06:58:11 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Program Files (x86)
[2010/01/24 17:30:24 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\SanDisk
[2011/11/24 01:43:33 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\SProxy
[2010/08/02 01:15:56 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/10/11 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\SteelBytes
[2010/02/08 09:16:59 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Template
[2010/06/14 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Tific
[2010/02/07 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Toshiba
[2011/07/28 14:36:43 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\TrueCrypt
[2011/12/05 23:22:22 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Ubafa
[2011/11/29 17:44:26 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\Ufybi
[2010/01/21 18:41:28 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\WinBatch
[2011/10/18 13:26:47 | 000,000,000 | ---D | M] -- C:\Users\Hale-Bopp\AppData\Roaming\WNR
[2012/01/14 05:39:21 | 000,000,408 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Update (Weekly).job
[2011/04/11 11:18:21 | 000,032,570 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/01/14 05:32:32 | 000,000,316 | -HS- | M] () -- C:\windows\Tasks\YBNZXQQCA.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/11/06 14:31:08 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\123.com
[2011/12/15 10:23:33 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\2345.exe
[2012/01/14 05:38:14 | 000,006,869 | ---- | M] () -- C:\aaw7boot.log
[2010/12/17 15:12:37 | 000,021,754 | ---- | M] () -- C:\AGRY605_NAM_QTL_Analysis_Take_Home_Questions[1].docx
[2010/12/15 13:01:09 | 000,028,432 | ---- | M] () -- C:\All_pops_phen.txt
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/12 14:02:15 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/12/01 23:23:09 | 000,011,633 | ---- | M] () -- C:\data_DYD.csv
[2010/12/01 23:23:15 | 000,000,311 | ---- | M] () -- C:\DYD_observed_values.csv
[2011/11/09 00:51:49 | 000,096,507 | ---- | M] () -- C:\front today.JPG
[2011/11/09 00:46:19 | 000,025,326 | ---- | M] () -- C:\front today.pdf
[2010/12/15 13:01:13 | 000,000,613 | ---- | M] () -- C:\GLMSELECT_and_REG_Single_Pop_NAM.sas
[2010/12/15 13:01:20 | 000,000,643 | ---- | M] () -- C:\GLMSELECT_Joint_Pop_NAM.sas
[2010/12/01 23:23:03 | 000,000,982 | ---- | M] () -- C:\GS_excercise_proc_import_1.sas
[2012/01/14 05:38:16 | 3063,005,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 16:59:52 | 000,001,648 | ---- | M] () -- C:\InstallHelper.log
[2010/08/17 13:02:41 | 000,000,348 | ---- | M] () -- C:\IPH.PH
[2010/12/15 12:01:11 | 000,003,309 | ---- | M] () -- C:\Ki3_Color_Scores.txt
[2011/11/27 16:12:08 | 000,000,256 | ---- | M] () -- C:\lxdv.log
[2010/12/15 13:01:36 | 011,067,160 | ---- | M] () -- C:\NAM_genos_mapping_20100831.txt
[2012/01/14 05:38:17 | 4084,006,912 | -HS- | M] () -- C:\pagefile.sys
[2012/01/13 22:59:28 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2010/08/05 19:35:45 | 000,015,878 | ---- | M] () -- C:\safe.docx
[2011/04/25 03:42:11 | 2147,483,646 | ---- | M] () -- C:\tc1
[2010/10/25 08:29:34 | 000,064,086 | ---- | M] () -- C:\TDSSKiller.2.4.5.0_25.10.2010_09.29.00_log.txt
[2011/12/05 23:17:43 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_05.12.2011_23.17.38_log.txt
[2011/12/05 23:18:16 | 000,022,030 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_05.12.2011_23.18.05_log.txt
[2011/12/05 23:26:16 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_05.12.2011_23.26.14_log.txt
[2011/12/05 23:26:45 | 000,021,484 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_05.12.2011_23.26.24_log.txt
[2011/12/05 23:29:10 | 000,041,068 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_05.12.2011_23.28.25_log.txt
[2011/11/06 14:32:46 | 000,021,540 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_06.11.2011_14.31.54_log.txt
[2012/01/13 17:02:32 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_13.01.2012_17.02.29_log.txt
[2012/01/13 17:02:52 | 000,021,682 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_13.01.2012_17.02.34_log.txt
[2011/12/15 09:01:29 | 000,000,156 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_15.12.2011_09.01.29_log.txt
[2011/12/15 09:01:34 | 000,000,156 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_15.12.2011_09.01.33_log.txt
[2011/12/15 10:16:13 | 000,021,484 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_15.12.2011_10.15.55_log.txt
[2011/12/15 10:16:22 | 000,021,484 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_15.12.2011_10.16.15_log.txt
[2011/12/15 10:21:37 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_15.12.2011_10.21.34_log.txt
[2011/12/15 10:21:52 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_15.12.2011_10.21.50_log.txt
[2011/11/20 12:30:38 | 000,000,156 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_20.11.2011_12.30.37_log.txt
[2011/11/20 12:40:48 | 000,021,514 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_20.11.2011_12.40.38_log.txt
[2011/11/21 12:01:59 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_21.11.2011_12.01.54_log.txt
[2011/11/21 12:02:37 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_21.11.2011_12.02.30_log.txt
[2011/11/21 12:02:50 | 000,021,518 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_21.11.2011_12.02.41_log.txt
[2012/01/13 17:02:11 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_13.01.2012_17.02.08_log.txt
[2011/12/15 10:24:12 | 000,021,484 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_15.12.2011_10.24.02_log.txt
[2012/01/13 20:21:25 | 000,041,950 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_13.01.2012_20.21.11_log.txt
[2012/01/13 22:33:50 | 000,022,124 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_13.01.2012_22.33.40_log.txt
[2012/01/13 22:59:55 | 000,022,124 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_13.01.2012_22.59.47_log.txt
[2010/12/15 13:36:20 | 000,015,711 | ---- | M] () -- C:\THP1.lst
[2011/11/08 01:01:04 | 000,710,764 | ---- | M] () -- C:\valpriceline.mht

< %USERPROFILE%\*.* >
[2012/01/13 22:37:40 | 000,000,000 | ---- | M] () -- C:\Users\Hale-Bopp\defogger_reenable
[2011/10/29 09:53:37 | 000,002,182 | ---- | M] () -- C:\Users\Hale-Bopp\DGuitarLog.txt
[2010/12/21 11:13:59 | 000,001,386 | ---- | M] () -- C:\Users\Hale-Bopp\GDPC_Browser.properties
[2012/01/14 05:54:21 | 007,340,032 | -HS- | M] () -- C:\Users\Hale-Bopp\NTUSER.DAT
[2012/01/14 05:54:21 | 000,262,144 | -HS- | M] () -- C:\Users\Hale-Bopp\ntuser.dat.LOG1
[2010/01/21 18:40:56 | 000,000,000 | -HS- | M] () -- C:\Users\Hale-Bopp\ntuser.dat.LOG2
[2010/01/21 19:46:26 | 000,065,536 | -HS- | M] () -- C:\Users\Hale-Bopp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/01/21 19:46:26 | 000,524,288 | -HS- | M] () -- C:\Users\Hale-Bopp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/01/21 19:46:26 | 000,524,288 | -HS- | M] () -- C:\Users\Hale-Bopp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/04/29 11:16:37 | 000,065,536 | -HS- | M] () -- C:\Users\Hale-Bopp\NTUSER.DAT{f19a3ed9-539e-11df-8b66-0026b6a9da49}.TM.blf
[2010/04/29 11:16:37 | 000,524,288 | -HS- | M] () -- C:\Users\Hale-Bopp\NTUSER.DAT{f19a3ed9-539e-11df-8b66-0026b6a9da49}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 11:16:37 | 000,524,288 | -HS- | M] () -- C:\Users\Hale-Bopp\NTUSER.DAT{f19a3ed9-539e-11df-8b66-0026b6a9da49}.TMContainer00000000000000000002.regtrans-ms
[2010/01/21 18:40:56 | 000,000,020 | -HS- | M] () -- C:\Users\Hale-Bopp\ntuser.ini
[2011/10/18 14:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Hale-Bopp\Sti_Trace.log

< %USERPROFILE%\AppData\Local\*.* >
[2011/04/30 04:13:49 | 000,011,374 | -HS- | M] () -- C:\Users\Hale-Bopp\AppData\Local\0v0y14704x557f7yddg074fb3873
[2011/03/08 01:24:04 | 000,000,120 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Local\Atetokaradewilul.dat
[2011/03/08 01:24:05 | 000,000,000 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Local\Bwociqusolet.bin
[2011/07/09 21:36:39 | 000,010,024 | -HS- | M] () -- C:\Users\Hale-Bopp\AppData\Local\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
[2011/09/12 02:37:54 | 000,127,504 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/17 14:46:30 | 000,004,096 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Local\keyfile3.drm
[2011/12/06 01:10:48 | 000,013,158 | -HS- | M] () -- C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251
[2011/12/05 23:16:23 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Users\Hale-Bopp\AppData\Local\lsj.exe

< %USERPROFILE%\AppData\Roaming\*.* >
[2011/07/09 21:48:53 | 000,004,416 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\40D2.298
[2010/08/08 21:03:50 | 000,000,024 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\bawuho.dat
[2010/02/08 09:16:57 | 000,000,000 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\wklnhst.dat

< %ProgramData%\*.* >
[2011/04/30 04:13:49 | 000,011,374 | -HS- | M] () -- C:\ProgramData\0v0y14704x557f7yddg074fb3873
[2012/01/13 16:56:01 | 000,000,456 | ---- | M] () -- C:\ProgramData\69F6lDwaWhigBv
[2012/01/14 05:36:05 | 000,000,336 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT
[2012/01/14 05:35:37 | 000,359,680 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT.exe
[2011/07/09 21:36:39 | 000,010,024 | -HS- | M] () -- C:\ProgramData\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
[2010/06/28 20:36:43 | 000,000,056 | ---- | M] () -- C:\ProgramData\ezsidmv.dat
[2012/01/13 22:27:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\FLd2nxg7lxZOj2
[2010/07/18 04:53:53 | 000,001,919 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/12/06 01:10:49 | 000,013,158 | -HS- | M] () -- C:\ProgramData\l3y7fpd4251
[2011/07/25 11:31:34 | 000,000,111 | ---- | M] () -- C:\ProgramData\lxdv.log
[2012/01/13 16:52:21 | 000,455,424 | ---- | M] () -- C:\ProgramData\yKwSdghLSjK.exe
[2012/01/13 16:54:57 | 000,000,280 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBv
[2012/01/13 16:54:57 | 000,000,176 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBvr
[2012/01/13 22:29:20 | 000,000,280 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2
[2012/01/13 22:29:20 | 000,000,176 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2r

