Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Hider OOW


  • This topic is locked This topic is locked
43 replies to this topic

#1 sclossick

sclossick

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 12 April 2012 - 11:43 AM

Hello and I appreciate your help.

MY AVG scans show Trojan Horse Hider.OOW in C:\Windows\Syste32\drivers\dfsc.sys with a result of white listing. Maybe fixing this will stop my Bluetooth link to my keyboard from dropping out every 2 days.

Scan results follow with this caveat: between running the DDS and Attach scans and the follow on GMER scan, my computer rebooted overnight to do an automatic Windows update.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Stephen Clossick at 22:37:16 on 2012-04-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.726 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\InFocus\Projector Manager\Projmgr.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Dell DataSafe Scheduler] "c:\program files\dell datasafe online\bin\DataSafeOnlineScheduler.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Projector Manager] c:\program files\infocus\projector manager\Projmgr.exe -hide
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\efax43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: turbotax.com
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{8A5F623E-1A57-4F77-9FC1-A84DEF6C8376} : DhcpNameServer = 207.69.188.186 207.69.188.187
TCP: Interfaces\{8A854B52-DE75-42EA-90A9-B50F497469DF} : DhcpNameServer = 207.69.188.186 207.69.188.187
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-3-10 73728]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-9-19 87368]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-8-3 179712]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-31 6639616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-3 30192]
S3 IFCUSB;IFCUSB;c:\windows\system32\drivers\IFCUSB.SYS [2009-4-27 17260]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-2-7 11008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-11 07:18:06 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 07:18:06 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 19:28:10 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 07:12:08 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:12:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 07:12:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 07:12:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 07:12:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 07:12:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:59:25 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 18:59:23 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 23:24:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:39:27.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 13 April 2012 - 12:54 AM

Hello sclossick ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:




We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:


Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.



-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.




Regards,
Georgi

cXfZ4wS.png


#3 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 13 April 2012 - 07:55 PM

Georgi,

Thank you for your prompt response and instructions. My download of ComboFix did not happen as I had anticipated, but I got it to run. It did a restart of my computer, and then listed 55 steps that is went through. Then it listed about a dozen files it deleted and a folder it deleted. Then it seemed to get hung up, so I closed it, restarted my computer, and reran ComboFix. It got through the 55 checks and produced the log which is attached. I hope it contains the info you need to further diagnose my malware infection.

Best regards,

Stephen Clossick

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 13 April 2012 - 08:44 PM

Hi Stephen,


Great work.
Combofix got rid of some baddies.



Please carefully follow my next set of steps:



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
    %windir%\temp\*.*
    %windir%\system32\*.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC_32\*.* /S /MD5
    %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
    /md5start
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

cXfZ4wS.png


#5 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 13 April 2012 - 09:30 PM

B-boy,

I am having trouble downloading the Kaspersky tdsskiller.

When I click on your link above, IE9 doesn't take me to the Kaspersky website, but it pops up a smaller question box at the bottom of my browser window asking if I want to run or save it.

The choices are Run, Save, and Cancel. Save has the sub-options of Save, Save as, and Save and Run.

I have been able to save it to my desktop, but when I double click on it I get the warning message: C:\Users/Stephen Clossick\Desktop\tdsskiller.exe The directory name is invalid.

When I try to Run the program I get a warning notice that the directory name is invalid, but this time it is buried in temp internet files.

I thought that AVG 2012 had gone back active and was preventing the proper download, so I temp suspended it again, but still no luck with the Kaspersky file.

Thanks for your help in getting through this roadblock.

Stephen

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 14 April 2012 - 05:15 AM

Hi Stephen,


Can you try again using a different browser like Mozilla ?



Regards,
Georgi

cXfZ4wS.png


#7 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 14 April 2012 - 08:46 AM

Georgi,

I downloaded Mozilla and had better luck downloading the Kaspersky program. Te requested file is attached.

Here is the first of the OTL scans. Apparently my post will be too long to include both in one reply.