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >

< %windir%\temp\*.* >
[2011/12/07 00:16:58 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile00.sqm
[2011/12/16 05:09:02 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile01.sqm
[2011/12/21 02:19:40 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile02.sqm
[2011/12/21 08:26:00 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile03.sqm
[2012/01/03 11:21:55 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile04.sqm
[2012/01/11 02:36:17 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile05.sqm
[2012/01/11 13:13:04 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile06.sqm
[2012/01/11 23:59:10 | 000,000,608 | ---- | M] () -- C:\windows\temp\fwtsqmfile07.sqm
[2012/01/14 05:33:55 | 000,297,711 | ---- | M] () -- C:\windows\temp\hpqddsvc.log
[2011/11/23 16:16:07 | 000,019,344 | ---- | M] () -- C:\windows\temp\HPSLPSVC0000.log
[2011/11/26 12:11:29 | 000,017,644 | ---- | M] () -- C:\windows\temp\HPSLPSVC0001.log
[2011/11/27 02:07:11 | 000,007,984 | ---- | M] () -- C:\windows\temp\HPSLPSVC0002.log
[2011/11/27 10:57:35 | 000,004,631 | ---- | M] () -- C:\windows\temp\HPSLPSVC0003.log
[2011/11/27 11:00:36 | 000,004,592 | ---- | M] () -- C:\windows\temp\HPSLPSVC0004.log
[2011/11/27 11:24:22 | 000,004,592 | ---- | M] () -- C:\windows\temp\HPSLPSVC0005.log
[2011/11/28 10:10:13 | 000,013,031 | ---- | M] () -- C:\windows\temp\HPSLPSVC0006.log
[2011/11/29 19:28:58 | 000,013,602 | ---- | M] () -- C:\windows\temp\HPSLPSVC0007.log
[2011/11/20 12:32:59 | 000,002,547 | ---- | M] () -- C:\windows\temp\HPSLPSVC0008.log
[2011/11/20 12:34:53 | 000,002,713 | ---- | M] () -- C:\windows\temp\HPSLPSVC0009.log
[2011/11/20 12:36:32 | 000,002,713 | ---- | M] () -- C:\windows\temp\HPSLPSVC0010.log
[2011/11/21 13:38:53 | 000,014,050 | ---- | M] () -- C:\windows\temp\HPSLPSVC0011.log
[2011/11/29 19:30:35 | 000,016,898 | ---- | M] () -- C:\windows\temp\HPSLPSVC0012.log
[2011/12/01 10:28:15 | 000,022,730 | ---- | M] () -- C:\windows\temp\HPSLPSVC0013.log
[2011/12/05 23:23:59 | 000,007,631 | ---- | M] () -- C:\windows\temp\HPSLPSVC0014.log
[2011/12/06 01:07:07 | 000,004,592 | ---- | M] () -- C:\windows\temp\HPSLPSVC0015.log
[2011/12/06 01:08:25 | 000,027,095 | ---- | M] () -- C:\windows\temp\HPSLPSVC0016.log
[2011/12/11 11:17:19 | 000,006,127 | ---- | M] () -- C:\windows\temp\HPSLPSVC0017.log
[2011/12/15 09:05:58 | 000,016,352 | ---- | M] () -- C:\windows\temp\HPSLPSVC0018.log
[2011/12/15 10:12:13 | 000,002,657 | ---- | M] () -- C:\windows\temp\HPSLPSVC0019.log
[2011/12/15 12:28:16 | 000,018,241 | ---- | M] () -- C:\windows\temp\HPSLPSVC0020.log
[2011/12/17 10:07:28 | 000,003,613 | ---- | M] () -- C:\windows\temp\HPSLPSVC0021.log
[2011/12/19 09:13:02 | 000,011,953 | ---- | M] () -- C:\windows\temp\HPSLPSVC0022.log
[2011/12/21 02:20:13 | 000,019,072 | ---- | M] () -- C:\windows\temp\HPSLPSVC0023.log
[2011/12/30 01:15:01 | 000,241,965 | ---- | M] () -- C:\windows\temp\HPSLPSVC0024.log
[2011/12/30 01:36:30 | 000,005,613 | ---- | M] () -- C:\windows\temp\HPSLPSVC0025.log
[2011/12/30 01:41:40 | 000,042,975 | ---- | M] () -- C:\windows\temp\HPSLPSVC0026.log
[2012/01/04 22:49:29 | 000,002,262 | ---- | M] () -- C:\windows\temp\HPSLPSVC0027.log
[2012/01/04 23:13:32 | 000,002,262 | ---- | M] () -- C:\windows\temp\HPSLPSVC0028.log
[2012/01/05 09:47:29 | 000,020,303 | ---- | M] () -- C:\windows\temp\HPSLPSVC0029.log
[2012/01/06 13:03:30 | 000,009,728 | ---- | M] () -- C:\windows\temp\HPSLPSVC0030.log
[2012/01/07 11:20:03 | 000,014,029 | ---- | M] () -- C:\windows\temp\HPSLPSVC0031.log
[2012/01/11 13:13:11 | 000,004,592 | ---- | M] () -- C:\windows\temp\HPSLPSVC0032.log
[2012/01/11 13:14:25 | 000,008,994 | ---- | M] () -- C:\windows\temp\HPSLPSVC0033.log
[2012/01/13 19:54:30 | 000,004,592 | ---- | M] () -- C:\windows\temp\HPSLPSVC0034.log
[2012/01/13 22:24:28 | 000,002,262 | ---- | M] () -- C:\windows\temp\HPSLPSVC0035.log
[2012/01/14 05:32:56 | 000,002,262 | ---- | M] () -- C:\windows\temp\HPSLPSVC0036.log
[2011/11/27 10:39:59 | 008,570,192 | ---- | M] (Microsoft Corporation) -- C:\windows\temp\MPENGINE.DLL
[2011/11/27 10:39:59 | 000,069,000 | ---- | M] (Microsoft Corporation) -- C:\windows\temp\offreg.dll
[1 C:\windows\temp\*.tmp files -> C:\windows\temp\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[2011/05/16 01:29:52 | 000,133,120 | RHS- | M] () Unable to obtain MD5 -- C:\windows\system32\basecsp8.dll

< %systemroot%\syswow64\*.dll /lockedfiles >
[2011/05/16 01:29:52 | 000,133,120 | RHS- | M] () Unable to obtain MD5 -- C:\windows\syswow64\basecsp8.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2012/01/14 05:32:32 | 000,000,316 | -HS- | M] () Unable to obtain MD5 -- C:\windows\Tasks\YBNZXQQCA.job

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\syswow64\drivers\*.sys /90 >