OTL logfile created on: 4/14/2012 8:49:29 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Stephen Clossick\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.38% Memory free
4.21 Gb Paging File | 2.77 Gb Available in Paging File | 65.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 57.69 Gb Free Space | 42.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.61 Gb Free Space | 56.07% Space Free | Partition Type: NTFS

Computer Name: SCDELLLAPTOP | User Name: Stephen Clossick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 08:46:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen Clossick\Downloads\OTL.exe
PRC - [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/19 16:58:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/10 15:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 18:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/09/16 22:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/14 23:11:50 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/05/21 01:42:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/05/21 01:42:40 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/05/21 01:42:40 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/21 01:42:40 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/04/16 17:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 13:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/06 13:24:42 | 000,629,248 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GTray.exe
PRC - [2007/03/06 13:21:31 | 000,116,224 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
PRC - [2007/02/20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2001/07/20 10:45:18 | 000,602,195 | ---- | M] (InFocus) -- C:\Program Files\InFocus\Projector Manager\Projmgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/13 00:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 04:43:45 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/17 04:42:01 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/13 03:46:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/08 18:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/06/18 16:34:23 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2007/05/21 01:44:52 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/02/20 14:01:18 | 000,105,184 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/19 16:58:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/08/10 15:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/12 16:40:52 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/14 23:11:50 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 02:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/10/07 08:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/05/21 01:42:38 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2001/05/23 09:55:54 | 000,017,260 | ---- | M] (InFocus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IFCUSB.SYS -- (IFCUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 28 73 5B D8 19 CD 01 [binary data]
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DNUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=vpG5nUYMYHYpD9jdbMYmlTKxI_w?q={searchTerms}
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{AC42DD38-D573-4A08-8D0E-A23BCC3C7531}: "URL" = http://search.avg.com/route/?d=4cb7c291&v=6.10.6.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..network.proxy.no_proxies_on: "*.local,192.168.*.*"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 16:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/14 08:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/14 08:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen Clossick\AppData\Roaming\Mozilla\Extensions
[2012/04/14 08:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/13 20:35:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Projector Manager] C:\Program Files\InFocus\Projector Manager\Projmgr.exe (InFocus)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A5F623E-1A57-4F77-9FC1-A84DEF6C8376}: DhcpNameServer = 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A854B52-DE75-42EA-90A9-B50F497469DF}: DhcpNameServer = 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Waterfall.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Waterfall.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dfsc - Driver
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2012/04/14 08:26:14 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clossick\AppData\Roaming\Mozilla
[2012/04/14 08:26:14 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clossick\AppData\Local\Mozilla
[2012/04/14 08:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/14 08:18:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/13 20:35:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/13 20:15:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/13 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clossick\AppData\Local\temp
[2012/04/13 19:02:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/13 19:02:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/13 19:02:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/13 19:01:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/13 18:46:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/11 22:50:50 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clossick\Desktop\gmer
[2012/04/11 03:25:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/11 03:25:23 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 03:25:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 03:25:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 03:25:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 03:25:21 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 03:18:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/11 03:18:06 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/14 03:12:08 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 03:12:04 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 03:12:04 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 03:12:04 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 03:12:04 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 03:12:04 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/13 14:59:25 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/06 17:39:54 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clossick\Desktop\WTE
[2012/02/23 19:24:23 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/10 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clossick\AppData\Roaming\Roxio
[2012/01/20 20:20:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/20 20:20:20 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/20 20:20:20 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/20 20:20:20 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/20 20:20:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/20 20:20:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/20 20:20:19 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/20 20:20:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/20 20:20:19 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/20 20:20:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/20 20:20:18 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/20 20:20:18 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/20 20:20:18 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/20 20:20:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/20 20:20:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/20 20:20:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/20 20:20:18 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/20 20:20:17 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/20 20:20:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/20 20:20:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/20 20:20:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/20 20:20:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/20 20:20:15 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/20 20:20:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/20 20:20:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/20 20:20:15 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/20 20:20:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/20 20:20:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/20 20:20:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/20 20:20:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/20 20:20:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/20 18:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/20 18:09:33 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clossick\AppData\Roaming\AVG2012
[2012/01/20 18:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

========== Files - Modified Within 90 Days ==========

[2012/04/14 08:48:16 | 000,000,871 | ---- | M] () -- C:\Users\Stephen Clossick\Desktop\OTL - Shortcut.lnk
[2012/04/14 08:44:00 | 094,981,292 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/14 08:38:12 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 08:38:12 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 08:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/14 08:38:01 | 2137,194,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 08:37:08 | 000,002,714 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/04/14 08:26:08 | 000,000,872 | ---- | M] () -- C:\Users\Stephen Clossick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/14 08:26:08 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/13 20:43:18 | 000,663,388 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/13 20:43:18 | 000,127,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/13 20:35:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 20:16:54 | 000,623,747 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/04/12 22:38:32 | 000,783,831 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/11 22:49:47 | 000,294,195 | ---- | M] () -- C:\Users\Stephen Clossick\Desktop\gmer.zip
[2012/04/11 22:12:04 | 000,000,000 | ---- | M] () -- C:\Users\Stephen Clossick\defogger_reenable
[2012/04/08 07:20:15 | 216,641,895 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/29 18:10:17 | 000,000,940 | ---- | M] () -- C:\Users\Stephen Clossick\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/16 19:55:07 | 000,006,324 | ---- | M] () -- C:\Users\Stephen Clossick\AppData\Local\d3d9caps.dat
[2012/03/15 03:29:04 | 000,434,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/06 02:39:00 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/06 02:39:00 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/27 21:18:55 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/27 21:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/27 21:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/27 21:08:15 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/27 21:03:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/27 20:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/23 19:24:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/14 11:45:30 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/02/14 11:45:30 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/02/13 10:12:08 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/02/13 09:47:57 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/02/13 09:44:40 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/02 11:16:25 | 002,044,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/01 16:17:55 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/21 15:44:17 | 000,000,784 | ---- | M] () -- C:\Users\Stephen Clossick\Application Data\Microsoft\Internet Explorer\Quick Launch\Cut the Rope.website
[2012/01/20 20:26:29 | 000,000,945 | ---- | M] () -- C:\Users\Stephen Clossick\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/20 20:20:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/01/20 20:20:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/01/20 20:20:21 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/01/20 20:20:20 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/01/20 20:20:20 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/01/20 20:20:20 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/01/20 20:20:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/01/20 20:20:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/01/20 20:20:19 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/01/20 20:20:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/01/20 20:20:19 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/01/20 20:20:19 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/01/20 20:20:18 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/01/20 20:20:18 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/01/20 20:20:18 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/01/20 20:20:18 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/01/20 20:20:18 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/01/20 20:20:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/20 20:20:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/01/20 20:20:18 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/01/20 20:20:17 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/01/20 20:20:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/01/20 20:20:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/01/20 20:20:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/01/20 20:20:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/01/20 20:20:15 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/01/20 20:20:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/01/20 20:20:15 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/01/20 20:20:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/01/20 20:20:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/01/20 20:20:15 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/01/20 20:20:15 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/01/20 20:20:15 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/01/20 20:20:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/01/20 20:17:12 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/19 16:20:26 | 000,010,094 | ---- | M] () -- C:\Users\Stephen Clossick\Documents\Intuit.pdf