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2010/11/20 04:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/04 17:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2009/07/13 17:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
[2009/07/13 13:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
[2010/11/04 17:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/20 04:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2009/07/13 17:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/13 17:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2010/02/16 07:10:47 | 000,117,144 | ---- | M] () MD5=AA78AE0BBEBC961FE96B99276EB9D390 -- C:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
[2011/04/25 03:13:23 | 000,359,776 | ---- | M] () MD5=365EF7CBD48B9BA2403B9B8B19484926 -- C:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
[2011/04/25 03:13:23 | 000,074,592 | ---- | M] () MD5=8815248E91B647C83C18988637442C77 -- C:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
[2010/11/04 17:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2010/02/13 09:06:24 | 000,367,400 | ---- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/13 17:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2009/06/10 13:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 13:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009/06/10 13:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 13:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 13:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2011/07/08 14:33:43 | 004,550,656 | ---- | M] () MD5=67A80B7ABA247E0B6D8FE0E85A58F001 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 13:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 13:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 13:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 13:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 13:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 13:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 13:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 13:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 13:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 13:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/20 04:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/20 04:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/07/13 14:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2009/07/13 17:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2009/06/10 13:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/13 17:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 13:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/13 17:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 14:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2009/07/13 17:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2009/07/13 14:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/13 17:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2010/11/04 17:53:22 | 004,218,880 | ---- | M] () MD5=8A68B7F6F17377EFC0E7B12ABE54A8A4 -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 13:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2010/11/04 17:53:31 | 001,736,536 | ---- | M] () MD5=189EF45EB56724A888159C084588155D -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/04 17:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/04 17:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/04 17:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/19 20:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2010/11/04 17:53:24 | 000,372,736 | ---- | M] () MD5=D5DB261885C0FEBF106DD3921C764F1E -- C:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 13:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/25 12:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >
[2010/11/20 05:39:41 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2009/12/28 18:59:58 | 000,130,560 | ---- | M] () MD5=400C60607927207A97EB279AC49DE26C -- C:\windows\assembly\GAC_64\CnxtSprc\2.2.1.0__b6765560f22e373e\CnxtSprc.dll
[2009/12/28 18:59:58 | 000,190,464 | ---- | M] () MD5=2B7766C77AD7444396FE7DAD69C3CD8F -- C:\windows\assembly\GAC_64\CoreAud\2.2.1.0__e5288ebb2b11af7f\CoreAud.dll
[2010/11/04 17:56:37 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2010/11/04 17:56:43 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/20 05:44:11 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2010/11/20 05:44:11 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
[2010/11/20 05:44:11 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2009/07/13 17:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/13 17:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2011/08/16 21:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
[2010/11/20 05:44:11 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
[2010/11/20 05:44:11 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
[2010/11/20 05:44:11 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
[2010/11/20 05:44:12 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2010/11/04 17:52:15 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2009/07/13 17:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2010/11/20 05:39:46 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2010/11/04 17:53:34 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 12:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009/06/10 12:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 12:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 12:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2011/07/08 14:31:14 | 004,567,040 | ---- | M] () MD5=86AC5ED8B664B0929ACCAF500E8A3E49 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 12:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 12:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 12:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 12:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 12:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 12:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 12:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 12:40:02 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 12:40:02 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 12:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/20 05:44:12 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/20 05:44:13 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/06/10 12:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/13 17:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 12:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/13 17:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 13:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/13 17:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2010/11/04 17:52:53 | 003,997,696 | ---- | M] () MD5=B3B14A927ECE4440D58052E0B5679B8C -- C:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 12:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2010/11/04 17:53:03 | 002,255,192 | ---- | M] () MD5=04A7A2D3B9AC06609AA93834785F0C92 -- C:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/04 17:56:58 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/04 17:56:58 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/04 17:57:00 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/04 17:57:02 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2010/11/04 17:52:57 | 000,358,912 | ---- | M] () MD5=183FCB53541A77FCCF22CAAC19DD2BA0 -- C:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 12:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/25 12:40:47 | 005,263,360 | ---- | M] () MD5=5566D4BABE2900CDB906F470F098188B -- C:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >
[2009/06/10 13:22:40 | 000,010,752 | ---- | M] () MD5=7E8C840853FB6EBD5CC16D3C10C7C127 -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
[2010/11/04 17:52:35 | 000,165,720 | ---- | M] () MD5=501E961FEEBBDE040FB836CB5DE122C2 -- C:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
[2009/12/28 18:59:58 | 000,027,648 | ---- | M] () MD5=E603BC3623D08044152F0374537CC4BA -- C:\windows\assembly\GAC_MSIL\CoreAudDefs\2.2.1.0__3b41050313823649\CoreAudDefs.dll
[2010/04/30 09:15:22 | 000,376,832 | ---- | M] () MD5=00BBA7BC1357E553BAB85AE422E59235 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.CrystalReports.Engine\10.2.3600.0__692fbea5521e1304\CrystalDecisions.CrystalReports.Engine.dll
[2010/04/30 09:15:20 | 000,032,768 | ---- | M] () MD5=EB09E9F6977F2829C4FC8135D83C249D -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.Data.AdoDotNetInterop\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Data.AdoDotNetInterop.dll
[2010/04/30 09:15:19 | 000,019,456 | ---- | M] () MD5=09E1BA5132017051EDC7FD0EDA1C9E7B -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.KeyCode\10.2.3600.0__692fbea5521e1304\CrystalDecisions.KeyCode.dll
[2010/04/30 09:15:22 | 000,065,536 | ---- | M] () MD5=3AAFEB17177D47FDD4AA4ADE6A89D2BC -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.ClientDoc\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.ClientDoc.dll
[2010/04/30 09:15:21 | 000,049,152 | ---- | M] () MD5=B6010B524D0CBCDD35C8800BADE8DF55 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CommLayer\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CommLayer.dll
[2010/04/30 09:15:21 | 000,131,072 | ---- | M] () MD5=22B6E8D7CD33F453722E30EE5C6AFBAF -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CommonControls\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CommonControls.dll
[2010/04/30 09:15:19 | 000,036,864 | ---- | M] () MD5=8B54B286D525DDF53E6C2483FE998A15 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CommonObjectModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CommonObjectModel.dll
[2010/04/30 09:15:20 | 000,159,744 | ---- | M] () MD5=C7E65285DC32C85FBBDC01838E9637A4 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.Controllers\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.Controllers.dll
[2010/04/30 09:15:19 | 000,036,864 | ---- | M] () MD5=6BEBCBBC2960549A7206466D7DCAD856 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.CubeDefModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.CubeDefModel.dll
[2010/04/30 09:15:21 | 000,225,280 | ---- | M] () MD5=060A4BC83552D50367095C5BCF3F87EB -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.DataDefModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.DataDefModel.dll
[2010/04/30 09:15:20 | 000,049,152 | ---- | M] () MD5=627CA5244C33601C91825CF257D3C468 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.DataSetConversion\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.DataSetConversion.dll
[2010/04/30 09:15:21 | 000,005,120 | ---- | M] () MD5=E2C3CF3A362079D517C0D29D6F5E17D4 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.ObjectFactory\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.ObjectFactory.dll
[2010/04/30 09:15:19 | 000,315,392 | ---- | M] () MD5=1C76D3601D0787A0F822ADB19E3D5479 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.ReportDefModel\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.ReportDefModel.dll
[2010/04/30 09:15:21 | 000,015,872 | ---- | M] () MD5=0D87F979AB6F13E83662CDF312FAB05D -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportAppServer.XmlSerialize\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportAppServer.XmlSerialize.dll
[2010/04/30 09:15:22 | 000,102,400 | ---- | M] () MD5=EEED5C17C2B1282A0109CCF6AB3AA759 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.ReportSource\10.2.3600.0__692fbea5521e1304\CrystalDecisions.ReportSource.dll
[2010/04/30 09:15:22 | 000,692,224 | ---- | M] () MD5=8D22960D2C62FA39056EAFB7C00C26F3 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.Shared\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Shared.dll
[2010/04/30 09:15:21 | 000,323,584 | ---- | M] () MD5=56A0BB675C84DD0EBFBBEDDA247BB470 -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.Web\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Web.dll
[2010/04/30 09:15:21 | 000,245,760 | ---- | M] () MD5=0F4AFC286AAB331862EB63C1091D991A -- C:\windows\assembly\GAC_MSIL\CrystalDecisions.Windows.Forms\10.2.3600.0__692fbea5521e1304\CrystalDecisions.Windows.Forms.dll
[2009/06/10 13:22:50 | 000,013,312 | ---- | M] () MD5=AAD128271C76C6596E69CFA81D765C2C -- C:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
[2009/06/10 13:22:50 | 000,005,120 | ---- | M] () MD5=BA86FDE9C3B5BD2FF5EA7A99BF648E82 -- C:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
[2009/12/28 18:59:58 | 029,898,752 | ---- | M] () MD5=BA9BD831951C937CFB48CCA6A4ADE8DB -- C:\windows\assembly\GAC_MSIL\DhtWmc\2.2.1.0__24f79a159e8ec2cc\DhtWmc.dll
[2009/12/28 18:59:59 | 000,040,960 | ---- | M] () MD5=1D75492432F30EF2F4F141DE1F702135 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_ar_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,036,864 | ---- | M] () MD5=D69BDE8D0FE64720C6758641009DA22D -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_bg_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,672 | ---- | M] () MD5=7C8725CBDE649E73BDF92DC7470DA2EC -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_cs_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,015,360 | ---- | M] () MD5=A5E6A91B7CB9B10077D77ED98AB94E08 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_da_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,015,360 | ---- | M] () MD5=6D90446E06F90476D01FA04A42CB8D9F -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_de_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,040,960 | ---- | M] () MD5=AA882452242F3178932403D360B8544B -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_el_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,015,872 | ---- | M] () MD5=EB606689958BAF1E230530B495D304BE -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_es_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,015,872 | ---- | M] () MD5=4F09BF3508B7CF78643A54B57572449A -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_et_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,014,848 | ---- | M] () MD5=88495CAE0DD4EF425D1D726D6EBB7B31 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_fi_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,015,360 | ---- | M] () MD5=11DD9AE2628142A45C8DB3F57AE24ADF -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_fr_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,049,152 | ---- | M] () MD5=2CCFE5BC994C792554BD52F4327C9ED0 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_he_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,016,384 | ---- | M] () MD5=B5D19BF8B532E7E7C3029DBCDE2DA8D1 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_hr_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,672 | ---- | M] () MD5=30D4084203D46D605E44D36A31FBF50B -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_hu_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,014,848 | ---- | M] () MD5=9BAE425CC26EFD042BEAF7AE92E5D525 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_it_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,040,960 | ---- | M] () MD5=959CCA416E711E10BE1D1F4D83247577 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_ja_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,036,864 | ---- | M] () MD5=BD21079B9D26F6FB7DCDD6A861FCD3BF -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_ko_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,672 | ---- | M] () MD5=D4D636B1589A0374DFB55495AD6A6335 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_lt_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,672 | ---- | M] () MD5=713F4D73D3F341EED07E12E3BC66D65A -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_lv_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,014,848 | ---- | M] () MD5=237162EC504EE01707748C6BAC72B05F -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_nl_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,014,848 | ---- | M] () MD5=A63CA97C6A45016AE935DDE3DB3EF726 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_no_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,672 | ---- | M] () MD5=ACFF0F7B7F1CFE6244CA49700EC184B4 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_pl_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,015,360 | ---- | M] () MD5=F990179871A814846DBE2D5215F73CFE -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_pt_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,016,384 | ---- | M] () MD5=C6B8F1C8111944626BAE75658B016A2E -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_pt-BR_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,672 | ---- | M] () MD5=9FB644F309537A2B2C519A870F786AFF -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_ro_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,040,960 | ---- | M] () MD5=1F51E84EDF0ACECBB106CBA0552FF6AC -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_ru_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,672 | ---- | M] () MD5=8A78453865BC0DAC2BC88AF0B6D465D3 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_sk_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,015,872 | ---- | M] () MD5=EF3334415C0B0DC0BFBE0FBCA14F8DF4 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_sl_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,014,848 | ---- | M] () MD5=2CFA885308B3A722FA0838438D47519E -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_sv_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,016,896 | ---- | M] () MD5=8D6A65A2593A0621112D37A28F9EDD6E -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_tr_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,036,864 | ---- | M] () MD5=C9BCB2AE74FA50CFF4E6118B1C80DEF2 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_zh-CHS_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,032,768 | ---- | M] () MD5=520A2029B55B697951FD151273B289B2 -- C:\windows\assembly\GAC_MSIL\DhtWmcRes.resources\2.2.1.0_zh-CHT_d4605d1273c152cf\DhtWmcRes.resources.dll