========== Files Created - No Company Name ==========

[2012/04/14 08:48:16 | 000,000,871 | ---- | C] () -- C:\Users\Stephen Clossick\Desktop\OTL - Shortcut.lnk
[2012/04/14 08:26:08 | 000,000,872 | ---- | C] () -- C:\Users\Stephen Clossick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/14 08:26:08 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/14 08:26:08 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/13 19:02:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/13 19:02:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/13 19:02:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/13 19:02:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/13 19:02:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/11 22:49:47 | 000,294,195 | ---- | C] () -- C:\Users\Stephen Clossick\Desktop\gmer.zip
[2012/04/11 22:12:04 | 000,000,000 | ---- | C] () -- C:\Users\Stephen Clossick\defogger_reenable
[2012/03/16 19:56:19 | 2137,194,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/21 15:44:17 | 000,000,784 | ---- | C] () -- C:\Users\Stephen Clossick\Application Data\Microsoft\Internet Explorer\Quick Launch\Cut the Rope.website
[2012/01/20 20:20:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/20 20:17:12 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/20 20:17:11 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/20 18:11:42 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/19 16:20:26 | 000,010,094 | ---- | C] () -- C:\Users\Stephen Clossick\Documents\Intuit.pdf
[2012/01/01 12:18:42 | 000,001,326 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\jiq211je8ego70uj2p441y1gjfyqg5np0qhix
[2012/01/01 12:18:42 | 000,001,326 | -HS- | C] () -- C:\ProgramData\jiq211je8ego70uj2p441y1gjfyqg5np0qhix
[2011/12/29 21:04:42 | 000,000,978 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3
[2011/12/29 21:04:42 | 000,000,978 | -HS- | C] () -- C:\ProgramData\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3
[2011/12/19 15:41:34 | 000,010,188 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\107357r7j173a311h074m2lqw2t2
[2011/12/19 15:41:34 | 000,010,188 | -HS- | C] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
[2011/12/15 16:28:35 | 000,011,350 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\054452l2d078j880h735m5rji6p4
[2011/12/15 16:28:35 | 000,011,350 | -HS- | C] () -- C:\ProgramData\054452l2d078j880h735m5rji6p4
[2011/06/15 18:26:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys

========== LOP Check ==========

[2012/03/28 16:34:11 | 000,000,000 | ---D | M] -- C:\Users\Madigan\AppData\Roaming\AVG2012
[2012/01/20 18:09:33 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clossick\AppData\Roaming\AVG2012
[2012/03/31 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clossick\AppData\Roaming\Canon
[2008/01/13 02:42:26 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clossick\AppData\Roaming\DataSafeOnline
[2008/03/20 20:36:03 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clossick\AppData\Roaming\eFax Messenger
[2007/08/14 23:12:55 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clossick\AppData\Roaming\Leadertech
[2011/12/07 18:24:32 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clossick\AppData\Roaming\motorola
[2012/04/14 08:37:13 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 09:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/04/13 20:45:56 | 000,016,106 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/08/03 22:04:45 | 000,004,976 | RH-- | M] () -- C:\dell.sdr
[2012/04/14 08:38:01 | 2137,194,496 | -HS- | M] () -- C:\hiberfil.sys
[2007/08/19 22:47:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/19 22:47:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/14 08:37:57 | 2450,997,248 | -HS- | M] () -- C:\pagefile.sys
[2011/12/19 16:11:45 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2007/08/03 14:36:38 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2012/04/14 08:36:28 | 000,260,098 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_14.04.2012_08.29.57_log.txt

< %USERPROFILE%\*.* >
[2012/04/11 22:12:04 | 000,000,000 | ---- | M] () -- C:\Users\Stephen Clossick\defogger_reenable
[2009/10/26 14:34:43 | 001,700,258 | ---- | M] () -- C:\Users\Stephen Clossick\Monster Trivia.pptx
[2012/04/14 08:56:50 | 005,242,880 | -HS- | M] () -- C:\Users\Stephen Clossick\ntuser.dat
[2012/04/14 08:56:50 | 000,262,144 | -H-- | M] () -- C:\Users\Stephen Clossick\ntuser.dat.LOG1
[2008/03/10 19:46:16 | 000,262,144 | -H-- | M] () -- C:\Users\Stephen Clossick\ntuser.dat.LOG2
[2012/04/14 08:36:59 | 000,065,536 | -HS- | M] () -- C:\Users\Stephen Clossick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012/04/14 08:36:59 | 000,524,288 | -HS- | M] () -- C:\Users\Stephen Clossick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/08/11 15:05:48 | 000,524,288 | -HS- | M] () -- C:\Users\Stephen Clossick\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/08/11 15:05:48 | 000,000,020 | -HS- | M] () -- C:\Users\Stephen Clossick\ntuser.ini
[2007/08/11 15:27:58 | 000,000,632 | RHS- | M] () -- C:\Users\Stephen Clossick\ntuser.pol

< %USERPROFILE%\AppData\Local\*.* >
[2011/12/15 20:43:09 | 000,011,350 | -HS- | M] () -- C:\Users\Stephen Clossick\AppData\Local\054452l2d078j880h735m5rji6p4
[2011/12/19 15:47:11 | 000,010,188 | -HS- | M] () -- C:\Users\Stephen Clossick\AppData\Local\107357r7j173a311h074m2lqw2t2
[2012/03/16 19:55:07 | 000,006,324 | ---- | M] () -- C:\Users\Stephen Clossick\AppData\Local\d3d9caps.dat
[2010/04/13 19:04:58 | 000,027,136 | ---- | M] () -- C:\Users\Stephen Clossick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/15 17:39:51 | 000,000,104 | ---- | M] () -- C:\Users\Stephen Clossick\AppData\Local\fusioncache.dat
[2011/04/02 12:32:20 | 000,121,424 | ---- | M] () -- C:\Users\Stephen Clossick\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/04/14 08:36:43 | 002,715,353 | -H-- | M] () -- C:\Users\Stephen Clossick\AppData\Local\IconCache.db
[2012/01/01 12:18:42 | 000,001,326 | -HS- | M] () -- C:\Users\Stephen Clossick\AppData\Local\jiq211je8ego70uj2p441y1gjfyqg5np0qhix
[2011/12/29 21:04:42 | 000,000,978 | -HS- | M] () -- C:\Users\Stephen Clossick\AppData\Local\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3

< %USERPROFILE%\AppData\Roaming\*.* >
[2007/08/23 15:01:33 | 000,037,478 | ---- | M] () -- C:\Users\Stephen Clossick\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/27 14:53:49 | 008,270,752 | ---- | M] (Dell, Inc. ) -- C:\Users\Stephen Clossick\AppData\Roaming\DataSafeDotNet.exe

< %ProgramData%\*.* >
[2011/12/15 20:43:09 | 000,011,350 | -HS- | M] () -- C:\ProgramData\054452l2d078j880h735m5rji6p4
[2011/12/19 15:47:11 | 000,010,188 | -HS- | M] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
[2012/01/01 12:18:42 | 000,001,326 | -HS- | M] () -- C:\ProgramData\jiq211je8ego70uj2p441y1gjfyqg5np0qhix
[2011/12/29 21:04:42 | 000,000,978 | -HS- | M] () -- C:\ProgramData\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2009/01/12 15:16:47 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
[2006/11/02 09:02:10 | 000,000,680 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 09:01:48 | 000,000,006 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\desktop.ini
[2007/08/11 14:59:43 | 000,115,312 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >
[6 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp files -> C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*.tmp -> ]

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >
[2010/10/13 02:24:51 | 000,601,932 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log

< %windir%\temp\*.* >
[2012/04/14 08:43:26 | 000,000,506 | ---- | M] () -- C:\Windows\temp\avginfo.id
[2012/04/14 08:37:17 | 000,000,476 | ---- | M] () -- C:\Windows\temp\WERC909.tmp.version.txt
[2012/04/14 08:37:25 | 000,118,980 | ---- | M] () -- C:\Windows\temp\WERC90A.tmp.appcompat.txt