[2009/12/28 18:59:59 | 000,028,160 | ---- | M] () MD5=1F3D82E2B125B95CE354AF0DE0AB710D -- C:\windows\assembly\GAC_MSIL\DhtWmcRes\2.2.1.0__d4605d1273c152cf\DhtWmcRes.dll
[2010/11/20 04:32:20 | 000,094,208 | ---- | M] () MD5=3AC3967EB34A432332FF4E2D971397E8 -- C:\windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
[2010/11/20 04:32:20 | 000,143,360 | ---- | M] () MD5=7F404ED2BAD3365F1A6452DBE40024FD -- C:\windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
[2009/07/13 13:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe.config
[2009/07/13 17:46:13 | 000,015,872 | ---- | M] () MD5=CC471B699BEF83A45837119601B70B78 -- C:\windows\assembly\GAC_MSIL\ehiActivScp\6.1.0.0__31bf3856ad364e35\ehiActivScp.dll
[2009/07/13 17:46:13 | 000,011,776 | ---- | M] () MD5=357EB8AECD2A0F8BD6DB22485DDDE5B9 -- C:\windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ehiBmlDataCarousel.dll
[2009/07/13 17:20:15 | 000,077,824 | ---- | M] () MD5=598383C42098DF7D0FFD61F459B6CBAF -- C:\windows\assembly\GAC_MSIL\ehiExtens\6.1.0.0__31bf3856ad364e35\ehiExtens.dll
[2009/07/13 17:46:06 | 000,040,960 | ---- | M] () MD5=7CDDCF15C57641475340FEDEE86D69DE -- C:\windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\ehiiTV.dll
[2010/11/20 04:32:20 | 000,172,032 | ---- | M] () MD5=3B813FB741DF5CD45EB4EA36AE0F83B3 -- C:\windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
[2009/07/13 17:46:06 | 000,086,016 | ---- | M] () MD5=712FF5DB0DAC5697ABCA9AC6472EAC8B -- C:\windows\assembly\GAC_MSIL\ehiTVMSMusic\6.1.0.0__31bf3856ad364e35\ehiTVMSMusic.dll
[2009/07/13 17:46:06 | 000,006,144 | ---- | M] () MD5=7F93BA47D13A831EBC7AE6EA6B7C7EFF -- C:\windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ehiUPnP.dll
[2009/07/13 17:20:38 | 000,032,768 | ---- | M] () MD5=62F20E48B43B44D9C6E9B4CF08FB120D -- C:\windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ehiUserXp.dll
[2009/07/13 17:20:51 | 000,335,872 | ---- | M] () MD5=DB2189BF0B4D192F70605F50EC30037B -- C:\windows\assembly\GAC_MSIL\ehiVidCtl\6.1.0.0__31bf3856ad364e35\ehiVidCtl.dll
[2009/07/13 17:21:00 | 000,143,360 | ---- | M] () MD5=391EF4FF1EF376B4408C0DEFE2041DBF -- C:\windows\assembly\GAC_MSIL\ehiwmp\6.1.0.0__31bf3856ad364e35\ehiwmp.dll
[2009/07/13 17:22:59 | 000,086,016 | ---- | M] () MD5=82A5798BD1A2FE8678A51CC9CE493F7F -- C:\windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ehiWUapi.dll
[2010/11/20 04:32:21 | 000,196,608 | ---- | M] () MD5=641443B48D34539ED0F58C1FC3A379F0 -- C:\windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
[2010/11/20 04:32:21 | 006,307,840 | ---- | M] () MD5=89AFF2261ECF21647B126E596675E302 -- C:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
[2010/11/20 04:19:48 | 000,008,192 | ---- | M] () MD5=D7081D68005C975549685E8BF129794E -- C:\windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_en_31bf3856ad364e35\EventViewer.resources.dll
[2010/11/20 04:32:20 | 000,368,640 | ---- | M] () MD5=F046EB4BBFC631D178C6DF20819C1DE5 -- C:\windows\assembly\GAC_MSIL\EventViewer\6.1.0.0__31bf3856ad364e35\EventViewer.dll
[2009/06/10 13:22:54 | 000,008,192 | ---- | M] () MD5=96D9E7E468D537443DE037A7E15CB804 -- C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
[2009/06/10 13:22:55 | 000,077,824 | ---- | M] () MD5=AF29AA7F2F613951A9E913B4290B2ECE -- C:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
[2009/06/10 13:22:55 | 000,006,656 | ---- | M] () MD5=D051642D0ED61E2886FD8917E8B6FAFD -- C:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
[2009/07/13 17:50:20 | 000,106,496 | ---- | M] () MD5=F76D606A61706863C800159442F3E9DA -- C:\windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe
[2010/11/20 05:44:11 | 000,741,376 | ---- | M] () MD5=F3A7B22F00F8E2F9383338BF4FF4F786 -- C:\windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
[2009/07/13 17:47:33 | 000,053,248 | ---- | M] () MD5=49F7D995FB172163A378CFAD66296694 -- C:\windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\MCESidebarCtrl.dll
[2009/07/13 17:47:44 | 000,118,784 | ---- | M] () MD5=32169C979FCC2937779F1299C26FFE0A -- C:\windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\mcglidhostobj.dll
[2010/11/20 05:44:11 | 000,207,872 | ---- | M] () MD5=C97FCB65C600CBE7A78C409DC10736FE -- C:\windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
[2010/11/20 04:32:22 | 000,638,976 | ---- | M] () MD5=F338EC894AA0CE005156B4AB2FF77CCC -- C:\windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
[2011/04/25 03:13:26 | 000,542,560 | ---- | M] () MD5=9A7625CCDBAF9E4428F8F3C4862504A5 -- C:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
[2011/04/25 03:13:23 | 000,137,056 | ---- | M] () MD5=9FF937EBBC03BC1FDDBBB1490D336BC5 -- C:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
[2011/04/25 03:13:23 | 001,214,304 | ---- | M] () MD5=F71FAA5BF8F48333C67601B793435194 -- C:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
[2010/11/20 05:16:44 | 000,007,168 | ---- | M] () MD5=EE0FEDAA1ECF70EC7C201BC6FB7D256A -- C:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
[2009/07/13 17:46:31 | 000,057,344 | ---- | M] () MD5=6F07957980012E2C639A1469CC82BE68 -- C:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
[2009/06/10 13:14:36 | 000,106,496 | ---- | M] () MD5=550E75434C424A17A1E06669D8335C26 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
[2010/11/04 17:57:44 | 000,348,160 | ---- | M] () MD5=24FDCD95121E59D39DCB1585EC8C5901 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 17:53:30 | 000,733,184 | ---- | M] () MD5=DC6476726F4A15BF5BC8CF2C235B17C6 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 17:57:44 | 000,036,864 | ---- | M] () MD5=4B177641BEBC8965220EC474D65981A3 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2009/06/10 13:14:40 | 000,036,864 | ---- | M] () MD5=80F89EC03B39E5A6700C9CA5A5545230 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2010/11/04 17:53:36 | 000,802,816 | ---- | M] () MD5=9EBE67131D1776B86410B56FFC95A5BF -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
[2010/11/04 17:57:45 | 000,655,360 | ---- | M] () MD5=5B5AEB3CEB1FC6D77E57821E6A42DE72 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
[2010/11/04 17:53:30 | 000,094,208 | ---- | M] () MD5=B6EF0B4C1898D03FC7814B890FCE9B72 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
[2010/11/04 17:57:45 | 000,077,824 | ---- | M] () MD5=D7A537839EAB83BAD8F3C053098198E8 -- C:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
[2011/04/25 03:13:23 | 000,034,656 | ---- | M] () MD5=43B4CA0474CDDED16B020F050A07D368 -- C:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
[2010/04/30 09:14:42 | 000,133,848 | ---- | M] () MD5=B73270B08B39582E74F2CE3470B765C5 -- C:\windows\assembly\GAC_MSIL\Microsoft.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.ExceptionMessageBox.dll
[2009/07/13 18:33:04 | 000,036,864 | ---- | M] () MD5=00BAFAF60E0E5EFCB34BF360FF65FA0F -- C:\windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll
[2009/06/10 13:23:03 | 000,749,568 | ---- | M] () MD5=3CF65928E67E362D5B25424EBCC27B12 -- C:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
[2009/07/13 18:13:00 | 000,016,384 | ---- | M] () MD5=4D9D34F0204D5DF8EF1DBBD704735EEB -- C:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
[2009/07/13 17:21:42 | 000,188,416 | ---- | M] () MD5=F8B72BFD1D8C36E1A2C98E25C9CF2504 -- C:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
[2009/07/13 17:52:03 | 001,159,168 | ---- | M] () MD5=4184F48A2A7F0E8349BFC82734313D73 -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Bml.dll
[2009/07/13 17:51:58 | 000,024,576 | ---- | M] () MD5=675B4FDF8010FB917CC3810D4CBF7F7D -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTv.Hosting\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTv.Hosting.dll
[2009/07/13 17:51:44 | 000,086,016 | ---- | M] () MD5=CA7C89AEAC56920195226101750DBCD9 -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.dll
[2009/07/13 17:52:21 | 000,045,056 | ---- | M] () MD5=7BCAA93888177CF3C58EA93EFB648E54 -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.ITVVM\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.ITVVM.dll
[2010/11/20 04:35:58 | 001,572,864 | ---- | M] () MD5=0CFCDCFB9D28CE7AFC3F1823250ABE71 -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
[2010/11/20 04:35:58 | 000,241,664 | ---- | M] () MD5=3E1A7D201A38D73F14FFE90909B38A86 -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
[2010/11/20 04:35:59 | 002,596,864 | ---- | M] () MD5=732807787D6FA99791370D934360AE4C -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
[2010/11/20 04:35:59 | 000,385,024 | ---- | M] () MD5=2F4797433A371756FE937CE802C2F313 -- C:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
[2011/04/25 03:12:34 | 000,132,960 | ---- | M] () MD5=DC19515BD085C765ED8B4A4BB69A685E -- C:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
[2010/02/17 04:37:36 | 000,609,160 | ---- | M] () MD5=E5E7773B52D2A16367A25A684CEA577E -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
[2010/02/13 09:06:18 | 000,043,840 | ---- | M] () MD5=0B8A9BB294B8CF79C99DD3486317285C -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
[2010/02/13 09:06:18 | 000,039,728 | ---- | M] () MD5=A4DAC1328EB3271B7F18B56572BC6433 -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
[2010/02/13 09:06:18 | 000,060,200 | ---- | M] () MD5=F8B8E043A7CF09E811A9914BA4A6FE34 -- C:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
[2009/07/13 18:33:06 | 000,010,752 | ---- | M] () MD5=379089FDE4608B9401EC95B274542576 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
[2010/11/20 05:44:11 | 000,102,400 | ---- | M] () MD5=6EAAC822D547374E6262AFBA30401E5F -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
[2010/11/20 05:16:44 | 000,036,864 | ---- | M] () MD5=FFA7D0C210B6E1B47E15525053B725D4 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
[2010/11/20 05:44:11 | 000,290,816 | ---- | M] () MD5=801F0D419E2B3602218348BFB45C230D -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
[2009/07/13 18:33:06 | 000,049,152 | ---- | M] () MD5=B32152DF054633A28F4D5E2AEDDF5F19 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
[2010/11/20 05:44:12 | 000,667,648 | ---- | M] () MD5=2B291883E64693401A7DD55A5F35B249 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
[2010/11/20 05:16:44 | 000,040,960 | ---- | M] () MD5=951B942088F27F3895B8B3A08E8530A3 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
[2009/07/13 17:46:58 | 000,200,704 | ---- | M] () MD5=4A096A4B77AE0C49D3628CE164EEC3C2 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
[2009/07/13 18:33:08 | 000,069,632 | ---- | M] () MD5=2CF04D9D956AF6FC9381271E55AEAA91 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
[2010/11/20 05:44:12 | 000,991,232 | ---- | M] () MD5=B4D0FCD1E5681E61534CD0DE182BB88A -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
[2009/07/13 18:33:10 | 000,040,960 | ---- | M] () MD5=E2D60DEED2AA1F403CC63739AEF5E4A3 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
[2009/07/13 17:47:40 | 000,651,264 | ---- | M] () MD5=031F6012ED32D35DCE00CCAB160C75CF -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
[2009/07/13 18:33:08 | 000,016,896 | ---- | M] () MD5=C197070E1F609DD5F6D0D903D8ADE915 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
[2009/07/13 17:47:11 | 000,278,528 | ---- | M] () MD5=D05827F60C018DA99938BFAF3659C9DB -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
[2009/07/13 18:33:08 | 000,009,216 | ---- | M] () MD5=C4A74FA93F0FDAE5E72E4AE147FE242B -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
[2010/11/20 05:44:12 | 000,077,824 | ---- | M] () MD5=EAB08B2E94E52E818B1892C64607AB58 -- C:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
[2011/04/25 03:13:22 | 000,153,440 | ---- | M] () MD5=CACCF284C13BBD35052947C3A114B0C7 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
[2011/04/25 03:12:34 | 000,042,848 | ---- | M] () MD5=9E4FA3A20F2DE77CCAB6A8EFA7D287F5 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
[2011/04/25 03:12:34 | 000,198,496 | ---- | M] () MD5=575855B6A47777F788AD39F8FA93CEF8 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
[2010/04/30 09:13:22 | 000,016,600 | ---- | M] () MD5=735A502E1F6BBFE11D4CC09DD18ED321 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Instapi\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.InstApi.dll
[2011/04/25 03:13:23 | 000,067,424 | ---- | M] () MD5=6D8D726CE2ABD1885566CA90623F7A23 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
[2010/04/30 09:13:24 | 000,047,832 | ---- | M] () MD5=8958214105128F658E71A3AC36200882 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Replication.BusinessLogicSupport\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.BusinessLogicSupport.dll
[2011/04/25 03:13:23 | 000,554,848 | ---- | M] () MD5=F1F94C4355A27D49DA674B92AAD920F2 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
[2011/04/25 03:13:23 | 000,038,752 | ---- | M] () MD5=5E651390EF1BB842DDEBA206401DBD2E -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
[2010/04/30 09:12:33 | 000,289,496 | ---- | M] () MD5=FA7255A4256C6A3C5331FDE3793E080F -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll
[2011/04/25 03:13:22 | 001,603,424 | ---- | M] () MD5=FE4E17F9D35306D494DD43F7B4243084 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
[2011/04/25 03:13:22 | 000,218,976 | ---- | M] () MD5=2FC9BB59E07E492E3C95F94E66EDBA36 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
[2011/04/25 03:13:22 | 000,919,392 | ---- | M] () MD5=3A9BF9F2B30AC4F73FCFAA61B6A9E232 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
[2010/04/30 09:13:21 | 000,043,736 | ---- | M] () MD5=BE2492D92C4FC10105472AE195E02C57 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlTDiagM\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlTDiagM.dll
[2010/04/30 09:13:21 | 000,020,184 | ---- | M] () MD5=1317C4E0EEBA05F82FD9767EBFA5DD17 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SString\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SString.dll
[2011/04/25 03:12:34 | 000,591,712 | ---- | M] () MD5=7EBA82E9FD96B5E8E9F3894500FE4D42 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
[2011/04/25 03:13:22 | 000,042,848 | ---- | M] () MD5=A24A67B53B7CE04449E82ADADFED1584 -- C:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
[2009/07/13 18:33:10 | 000,073,728 | ---- | M] () MD5=AD97A4CA111C67B9CC070DD073776B3B -- C:\windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll
[2009/07/13 17:48:24 | 000,192,512 | ---- | M] () MD5=05DD252C92F92A1CFCFF84903D0225B6 -- C:\windows\assembly\GAC_MSIL\Microsoft.Tpm\6.1.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
[2009/06/10 13:14:03 | 000,397,312 | ---- | M] () MD5=130FF58B6245F78097E7619EFB61CDD2 -- C:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
[2009/06/10 13:23:03 | 000,110,592 | ---- | M] () MD5=A070FD9509392CEB84A3ED8F8A42A504 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
[2010/11/04 17:57:46 | 000,372,736 | ---- | M] () MD5=B424A0AF636B1D3DAE3A664285EF9795 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
[2009/06/10 13:23:04 | 000,028,672 | ---- | M] () MD5=A5B5F03020C0A01276801CF2C807FF8C -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
[2010/11/04 17:57:46 | 000,610,304 | ---- | M] () MD5=DF1F3AFE18D254F759BB1A000B811C15 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
[2009/06/10 13:14:40 | 000,041,984 | ---- | M] () MD5=DD26812B72AF01116F7A1DDD4FA21E49 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
[2009/06/10 13:23:04 | 000,005,632 | ---- | M] () MD5=BBAEF0C6E310A25D3BCCAA2ADC538F82 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
[2010/02/13 09:06:21 | 000,211,736 | ---- | M] () MD5=2D273C8B22DA28704B4968E5197A793F -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
[2010/02/13 09:06:21 | 000,105,248 | ---- | M] () MD5=F05A0DC8BC23982813A4AD61EAA89E7D -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
[2010/02/13 09:06:21 | 000,330,520 | ---- | M] () MD5=7FBD0EDFBE1A28CD9FC392735699E749 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
[2010/02/13 09:06:21 | 000,039,712 | ---- | M] () MD5=52FC5D2D66561348D3ECF4BB5F55145D -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
[2010/02/13 09:06:21 | 000,039,704 | ---- | M] () MD5=3DAE657D730C6B4E50107831F7B334E8 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
[2010/02/13 09:06:21 | 000,072,472 | ---- | M] () MD5=69A552F5D231C02F43F1E18ABC69B131 -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
[2009/06/10 13:23:04 | 000,012,800 | ---- | M] () MD5=71C2F1A0F8FFD6D017F039AC023DE81C -- C:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
[2009/06/10 13:23:04 | 000,032,768 | ---- | M] () MD5=45F2E4914DDCDA6F468D99FAA91911F2 -- C:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
[2009/07/13 18:33:12 | 000,004,096 | ---- | M] () MD5=E935C47D0C44352C7D6525A1325ABED3 -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll
[2009/07/13 17:51:58 | 000,009,728 | ---- | M] () MD5=4D851ACFD99800153B512F98DE8EE53F -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll
[2009/07/13 18:33:12 | 000,004,096 | ---- | M] () MD5=3CC03A1C2E1969B4EF4659D07A955BD5 -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll
[2009/07/13 17:49:05 | 000,010,752 | ---- | M] () MD5=22C1F179C2141626AF5AA4EE3B466F70 -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll
[2009/07/13 18:33:12 | 000,004,096 | ---- | M] () MD5=83CB16FC8537B2D0A47A0D7728074CF7 -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll
[2009/07/13 17:49:19 | 000,009,216 | ---- | M] () MD5=3E54B66D932C3B9ACF9A85DCBCB9012A -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll
[2009/07/13 18:33:12 | 000,004,096 | ---- | M] () MD5=C7B89E6373CAA6563CC190AF83AB8189 -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll
[2009/07/13 17:49:36 | 000,008,192 | ---- | M] () MD5=46F52892AE2A9F422A992E67109C26B3 -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll
[2010/11/20 05:16:44 | 000,004,096 | ---- | M] () MD5=4F99E7FCEBE740F038392F993D910CAE -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.resources.dll
[2009/07/13 17:49:35 | 000,024,576 | ---- | M] () MD5=D63EFE70138DD63ED305547E154185DB -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.dll
[2009/07/13 18:33:12 | 000,006,656 | ---- | M] () MD5=332AB4925318F2B2CA3E6D31D69BBA74 -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll
[2009/07/13 17:49:35 | 000,049,152 | ---- | M] () MD5=C7266BF807067847FE533B5130F3476E -- C:\windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll
[2009/07/13 18:33:12 | 000,013,824 | ---- | M] () MD5=DD6902F80F16E9EBDC289FFB376F921A -- C:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
[2010/11/20 05:44:12 | 000,286,720 | ---- | M] () MD5=045923382F35E9C922AC8693F1240645 -- C:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
[2009/07/13 17:49:51 | 000,007,168 | ---- | M] () MD5=FD9DC207646A40F715B2E3FA12FF8B2F -- C:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
[2009/06/10 13:23:04 | 000,007,168 | ---- | M] () MD5=E5640EF09DA87B03E78F18F850CFF728 -- C:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
[2009/07/13 18:13:12 | 001,552,384 | ---- | M] () MD5=5D85FA66189E6832466C8DEE97CA8C3F -- C:\windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll
[2010/11/20 04:36:00 | 003,416,064 | ---- | M] () MD5=CD35B1936F50990D1FCEAE31E2D1553F -- C:\windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
[2010/11/20 04:19:49 | 000,036,864 | ---- | M] () MD5=E5956455F8A07B174CF146247EC6315E -- C:\windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll
[2009/07/13 17:26:50 | 000,421,888 | ---- | M] () MD5=A9D4275CE5EA165C267AE05A6821CB54 -- C:\windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
[2010/11/20 04:19:49 | 000,004,096 | ---- | M] () MD5=930887F063E075C31E38E435F9C3D94C -- C:\windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll
[2009/07/13 17:26:07 | 000,110,592 | ---- | M] () MD5=E72BF459A519312B4FF7F3FA8A85BA13 -- C:\windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
[2010/04/30 09:13:21 | 000,084,696 | ---- | M] () MD5=67725D9F391E53FCF358241D831FD000 -- C:\windows\assembly\GAC_MSIL\MSClusterLib\1.0.0.0__89845dcd8080cc91\MSClusterLib.dll
[2009/07/13 18:32:00 | 000,049,152 | ---- | M] () MD5=341507487E1AD54BE8079C7637810C9E -- C:\windows\assembly\GAC_MSIL\napinit.resources\6.1.0.0_en_31bf3856ad364e35\napinit.Resources.dll
[2009/07/13 17:50:10 | 000,073,728 | ---- | M] () MD5=2E112025F72F2BF1302D8D5AA9014977 -- C:\windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\NAPINIT.DLL
[2009/07/13 18:32:16 | 000,233,472 | ---- | M] () MD5=6B24C82334B7A52A1349E6E5BB162D88 -- C:\windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_en_31bf3856ad364e35\napsnap.resources.dll
[2009/07/13 17:50:24 | 000,454,656 | ---- | M] () MD5=6F6170493DADDBAE1AFF0A2E2FABAE34 -- C:\windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL
[2010/11/20 05:44:13 | 001,077,248 | ---- | M] () MD5=AFA10DB13B9A0537297AEEF2CD66352F -- C:\windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe
[2009/12/11 22:14:20 | 000,000,815 | ---- | M] () MD5=0A33273323603FCBD8DDD74758163161 -- C:\windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config
[2009/12/11 22:14:20 | 000,005,632 | ---- | M] () MD5=841736FAB112AC493646E4399E684D38 -- C:\windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
[2009/12/11 22:14:20 | 000,000,831 | ---- | M] () MD5=A9C1035129544B3867E06A8F02874FE4 -- C:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config
[2009/12/11 22:14:20 | 000,005,632 | ---- | M] () MD5=1A49D09BD80C023A771214DA826FF6B6 -- C:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
[2009/12/11 22:14:20 | 000,000,828 | ---- | M] () MD5=52B88C0916FAFF34E0174CD718980AC4 -- C:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config
[2009/12/11 22:14:20 | 000,005,632 | ---- | M] () MD5=0C8F794B0C057EB421569A4E5B8E98C5 -- C:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
[2010/11/04 17:53:21 | 000,598,016 | ---- | M] () MD5=AEFD96A1A087027A7EDC21F83F1B4727 -- C:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
[2009/06/10 13:14:50 | 000,032,768 | ---- | M] () MD5=24F02A6A94DC8AE6F2ACDA7950CBEEB3 -- C:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
[2009/06/10 13:14:51 | 000,042,856 | ---- | M] () MD5=E56F39F6B7FDA0AC77A79B0FD3DE1A2F -- C:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2009/06/10 13:14:43 | 000,196,608 | ---- | M] () MD5=C9DF30B6F5D99C8147C528528B9CC498 -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
[2009/06/10 13:14:44 | 000,139,264 | ---- | M] () MD5=98F2493B40E00061B4A4369E63790293 -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
[2010/11/04 17:53:23 | 000,397,312 | ---- | M] () MD5=4E9FDA223530F931AC1F03ABB58E4DA5 -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
[2009/06/10 13:14:44 | 000,163,840 | ---- | M] () MD5=13E8EC241CA1402C923DF3A1DA9CAF70 -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
[2010/11/04 17:53:23 | 005,279,744 | ---- | M] () MD5=1D362AE9606BF7D4E3342EB7F7671CD0 -- C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
[2009/06/10 13:14:52 | 000,864,256 | ---- | M] () MD5=0F8242348EBA698FF93193A6BDC55362 -- C:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
[2010/11/04 17:53:24 | 000,532,480 | ---- | M] () MD5=270045542C06E099B22F8EF6577B8C09 -- C:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
[2009/12/28 18:59:59 | 000,010,752 | ---- | M] () MD5=C44B7248BC83E9567BF4FE206C304451 -- C:\windows\assembly\GAC_MSIL\RtkApoApiLib\1.0.0.0__6ce8917abb414b40\RtkApoApiLib.dll
[2009/06/10 13:15:18 | 000,005,632 | ---- | M] () MD5=AA7004ABA8C37DDCA200E16F1570EF62 -- C:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
[2010/11/04 17:52:39 | 000,110,592 | ---- | M] () MD5=6F145DEF09821EB6614C501430CB838C -- C:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
[2010/11/04 17:52:39 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
[2009/07/13 17:48:50 | 000,086,016 | ---- | M] () MD5=6B16E2A529A703956915122B895DA5F6 -- C:\windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.1.0.0__31bf3856ad364e35\SonicMCEBurnEngine.dll
[2009/12/28 18:59:59 | 000,094,208 | ---- | M] () MD5=E49E3D5C98459FD2E6A32290D5AF1736 -- C:\windows\assembly\GAC_MSIL\STACAPILib\1.0.0.0__a0d5bc18363fd5eb\STACAPILib.dll
[2009/06/10 13:23:17 | 000,110,592 | ---- | M] () MD5=3C8AF820562CC8E3A1CF82650518F66C -- C:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
[2010/11/04 17:53:30 | 000,045,056 | ---- | M] () MD5=6D593E9AE74E39A62F8184515B27DF28 -- C:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
[2010/02/13 09:06:21 | 000,039,624 | ---- | M] () MD5=80F57E4804E4BA1B203F8427C0475470 -- C:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
[2010/11/04 17:53:30 | 000,163,840 | ---- | M] () MD5=949408949F9C8FF4FDB82A8EB14792EE -- C:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
[2010/11/04 17:53:30 | 000,057,344 | ---- | M] () MD5=27E76A55FA5C3586297C2D42986304AC -- C:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
[2010/11/04 17:58:04 | 000,081,920 | ---- | M] () MD5=ED2D3B032733BFC7A68FCE05BC7F93B4 -- C:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
[2010/11/04 17:58:04 | 000,425,984 | ---- | M] () MD5=5A7A33F7F9DFC0C0A8B8E000F4D9D898 -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
[2010/11/04 17:53:30 | 000,667,648 | ---- | M] () MD5=FC114C6C8AB34F1A357069AD3E4477F8 -- C:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
[2010/11/04 17:53:31 | 000,053,248 | ---- | M] () MD5=82D34DEB3105E63981A0306B03C10A07 -- C:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
[2010/11/04 17:53:31 | 000,229,376 | ---- | M] () MD5=02B81AAEB463E966372AF6A1C0B6038E -- C:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
[2010/11/04 17:53:31 | 002,879,488 | ---- | M] () MD5=EEDCBC7607D2852BBF74409B49A8D1C1 -- C:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
[2010/11/04 17:53:31 | 000,684,032 | ---- | M] () MD5=8AB40EB71BB5D5F4641AA5895712B981 -- C:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
[2010/11/04 17:53:32 | 000,462,848 | ---- | M] () MD5=606ACF1553423BFDD3CABEBA3DF264B9 -- C:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
[2010/11/04 17:53:32 | 000,163,840 | ---- | M] () MD5=0ACA904F87E674CF3CB6746D9D3AB321 -- C:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
[2010/11/04 17:53:32 | 000,692,224 | ---- | M] () MD5=4BA482E447D6096E8D4348AAE306CE1B -- C:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
[2009/12/11 22:34:28 | 000,236,392 | ---- | M] () MD5=A200E7209B42BAA18F438695CE45B0B9 -- C:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
[2010/11/04 17:58:05 | 000,745,472 | ---- | M] () MD5=800484A3335EACDAA9600120385CCBDC -- C:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
[2010/11/04 17:58:05 | 000,970,752 | ---- | M] () MD5=418EC83A2FC441A3D40F3FDCDA851392 -- C:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
[2010/11/04 17:58:06 | 004,927,488 | ---- | M] () MD5=2D7D124DCC4E7643F2B8AB4592150950 -- C:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
[2010/11/04 17:53:32 | 000,290,816 | ---- | M] () MD5=CD86BDCB5E115635E6AB7DFE77FC1D11 -- C:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
[2009/06/10 13:23:18 | 000,188,416 | ---- | M] () MD5=EE1DCDAA3EA8F53DA56116875CD01653 -- C:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
[2010/11/04 17:58:06 | 000,401,408 | ---- | M] () MD5=AF1F47FBADABB9134002359970F5FD1C -- C:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
[2009/06/10 13:23:18 | 000,081,920 | ---- | M] () MD5=D195A195E3D16A867FD4382D786313B8 -- C:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
[2010/11/04 17:58:08 | 000,626,688 | ---- | M] () MD5=34B28F4AD92F4A75D739F7B0E06858EF -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
[2010/11/04 17:52:27 | 000,126,976 | ---- | M] () MD5=DF7FEE2563BF2D59926B786FBF636510 -- C:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
[2010/11/04 17:52:27 | 000,442,368 | ---- | M] () MD5=9638C20A92962CAFC45E8F48AE6238F5 -- C:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
[2009/06/10 13:13:54 | 000,131,072 | ---- | M] () MD5=AC45DB17E166ECEBD320D4FA2820C1B6 -- C:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
[2009/07/13 18:32:38 | 000,253,952 | ---- | M] () MD5=49D669DD9F8F3D4D8600D94EFB46EDF8 -- C:\windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll
[2010/11/20 05:44:13 | 003,010,560 | ---- | M] () MD5=54ECF49D6A42B61AA582216AAEB9657D -- C:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
[2010/11/04 17:53:32 | 000,143,360 | ---- | M] () MD5=BCD4761D6E2290B490498126C67A35D0 -- C:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
[2010/11/04 17:58:09 | 000,385,024 | ---- | M] () MD5=52C875E8F96E4F9E69914A538C129C6E -- C:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
[2010/11/04 17:58:09 | 000,258,048 | ---- | M] () MD5=3035497DE3B9208633BC7F3604D781FB -- C:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
[2010/11/04 17:53:32 | 000,237,568 | ---- | M] () MD5=74446FB0C54CB43A279E735F9C335752 -- C:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
[2010/11/04 17:58:10 | 000,303,104 | ---- | M] () MD5=1D4DA021B0AD837B35AFB772CC7C636D -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
[2009/06/10 13:23:19 | 000,131,072 | ---- | M] () MD5=C9781DA4EE6A5BBAE271CC0AC4B25D7C -- C:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/04 17:52:27 | 000,970,752 | ---- | M] () MD5=01D4E1005C901889517EED7F438DB501 -- C:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2010/11/04 17:58:10 | 000,258,048 | ---- | M] () MD5=A15491BE2D672FCDBFEB250E9594D7ED -- C:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
[2010/11/04 17:52:40 | 000,073,728 | ---- | M] () MD5=4E0883AF9D5B4F2AAFD19F6663CBAF5F -- C:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
[2010/11/04 17:52:41 | 000,032,768 | ---- | M] () MD5=9A9827B4F896F40607DF8103B9C438C0 -- C:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
[2010/11/04 17:52:44 | 000,569,344 | ---- | M] () MD5=EA5213E7090668C917EEB947FDC3CD46 -- C:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
[2010/11/04 17:52:30 | 005,988,352 | ---- | M] () MD5=196D093057DE9D765FF8DDFA24215D3B -- C:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
[2010/11/04 17:58:10 | 000,114,688 | ---- | M] () MD5=F68CAFF425A9F37E498193BDDC5CC652 -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
[2009/06/10 13:14:45 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
[2010/11/04 17:53:32 | 000,077,824 | ---- | M] () MD5=DE8831D65E92BC50304F37CC75EC31D5 -- C:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
[2010/11/04 17:53:32 | 000,032,768 | ---- | M] () MD5=4A1EF32D7C394D8400870C73B40CA2A4 -- C:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
[2010/11/04 17:53:32 | 000,229,376 | ---- | M] () MD5=054F8B86C1258EDDB833A38B54155CF7 -- C:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
[2010/11/04 17:53:32 | 000,131,072 | ---- | M] () MD5=A282147F21B0DB24DB3B3566E828A8AE -- C:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
[2010/11/04 17:53:33 | 000,139,264 | ---- | M] () MD5=A5722B31B8454EE1CC50753C93CFDB4E -- C:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
[2010/11/04 17:53:33 | 000,335,872 | ---- | M] () MD5=C935E89C6F71F188282632F35A04D0C1 -- C:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
[2011/12/25 12:42:15 | 001,277,952 | ---- | M] () MD5=58AD1FECFBAEE633D6326377D8E0982E -- C:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
[2010/11/04 17:58:11 | 000,835,584 | ---- | M] () MD5=18FDA35C607C486C0D5B91D7DD06CD17 -- C:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
[2009/06/10 13:23:20 | 000,077,824 | ---- | M] () MD5=1CDB3B55F1330F85A674B0B5927399F4 -- C:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
[2010/11/04 17:53:33 | 000,061,440 | ---- | M] () MD5=6D138BD2348457A5097F2772C78FE094 -- C:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
[2010/11/04 17:58:12 | 000,839,680 | ---- | M] () MD5=8C0B098B41A27B08D58CAE7A61A3BA19 -- C:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
[2011/03/29 14:33:52 | 005,025,792 | ---- | M] () MD5=2228FA05BCC728E116663A5E11ED6301 -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
[2009/06/10 13:15:18 | 000,012,288 | ---- | M] () MD5=1CCEE8037C8EF9A08DD0ADB7E3E38D78 -- C:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
[2010/11/04 17:53:45 | 001,142,784 | ---- | M] () MD5=A422312AE61E44B166FAC615786296A1 -- C:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
[2010/11/04 17:53:46 | 001,630,208 | ---- | M] () MD5=BD0B0F768E7E74C5CD7A34B8B4BCC81D -- C:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
[2010/11/04 17:53:46 | 000,540,672 | ---- | M] () MD5=32FF0E945F51F5147A8304026B5C19EA -- C:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
[2010/11/04 17:52:45 | 000,507,904 | ---- | M] () MD5=CC3B424ED10A8E477B5D466188531F26 -- C:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
[2010/11/04 17:53:34 | 000,139,264 | ---- | M] () MD5=EF6CEBC989FBDAEEB83E5662F1499FC0 -- C:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
[2010/11/04 17:58:14 | 002,048,000 | ---- | M] () MD5=5B3FA17E1CD6FBBDF41AC34DAEECC256 -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
[2011/05/04 14:32:40 | 003,190,784 | ---- | M] () MD5=175C13B93432E9FA2E5A1496F70A2A8B -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
[2009/07/13 18:12:46 | 000,007,168 | ---- | M] () MD5=ABBF43F681EF160CAAB7C41BC289DA06 -- C:\windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll
[2010/11/20 04:36:00 | 000,167,936 | ---- | M] () MD5=1D264989FFABEF36745304F5DD216DC7 -- C:\windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35\TaskScheduler.dll
[2009/06/10 13:14:45 | 000,172,032 | ---- | M] () MD5=3F47DB8D603A84FBF1154901AAC177CD -- C:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
[2009/06/10 13:14:46 | 000,380,928 | ---- | M] () MD5=32D7B8CC805D2DA70D01DA89982DCE1D -- C:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
[2009/06/10 13:14:46 | 000,040,960 | ---- | M] () MD5=0D2A84FF4383B4F41EDA8B4DE2D45D6C -- C:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
[2009/06/10 13:14:46 | 000,098,304 | ---- | M] () MD5=62DF8C1D169752DF885E44D21309F7E6 -- C:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
[2010/11/04 17:53:26 | 001,253,376 | ---- | M] () MD5=30E46D54FB2938CCF04BE99F1D4FBE3D -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
[2009/06/10 13:14:47 | 000,094,208 | ---- | M] () MD5=D9673C241B14E5526A81B3ABAD3FD3BA -- C:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
[2010/11/04 17:52:42 | 000,149,328 | ---- | M] () MD5=8AB248DD85018CC3232D2F20E45A30E7 -- C:\windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16


< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

OTL Extras logfile created on: 1/14/2012 5:50:39 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hale-Bopp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 80.34% Memory free
7.61 Gb Paging File | 6.93 Gb Available in Paging File | 91.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.89 Gb Total Space | 15.85 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 415.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HALE-BOPP-PC | User Name: Hale-Bopp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1899940234-2321534448-96688503-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7523EFAC-5445-4E89-BD90-84E0D0110690}" = Adobe Photoshop Lightroom 2.6 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.8
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"2C2963602E49B5ABEA34D367B5C48C97927C670A" = Windows Driver Package - C Technologies AB (CPen20) Input Pen (09/28/2007 2.0.0.0)
"37EA8D09F3047ACD7C7B20F069FA3F7332CDB51D" = Windows Driver Package - C Technologies AB (CPen20) Input Pen (03/24/2009 2.0.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"Expstudio Audio Editor FREE" = Expstudio Audio Editor FREE
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.03.02
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EBAC12E-B672-4682-BE44-8780E121CB61}" = LG Verizon United Drivers
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57512081-5660-4A8F-9ACD-1574CE11F7BA}" = Extension Renamer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{830B105A-40FA-4D9B-992A-44E4D1BE0D2F}" = SocketScan Software
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1D86F3-3FF4-400B-9B2F-27B269C594EE}" = Multiple Image Resizer .NET
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{97C33C68-CB58-4161-9149-7BE9C047B6C8}" = BarDecoder
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A760067A-C07E-1033-0000-A764AC000009}" = Avery Template
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"7-Zip" = 7-Zip 4.65
"97F7FE74-5618-459B-8E88-D4485A5288A1" = HydroBuddy
"AC3Filter_is1" = AC3Filter 1.62b
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Audacity_is1" = Audacity 1.2.6
"BitTorrent" = BitTorrent
"Broadband2Go" = Broadband2Go
"Broadleaf Weed Seedling ID" = Broadleaf Weed Seedling ID
"Canon MP280 series User Registration" = Canon MP280 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"ClipX" = ClipX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Corn Growth" = Corn Growth
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESBUnitConv4_is1" = ESBUnitConv
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Multiple Image Resizer .NET" = Multiple Image Resizer .NET
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Orb" = Orb
"Orb Mini Controller" = Orb Mini Controller
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Polipo" = Polipo 1.0.4.1
"Privoxy" = Privoxy (remove only)
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"Saver2" = Saver2
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"ST6UNST #1" = Nutron2000 Edition 3MU
"TagScanner_is1" = TagScanner 5.1 build 594
"Tor" = Tor 0.2.2.35
"TrueCrypt" = TrueCrypt
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.8
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1899940234-2321534448-96688503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Sansa Updater" = Sansa Updater
"TASSEL" = TASSEL
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 5:35:17 AM | Computer Name = Hale-Bopp-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/30/2011 5:35:17 AM | Computer Name = Hale-Bopp-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/31/2011 9:50:05 AM | Computer Name = Hale-Bopp-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Adobe\acrobat
9.0\designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/3/2012 6:33:54 AM | Computer Name = Hale-Bopp-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 213c Start
Time: 01ccca011599ffb5 Termination Time: 20 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 6ba80f37-35f6-11e1-b911-00266c3d1c0c

Error - 1/3/2012 6:53:34 AM | Computer Name = Hale-Bopp-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Adobe\acrobat
9.0\designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/6/2012 5:41:19 PM | Computer Name = Hale-Bopp-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Adobe\acrobat
9.0\designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/7/2012 3:52:09 PM | Computer Name = Hale-Bopp-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Adobe\acrobat
9.0\designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/9/2012 4:15:49 PM | Computer Name = Hale-Bopp-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/12/2012 1:47:36 PM | Computer Name = Hale-Bopp-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\Adobe\acrobat
9.0\designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/12/2012 6:48:53 PM | Computer Name = Hale-Bopp-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VerControl.exe, version: 1.0.1.9, time
stamp: 0x4caa12e3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1194 Faulting application
start time: 0x01ccd0a61eec7e6d Faulting application path: C:\Users\Hale-Bopp\AppData\Local\TempImg\VerControl.exe
Faulting
module path: unknown Report Id: 9988c98b-3d6f-11e1-b2f3-00266c3d1c0c

[ Cisco AnyConnect VPN Client Events ]
Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/8/2010 4:02:09 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
400 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/10/2010 8:54:54 PM | Computer Name = Hale-Bopp-PC | Source = vpnagent | ID = 50331650
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).

[ Media Center Events ]
Error - 2/13/2010 9:19:02 PM | Computer Name = Hale-Bopp-PC | Source = MCUpdate | ID = 0
Description = 5:19:02 PM - Error connecting to the internet. 5:19:02 PM - Unable
to contact server..

Error - 2/13/2010 9:19:12 PM | Computer Name = Hale-Bopp-PC | Source = MCUpdate | ID = 0
Description = 5:19:07 PM - Error connecting to the internet. 5:19:07 PM - Unable
to contact server..

Error - 2/22/2010 5:43:07 AM | Computer Name = Hale-Bopp-PC | Source = MCUpdate | ID = 0
Description = 1:43:03 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 3/12/2010 5:56:20 PM | Computer Name = Hale-Bopp-PC | Source = MCUpdate | ID = 0
Description = 1:56:19 PM - Error connecting to the internet. 1:56:19 PM - Unable
to contact server..

Error - 3/12/2010 5:56:29 PM | Computer Name = Hale-Bopp-PC | Source = MCUpdate | ID = 0
Description = 1:56:25 PM - Error connecting to the internet. 1:56:25 PM - Unable
to contact server..

[ System Events ]
Error - 1/14/2012 9:53:08 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 9:55:16 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 9:55:16 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 9:55:16 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 10:00:16 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 10:00:16 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 10:00:16 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 10:02:24 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 10:02:24 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/14/2012 10:02:24 AM | Computer Name = Hale-Bopp-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >


Thanks!!!

#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:24 PM

Posted 14 January 2012 - 09:33 AM

Hi ellabrow,



Thanks for the logs.

Did you set these proxy settings on purpose?



FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0






STEP 1



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Users\Hale-Bopp\AppData\Local\lsj.exe

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/

Repeat the steps for these files too:

C:\windows\system32\basecsp8.dll
C:\windows\syswow64\basecsp8.dll





STEP 2



We need to run an OTL Fix


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    FF - prefs.js..extensions.enabledItems: {9F53E5A4-D638-4CFA-8F96-2757096861DC}:1.9.1
    FF - prefs.js..extensions.enabledItems: {B31A5444-2CC4-4615-961D-7BF4F3A135CB}:1.9.1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} [2011/03/02 20:21:14 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F53E5A4-D638-4CFA-8F96-2757096861DC}: C:\Users\Hale-Bopp\AppData\Local\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ [2010/03/06 18:10:58 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} [2011/03/02 20:21:14 | 000,000,000 | ---D | M]
    [2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\askcom.xml
    [2011/05/12 07:33:48 | 000,001,919 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\bing-zugo.xml
    [2010/03/06 18:10:58 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC}
    [2011/03/02 20:21:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [yKwSdghLSjK.exe] C:\ProgramData\yKwSdghLSjK.exe ()
    [2012/01/13 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/14 05:36:05 | 000,000,336 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT
    [2012/01/14 05:35:37 | 000,359,680 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT.exe
    [2012/01/14 05:32:32 | 000,000,316 | -HS- | M] () -- C:\windows\tasks\YBNZXQQCA.job
    [2012/01/13 22:29:20 | 000,000,280 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2
    [2012/01/13 22:29:20 | 000,000,176 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2r
    [2012/01/13 22:27:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\FLd2nxg7lxZOj2
    [2012/01/13 16:56:01 | 000,000,456 | ---- | M] () -- C:\ProgramData\69F6lDwaWhigBv
    [2012/01/13 16:54:57 | 000,000,280 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBv
    [2012/01/13 16:54:57 | 000,000,176 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBvr
    [2012/01/13 16:54:55 | 000,000,688 | ---- | M] () -- C:\Users\Hale-Bopp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/13 16:54:55 | 000,000,664 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\System Check.lnk
    [2012/01/13 16:52:21 | 000,455,424 | ---- | M] () -- C:\ProgramData\yKwSdghLSjK.exe
    [2011/12/06 01:10:49 | 000,013,158 | -HS- | M] () -- C:\ProgramData\l3y7fpd4251
    [2011/12/06 01:10:48 | 000,013,158 | -HS- | M] () -- C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251
    [2011/07/09 21:21:51 | 000,010,024 | -HS- | C] () -- C:\Users\Hale-Bopp\AppData\Local\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
    [2011/07/09 21:21:51 | 000,010,024 | -HS- | C] () -- C:\ProgramData\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
    [2011/07/09 20:45:02 | 000,004,416 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Roaming\40D2.298
    [2011/04/30 04:11:44 | 000,011,374 | -HS- | C] () -- C:\Users\Hale-Bopp\AppData\Local\0v0y14704x557f7yddg074fb3873
    [2011/04/30 04:11:44 | 000,011,374 | -HS- | C] () -- C:\ProgramData\0v0y14704x557f7yddg074fb3873
    [2010/08/08 21:03:50 | 000,000,024 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Roaming\bawuho.dat
    [2010/03/06 18:10:59 | 000,000,120 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Local\Atetokaradewilul.dat
    [2010/03/06 18:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Local\Bwociqusolet.bin
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:010ADD2C
    :files
    dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B" /c 
    dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ufybi" /c 
    dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ubafa" /c 
    :Commands
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.




Regards,
Georgi

cXfZ4wS.png


#6 ellabrow

ellabrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 10:06 AM

Hey Georgi, thanks for the quick reply.

Yes, those proxy settings were set by my vidalia bundle (TOR proxy).

Will get that report to you shortly.

Ellabrow

#7 ellabrow

ellabrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 10:15 AM

Virustotal.com resutls for lsj.exe - is this what is needed or do you need the info from the "Additional Information" tab at the bottom of the results page? - Thanks!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Antivirus Result Version Update
AntiVir TR/Crypt.XPACK.Gen5 7.11.21.28 20120113
Antiy-AVL - 2.0.3.7 20120114
Avast Win32:MalOb-IG [Cryp] 6.0.1289.0 20120114
AVG FakeAlert.AGK 10.0.0.1190 20120114
BitDefender Gen:Variant.Kazy.47338 7.2 20120114
ByteHero - 1.0.0.1 20120111
CAT-QuickHeal - 12.00 20120114
ClamAV - 0.97.3.0 20120114
Commtouch W32/FakeAlert.SC.gen!Eldorado 5.3.2.6 20120114
Comodo TrojWare.Win32.Trojan.Agent.Gen 11266 20120114
DrWeb - 5.0.2.03300 20120114
Emsisoft Trojan.Win32.FakeAlert!IK 5.1.0.11 20120114
eSafe - 7.0.17.0 20120111
eTrust-Vet Win32/FakeAV.BC!generic 37.0.9680 20120113
F-Prot W32/FakeAlert.SC.gen!Eldorado 4.6.5.141 20120113
F-Secure Gen:Variant.Kazy.47338 9.0.16440.0 20120114
Fortinet W32/FakeAV.NO!tr 4.3.388.0 20120114
GData Gen:Variant.Kazy.47338 22 20120114
Ikarus Trojan.Win32.FakeAlert T3.1.1.113.0 20120114
Jiangmin - 13.0.900 20120114
K7AntiVirus Riskware 9.126.5936 20120113
Kaspersky Trojan.Win32.FakeAV.izha 9.0.0.837 20120114
McAfee FakeAlert-Rena.am 5.400.0.1158 20120114
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 2010.1E 20120114
Microsoft Rogue:Win32/FakeRean 1.7903 20120114
NOD32 a variant of Win32/Kryptik.XGJ 6795 20120114
Norman - 6.07.13 20120114
nProtect Gen:Variant.Kazy.47338 2012-01-14.01 20120114
Panda Suspicious file 10.0.3.5 20120114
PCTools Trojan.Gen 8.0.0.5 20120114
Prevx - 3.0 20120114
Rising - 23.92.04.02 20120113
Sophos Mal/FakeAV-NO 4.73.0 20120114
SUPERAntiSpyware - 4.40.0.1006 20120114
Symantec Trojan.Gen 20111.2.0.82 20120114
TheHacker - 6.7.0.1.378 20120113
TrendMicro TROJ_GEN.USA03MO 9.500.0.1008 20120114
TrendMicro-HouseCall TROJ_GEN.USA03MO 9.500.0.1008 20120114
VBA32 Trojan.FakeAV.izfp 3.12.16.4 20120113
VIPRE FraudTool.Win32.FakeRean 11396 20120114
ViRobot - 2012.1.13.4879 20120114
VirusBuster - 14.1.166.0 20120113

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:24 PM

Posted 14 January 2012 - 10:18 AM

Hi,

That's information is enough. Thanks. :)
Please check the rest two files mentioned as well and then proceed with STEP 2.



Regards,
Georgi

cXfZ4wS.png


#9 ellabrow

ellabrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 10:23 AM

Tried to run virustotal on C:\windows\system32\basecsp8.dll & C:\windows\syswow64\basecsp8.dll but it keeps saying I don't have permission to open this file, and to contact admin or file owner.

Should I proceed with the other steps or ??

Thanks,

E

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:24 PM

Posted 14 January 2012 - 10:29 AM

Hi Ella,


Yes, I expected it.
Please proceed with step 2 using the following script instead:

:OTL
FF - prefs.js..extensions.enabledItems: {9F53E5A4-D638-4CFA-8F96-2757096861DC}:1.9.1
FF - prefs.js..extensions.enabledItems: {B31A5444-2CC4-4615-961D-7BF4F3A135CB}:1.9.1
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} [2011/03/02 20:21:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F53E5A4-D638-4CFA-8F96-2757096861DC}: C:\Users\Hale-Bopp\AppData\Local\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ [2010/03/06 18:10:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} [2011/03/02 20:21:14 | 000,000,000 | ---D | M]
[2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\askcom.xml
[2011/05/12 07:33:48 | 000,001,919 | ---- | M] () -- C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\bing-zugo.xml
[2010/03/06 18:10:58 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC}
[2011/03/02 20:21:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [yKwSdghLSjK.exe] C:\ProgramData\yKwSdghLSjK.exe ()
[2012/01/13 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/14 05:36:05 | 000,000,336 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT
[2012/01/14 05:35:37 | 000,359,680 | ---- | M] () -- C:\ProgramData\ba9i2iLt6lNlzT.exe
[2012/01/14 05:32:32 | 000,000,316 | -HS- | M] () -- C:\windows\tasks\YBNZXQQCA.job
[2012/01/13 22:29:20 | 000,000,280 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2
[2012/01/13 22:29:20 | 000,000,176 | ---- | M] () -- C:\ProgramData\~FLd2nxg7lxZOj2r
[2012/01/13 22:27:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\FLd2nxg7lxZOj2
[2012/01/13 16:56:01 | 000,000,456 | ---- | M] () -- C:\ProgramData\69F6lDwaWhigBv
[2012/01/13 16:54:57 | 000,000,280 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBv
[2012/01/13 16:54:57 | 000,000,176 | ---- | M] () -- C:\ProgramData\~69F6lDwaWhigBvr
[2012/01/13 16:54:55 | 000,000,688 | ---- | M] () -- C:\Users\Hale-Bopp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/13 16:54:55 | 000,000,664 | ---- | M] () -- C:\Users\Hale-Bopp\Desktop\System Check.lnk
[2012/01/13 16:52:21 | 000,455,424 | ---- | M] () -- C:\ProgramData\yKwSdghLSjK.exe
[2011/12/06 01:10:49 | 000,013,158 | -HS- | M] () -- C:\ProgramData\l3y7fpd4251
[2011/12/06 01:10:48 | 000,013,158 | -HS- | M] () -- C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251
[2011/07/09 21:21:51 | 000,010,024 | -HS- | C] () -- C:\Users\Hale-Bopp\AppData\Local\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
[2011/07/09 21:21:51 | 000,010,024 | -HS- | C] () -- C:\ProgramData\d4svj0u5o80osheus6rg07w86412t6krx1q7tp
[2011/07/09 20:45:02 | 000,004,416 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Roaming\40D2.298
[2011/04/30 04:11:44 | 000,011,374 | -HS- | C] () -- C:\Users\Hale-Bopp\AppData\Local\0v0y14704x557f7yddg074fb3873
[2011/04/30 04:11:44 | 000,011,374 | -HS- | C] () -- C:\ProgramData\0v0y14704x557f7yddg074fb3873
[2010/08/08 21:03:50 | 000,000,024 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Roaming\bawuho.dat
[2010/03/06 18:10:59 | 000,000,120 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Local\Atetokaradewilul.dat
[2010/03/06 18:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Hale-Bopp\AppData\Local\Bwociqusolet.bin
[2011/12/05 23:16:23 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Users\Hale-Bopp\AppData\Local\lsj.exe
[2011/05/16 01:29:52 | 000,133,120 | RHS- | M] () Unable to obtain MD5 -- C:\windows\system32\basecsp8.dll
[2011/05/16 01:29:52 | 000,133,120 | RHS- | M] () Unable to obtain MD5 -- C:\windows\syswow64\basecsp8.dll
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:010ADD2C
:files
dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B" /c 
dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ufybi" /c 
dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ubafa" /c 
:Commands
[reboot]


Regards,
Georgi

cXfZ4wS.png


#11 ellabrow

ellabrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 10:56 AM

Hey,

Ran the OTL fix. No log was displayed after the reboot, so I ran it again and didn't do the reboot to get the log.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