< %windir%\system32\*. >
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2010/05/01 14:14:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2010/05/01 14:12:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\Boot
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\Branding
[2010/05/01 14:14:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\ca-ES
[2012/04/11 03:26:15 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2012/04/12 03:01:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2006/11/02 08:57:28 | 000,000,000 | ---D | M] -- C:\Windows\system32\CodeIntegrity
[2009/01/12 15:04:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2010/10/03 01:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2010/05/02 03:26:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2012/04/14 08:30:04 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2006/11/02 09:03:37 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2011/02/12 18:50:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\DRVSTORE
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2010/05/01 14:14:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2012/01/20 20:22:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2007/08/03 14:21:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-AR
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2007/08/03 14:21:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-MX
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2010/05/01 14:14:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\eu-ES
[2010/05/01 12:31:24 | 000,000,000 | ---D | M] -- C:\Windows\system32\EventProviders
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2007/08/11 15:24:54 | 000,000,000 | -H-D | M] -- C:\Windows\system32\GroupPolicy
[2007/08/11 15:27:58 | 000,000,000 | -H-D | M] -- C:\Windows\system32\GroupPolicyUsers
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/01/12 15:03:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\ias
[2007/08/29 09:05:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2006/11/02 07:18:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2006/11/02 06:33:01 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2006/11/02 08:37:35 | 000,000,000 | ---D | M] -- C:\Windows\system32\licensing
[2007/09/17 18:08:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2008/11/20 17:49:37 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2010/05/01 14:14:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2007/08/03 14:21:41 | 000,000,000 | ---D | M] -- C:\Windows\system32\Microsoft
[2012/04/11 03:43:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2010/05/01 14:14:22 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2006/11/02 09:04:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2006/11/02 08:42:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2010/05/02 03:26:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2007/08/12 12:53:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2006/11/02 07:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\networklist
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2007/08/03 21:55:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\oem
[2010/05/01 14:14:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2006/11/02 08:42:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2007/08/29 09:05:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2006/11/02 07:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\RemInst
[2007/08/03 14:15:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2010/05/02 03:26:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2010/05/01 14:14:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\setup
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2010/05/01 14:14:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\SLUI
[2006/11/02 07:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\SMI
[2006/11/02 08:37:35 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2011/11/23 08:04:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\spool
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/01/12 15:03:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2012/01/20 20:29:22 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2010/05/02 03:26:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2007/08/13 19:07:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\URTTEMP
[2010/05/01 14:14:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\vi-VN
[2012/01/20 20:22:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2006/11/02 08:42:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2012/04/13 20:37:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\WDI
[2006/11/02 09:02:50 | 000,000,000 | ---D | M] -- C:\Windows\system32\wfp
[2011/02/23 19:11:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2006/11/02 07:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\winevt
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2010/05/01 14:14:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\XPSViewer
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2010/05/02 03:26:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/02/29 09:32:37 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fs_rec.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/01/30 12:00:00 | 000,049,152 | ---- | M] (Zenographics, Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\IMFPRINT.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2009/07/01 19:11:46 | 000,310,720 | ---- | M] () MD5=F5E4D57EAB6B3ACEF15458B8F6A3C5C2 -- C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
[2007/08/03 14:41:26 | 000,359,240 | ---- | M] () MD5=4B102495AB2FD3DC7160C34297645EA5 -- C:\Windows\assembly\GAC_32\BCMMSIDCRL.Managed\3.0.0.0__31bf3856ad364e35\BCMMSIDCRL.Managed.dll
[2008/02/13 22:46:16 | 001,049,704 | ---- | M] () MD5=B0AAD8ECDFB531F27ACE7BF6FF71E733 -- C:\Windows\assembly\GAC_32\BCMRes\3.0.0.0__31bf3856ad364e35\BCMRes.dll
[2009/04/11 02:29:29 | 000,144,384 | ---- | M] () MD5=F2DED1ED348E6C2397A14BCAB7E3CD7D -- C:\Windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll
[2009/07/01 19:11:46 | 001,035,200 | ---- | M] () MD5=90F360F04D4794F153C5C5333559C668 -- C:\Windows\assembly\GAC_32\BusinessLayer\3.0.0.0__31bf3856ad364e35\BusinessLayer.dll
[2009/03/30 00:42:11 | 000,069,120 | ---- | M] () MD5=8607A3AE9C287A8E3CDF6E410A1426A7 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2007/08/03 14:41:04 | 000,014,184 | ---- | M] () MD5=64D19E43302D6DF4DA57CEA14411E3C4 -- C:\Windows\assembly\GAC_32\ILoader\2.0.5201.0__31bf3856ad364e35\ILoader.dll
[2009/07/01 19:11:47 | 000,130,000 | ---- | M] () MD5=F2FEE90153B8606906AC992E9780A528 -- C:\Windows\assembly\GAC_32\Iris.Mapi.MessageStore\3.0.0.0__31bf3856ad364e35\Iris.Mapi.MessageStore.dll
[2009/03/30 00:42:12 | 000,072,192 | ---- | M] () MD5=92DB3D1348F73D25CA503205AEBEE73E -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2007/08/03 14:41:04 | 000,047,976 | ---- | M] () MD5=12C7EEF573CC09B64E26A8688EC11C01 -- C:\Windows\assembly\GAC_32\Loader\2.0.5201.0__31bf3856ad364e35\Loader.dll
[2009/04/11 02:31:12 | 000,079,872 | ---- | M] () MD5=A74F40FE3781A88D2B1F6CAA758EF0B2 -- C:\Windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll
[2009/04/11 02:31:12 | 000,141,312 | ---- | M] () MD5=38B2955792561C5A1E1E712551BD7ACC -- C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
[2009/04/11 02:31:12 | 000,106,496 | ---- | M] () MD5=546CD69B747D7ACB84FBE4FB8603EE68 -- C:\Windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2008/02/13 22:46:17 | 000,140,392 | ---- | M] () MD5=424BF573953299227B019A10F206368F -- C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.DataSync\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.DataSync.dll
[2007/08/03 14:41:26 | 000,053,064 | ---- | M] () MD5=32A82BF4817C1CA0F7DCEF6124FBF90B -- C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.ISVDeployment.MAPIProperties\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.ISVDeployment.MAPIProperties.dll
[2009/07/01 19:11:46 | 002,440,144 | ---- | M] () MD5=B71FD14C41BFC1913997A5669046988F -- C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.dll
[2007/12/13 21:06:58 | 000,496,744 | ---- | M] () MD5=A358CF8A7932E566FDE85C0A2F72BBD4 -- C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ImportExportUI\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ImportExportUI.dll
[2009/07/01 19:11:47 | 000,981,968 | ---- | M] () MD5=AA92DCA3CF771D33E922CFCDE2DE668E -- C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.dll
[2009/07/01 19:11:47 | 001,661,888 | ---- | M] () MD5=1FB2D8DEEFB5339DC289CE336CC6A958 -- C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.Reports2\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.Reports2.dll
[2007/08/03 14:41:27 | 000,052,040 | ---- | M] () MD5=E761141C173736EB6D4552F980726A7E -- C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.SBAReportAddin\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.SBAReportAddin.dll
[2009/04/11 02:31:17 | 000,507,904 | ---- | M] () MD5=F20BA0C9DCD43D7A1E8586D5919AA5E1 -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2007/12/13 21:07:18 | 000,591,976 | ---- | M] () MD5=2DB7AA2C65AE3512848D2C75526BF543 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