========== OTL ==========
Prefs.js: {9F53E5A4-D638-4CFA-8F96-2757096861DC}:1.9.1 removed from extensions.enabledItems
Prefs.js: {B31A5444-2CC4-4615-961D-7BF4F3A135CB}:1.9.1 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F53E5A4-D638-4CFA-8F96-2757096861DC}: C:\Users\Hale-Bopp\AppData\Local\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} not found.
File C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\askcom.xml not found.
File C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\bing-zugo.xml not found.
Folder C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ not found.
Folder C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yKwSdghLSjK.exe not found.
File C:\ProgramData\yKwSdghLSjK.exe not found.
Folder C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\ not found.
File C:\ProgramData\ba9i2iLt6lNlzT not found.
File C:\ProgramData\ba9i2iLt6lNlzT.exe not found.
File C:\windows\tasks\YBNZXQQCA.job not found.
File C:\ProgramData\~FLd2nxg7lxZOj2 not found.
File C:\ProgramData\~FLd2nxg7lxZOj2r not found.
File C:\ProgramData\FLd2nxg7lxZOj2 not found.
File C:\ProgramData\69F6lDwaWhigBv not found.
File C:\ProgramData\~69F6lDwaWhigBv not found.
File C:\ProgramData\~69F6lDwaWhigBvr not found.
File C:\Users\Hale-Bopp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File C:\Users\Hale-Bopp\Desktop\System Check.lnk not found.
File C:\ProgramData\yKwSdghLSjK.exe not found.
File C:\ProgramData\l3y7fpd4251 not found.
File C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251 not found.
File C:\Users\Hale-Bopp\AppData\Local\d4svj0u5o80osheus6rg07w86412t6krx1q7tp not found.
File C:\ProgramData\d4svj0u5o80osheus6rg07w86412t6krx1q7tp not found.
File C:\Users\Hale-Bopp\AppData\Roaming\40D2.298 not found.
File C:\Users\Hale-Bopp\AppData\Local\0v0y14704x557f7yddg074fb3873 not found.
File C:\ProgramData\0v0y14704x557f7yddg074fb3873 not found.
File C:\Users\Hale-Bopp\AppData\Roaming\bawuho.dat not found.
File C:\Users\Hale-Bopp\AppData\Local\Atetokaradewilul.dat not found.
File C:\Users\Hale-Bopp\AppData\Local\Bwociqusolet.bin not found.
File C:\Users\Hale-Bopp\AppData\Local\lsj.exe not found.
File C:\windows\system32\basecsp8.dll not found.
File C:\windows\syswow64\basecsp8.dll not found.
Unable to delete ADS C:\ProgramData\TEMP:010ADD2C .
========== FILES ==========
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B
05/16/2011 01:29 AM <DIR> .
05/16/2011 01:29 AM <DIR> ..
03/06/2010 06:07 PM 28,842 enemies-names.txt
04/24/2011 11:16 PM 26,602 local.ini
11/23/2010 10:09 PM 0 pack700mod0.exe
3 File(s) 55,444 bytes
Total Files Listed:
3 File(s) 55,444 bytes
2 Dir(s) 17,024,999,424 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ufybi" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\Ufybi
11/29/2011 05:44 PM <DIR> .
11/29/2011 05:44 PM <DIR> ..
11/29/2011 05:44 PM 1,174 vauro.aro
11/29/2011 05:02 PM 6,002 vauro.aro.0
2 File(s) 7,176 bytes
Total Files Listed:
2 File(s) 7,176 bytes
2 Dir(s) 17,024,999,424 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ubafa" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\Ubafa
12/05/2011 11:22 PM <DIR> .
12/05/2011 11:22 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 17,024,999,424 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_090636

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:24 PM

Posted 14 January 2012 - 11:02 AM

Hi Ella,



Please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
Copy/paste the content of the log back here in your next post.


Regards,
Georgi

cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:24 PM

Posted 14 January 2012 - 11:06 AM

Btw,


If there's more than one log I want to see them all.



Regards,
Georgi

cXfZ4wS.png


#14 ellabrow

ellabrow
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 January 2012 - 11:10 AM

First Log:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

========== OTL ==========
Prefs.js: {9F53E5A4-D638-4CFA-8F96-2757096861DC}:1.9.1 removed from extensions.enabledItems
Prefs.js: {B31A5444-2CC4-4615-961D-7BF4F3A135CB}:1.9.1 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F53E5A4-D638-4CFA-8F96-2757096861DC}: C:\Users\Hale-Bopp\AppData\Local\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} not found.
C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\askcom.xml moved successfully.
C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\bing-zugo.xml moved successfully.
C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\chrome\content folder moved successfully.
C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\chrome folder moved successfully.
C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC} folder moved successfully.
C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}\chrome\content folder moved successfully.
C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}\chrome folder moved successfully.
C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yKwSdghLSjK.exe deleted successfully.
C:\ProgramData\yKwSdghLSjK.exe moved successfully.
C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\ba9i2iLt6lNlzT moved successfully.
C:\ProgramData\ba9i2iLt6lNlzT.exe moved successfully.
C:\Windows\Tasks\YBNZXQQCA.job moved successfully.
C:\ProgramData\~FLd2nxg7lxZOj2 moved successfully.
C:\ProgramData\~FLd2nxg7lxZOj2r moved successfully.
C:\ProgramData\FLd2nxg7lxZOj2 moved successfully.
C:\ProgramData\69F6lDwaWhigBv moved successfully.
C:\ProgramData\~69F6lDwaWhigBv moved successfully.
C:\ProgramData\~69F6lDwaWhigBvr moved successfully.
C:\Users\Hale-Bopp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\Hale-Bopp\Desktop\System Check.lnk moved successfully.
File C:\ProgramData\yKwSdghLSjK.exe not found.
C:\ProgramData\l3y7fpd4251 moved successfully.
C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251 moved successfully.
C:\Users\Hale-Bopp\AppData\Local\d4svj0u5o80osheus6rg07w86412t6krx1q7tp moved successfully.
C:\ProgramData\d4svj0u5o80osheus6rg07w86412t6krx1q7tp moved successfully.
C:\Users\Hale-Bopp\AppData\Roaming\40D2.298 moved successfully.
C:\Users\Hale-Bopp\AppData\Local\0v0y14704x557f7yddg074fb3873 moved successfully.
C:\ProgramData\0v0y14704x557f7yddg074fb3873 moved successfully.
C:\Users\Hale-Bopp\AppData\Roaming\bawuho.dat moved successfully.
C:\Users\Hale-Bopp\AppData\Local\Atetokaradewilul.dat moved successfully.
C:\Users\Hale-Bopp\AppData\Local\Bwociqusolet.bin moved successfully.
C:\Users\Hale-Bopp\AppData\Local\lsj.exe moved successfully.
C:\Windows\SysWOW64\basecsp8.dll moved successfully.
File C:\windows\syswow64\basecsp8.dll not found.
ADS C:\ProgramData\TEMP:010ADD2C deleted successfully.
========== FILES ==========
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B
05/16/2011 01:29 AM <DIR> .
05/16/2011 01:29 AM <DIR> ..
03/06/2010 06:07 PM 28,842 enemies-names.txt
04/24/2011 11:16 PM 26,602 local.ini
11/23/2010 10:09 PM 0 pack700mod0.exe
3 File(s) 55,444 bytes
Total Files Listed:
3 File(s) 55,444 bytes
2 Dir(s) 16,998,862,848 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ufybi" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\Ufybi
11/29/2011 05:44 PM <DIR> .
11/29/2011 05:44 PM <DIR> ..
11/29/2011 05:44 PM 1,174 vauro.aro
11/29/2011 05:02 PM 6,002 vauro.aro.0
2 File(s) 7,176 bytes
Total Files Listed:
2 File(s) 7,176 bytes
2 Dir(s) 16,998,862,848 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ubafa" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\Ubafa
12/05/2011 11:22 PM <DIR> .
12/05/2011 11:22 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 16,998,862,848 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_085612


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Second Log:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

========== OTL ==========
Prefs.js: {9F53E5A4-D638-4CFA-8F96-2757096861DC}:1.9.1 removed from extensions.enabledItems
Prefs.js: {B31A5444-2CC4-4615-961D-7BF4F3A135CB}:1.9.1 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F53E5A4-D638-4CFA-8F96-2757096861DC}: C:\Users\Hale-Bopp\AppData\Local\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}: C:\Users\Hale-Bopp\AppData\Local\{B31A5444-2CC4-4615-961D-7BF4F3A135CB} not found.
File C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\askcom.xml not found.
File C:\Users\Hale-Bopp\AppData\Roaming\Mozilla\Firefox\Profiles\zfc31atr.default\searchplugins\bing-zugo.xml not found.
Folder C:\USERS\HALE-BOPP\APPDATA\LOCAL\{9F53E5A4-D638-4CFA-8F96-2757096861DC}\ not found.
Folder C:\USERS\HALE-BOPP\APPDATA\LOCAL\{B31A5444-2CC4-4615-961D-7BF4F3A135CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yKwSdghLSjK.exe not found.
File C:\ProgramData\yKwSdghLSjK.exe not found.
Folder C:\Users\Hale-Bopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\ not found.
File C:\ProgramData\ba9i2iLt6lNlzT not found.
File C:\ProgramData\ba9i2iLt6lNlzT.exe not found.
File C:\windows\tasks\YBNZXQQCA.job not found.
File C:\ProgramData\~FLd2nxg7lxZOj2 not found.
File C:\ProgramData\~FLd2nxg7lxZOj2r not found.
File C:\ProgramData\FLd2nxg7lxZOj2 not found.
File C:\ProgramData\69F6lDwaWhigBv not found.
File C:\ProgramData\~69F6lDwaWhigBv not found.
File C:\ProgramData\~69F6lDwaWhigBvr not found.
File C:\Users\Hale-Bopp\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File C:\Users\Hale-Bopp\Desktop\System Check.lnk not found.
File C:\ProgramData\yKwSdghLSjK.exe not found.
File C:\ProgramData\l3y7fpd4251 not found.
File C:\Users\Hale-Bopp\AppData\Local\l3y7fpd4251 not found.
File C:\Users\Hale-Bopp\AppData\Local\d4svj0u5o80osheus6rg07w86412t6krx1q7tp not found.
File C:\ProgramData\d4svj0u5o80osheus6rg07w86412t6krx1q7tp not found.
File C:\Users\Hale-Bopp\AppData\Roaming\40D2.298 not found.
File C:\Users\Hale-Bopp\AppData\Local\0v0y14704x557f7yddg074fb3873 not found.
File C:\ProgramData\0v0y14704x557f7yddg074fb3873 not found.
File C:\Users\Hale-Bopp\AppData\Roaming\bawuho.dat not found.
File C:\Users\Hale-Bopp\AppData\Local\Atetokaradewilul.dat not found.
File C:\Users\Hale-Bopp\AppData\Local\Bwociqusolet.bin not found.
File C:\Users\Hale-Bopp\AppData\Local\lsj.exe not found.
File C:\windows\system32\basecsp8.dll not found.
File C:\windows\syswow64\basecsp8.dll not found.
Unable to delete ADS C:\ProgramData\TEMP:010ADD2C .
========== FILES ==========
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B
05/16/2011 01:29 AM <DIR> .
05/16/2011 01:29 AM <DIR> ..
03/06/2010 06:07 PM 28,842 enemies-names.txt
04/24/2011 11:16 PM 26,602 local.ini
11/23/2010 10:09 PM 0 pack700mod0.exe
3 File(s) 55,444 bytes
Total Files Listed:
3 File(s) 55,444 bytes
2 Dir(s) 17,024,999,424 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ufybi" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\Ufybi
11/29/2011 05:44 PM <DIR> .
11/29/2011 05:44 PM <DIR> ..
11/29/2011 05:44 PM 1,174 vauro.aro
11/29/2011 05:02 PM 6,002 vauro.aro.0
2 File(s) 7,176 bytes
Total Files Listed:
2 File(s) 7,176 bytes
2 Dir(s) 17,024,999,424 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Hale-Bopp\AppData\Roaming\Ubafa" /c >
Volume in drive C is TI105322W0F
Volume Serial Number is CC6C-F4D7
Directory of C:\Users\Hale-Bopp\AppData\Roaming\Ubafa
12/05/2011 11:22 PM <DIR> .
12/05/2011 11:22 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 17,024,999,424 bytes free
C:\Users\Hale-Bopp\Desktop\cmd.bat deleted successfully.
C:\Users\Hale-Bopp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_090636

Edited by ellabrow, 14 January 2012 - 11:13 AM.


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:24 PM

Posted 14 January 2012 - 11:23 AM

Noce work. :)


Ok, good. That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

When it is complete I need to know how the computer is doing.


We need to run an OTL Fix


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :files
    C:\Users\Hale-Bopp\AppData\Roaming\DFEAD9BF23CBCDF4B6CB869FF8F73A6B
    C:\Users\Hale-Bopp\AppData\Roaming\Ufybi
    C:\Users\Hale-Bopp\AppData\Roaming\Ubafa
    :Commands
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


Regards,
Georgi

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users