[2007/12/13 21:07:22 | 000,070,760 | ---- | M] () MD5=2BC304C0CAE89E121D917D18A261D4AB -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Interfaces\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Interfaces.dll
[2007/08/03 14:41:27 | 000,086,856 | ---- | M] () MD5=43AD689220418F93521A168D4D0FC2E2 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.PropTags\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.PropTags.dll
[2006/11/02 05:47:01 | 000,077,824 | ---- | M] () MD5=7AAFBF522A988D2A093A4CEFBE5633FE -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2007/12/13 21:06:53 | 000,132,200 | ---- | M] () MD5=B2E5A8315EF9DBD5BB44BADBAABCDB61 -- C:\Windows\assembly\GAC_32\Microsoft.Iris.ImportExport\3.0.0.0__31bf3856ad364e35\Microsoft.Iris.ImportExport.dll
[2007/08/03 14:41:26 | 000,121,672 | ---- | M] () MD5=6D09B88D19B0BD4615DAF5D9CF636262 -- C:\Windows\assembly\GAC_32\Microsoft.Iris.ImportExportDataAccess\3.0.0.0__31bf3856ad364e35\Microsoft.Iris.ImportExportDataAccess.dll
[2011/04/06 03:06:27 | 000,359,776 | ---- | M] () MD5=365EF7CBD48B9BA2403B9B8B19484926 -- C:\Windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
[2011/04/06 03:06:28 | 000,074,592 | ---- | M] () MD5=8815248E91B647C83C18988637442C77 -- C:\Windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
[2009/02/18 14:38:42 | 000,163,840 | ---- | M] () MD5=C2F066D62ADF52D9EEED2E721AC6C101 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2006/09/18 17:32:28 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2006/09/18 17:32:28 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2006/09/18 17:32:39 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2011/07/08 07:53:06 | 004,550,656 | ---- | M] () MD5=E9EE2B2F1EB50E9D7B9CEEC5F3F4D303 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2006/09/18 17:32:52 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2006/09/18 17:32:52 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2006/09/18 17:32:52 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2006/09/18 17:32:52 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2006/09/18 17:32:52 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2006/09/18 17:32:52 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2006/09/18 17:32:52 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2006/09/18 17:32:53 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2006/09/18 17:32:53 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2006/09/18 17:33:03 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2008/01/19 03:38:44 | 000,046,080 | ---- | M] () MD5=18A24D038910FB55AC04EDC30B95BEC3 -- C:\Windows\assembly\GAC_32\napcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2008/01/19 03:38:45 | 000,103,936 | ---- | M] () MD5=B621CEA9D376BB8E85D6F65807068281 -- C:\Windows\assembly\GAC_32\naphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2006/11/02 08:35:24 | 000,000,446 | ---- | M] () MD5=41D1BF747E31A9FE5B313795C341ED17 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2006/11/02 08:35:24 | 000,005,632 | ---- | M] () MD5=F5941E3CF5909022C3AD6AC4D2804669 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2006/09/18 17:34:47 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2006/11/02 05:47:07 | 000,005,632 | ---- | M] () MD5=F516E8DFA7E2538E03B383635840F698 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2006/09/18 17:34:47 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2006/11/02 05:47:07 | 000,005,632 | ---- | M] () MD5=25BFE1285DED18CB7F5BFF465795E056 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2006/11/02 08:35:24 | 000,000,446 | ---- | M] () MD5=41D1BF747E31A9FE5B313795C341ED17 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2006/11/02 08:35:24 | 000,005,632 | ---- | M] () MD5=C057BC981DF01192671FDFDCCC200241 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2010/04/05 08:19:06 | 004,214,784 | ---- | M] () MD5=2A4CF3BE9DE790B458FD03F2F58C9411 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2008/06/16 18:23:02 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2009/02/18 14:39:20 | 001,737,064 | ---- | M] () MD5=2375A14D4F181E0535C5C32FB4C55F26 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2007/08/03 14:41:27 | 000,281,416 | ---- | M] () MD5=54BB9404FE4AD35BB985EC9BCE6501F6 -- C:\Windows\assembly\GAC_32\SBAIAPIV2\2.0.5201.0__31bf3856ad364e35\SBAIAPIV2.dll
[2007/08/03 14:41:27 | 000,052,040 | ---- | M] () MD5=EAF9FD7A4D76C36FD2D31D339B0F41FB -- C:\Windows\assembly\GAC_32\SBAIREPORTING\2.0.5201.0__31bf3856ad364e35\SBAIREPORTING.dll
[2009/03/30 00:42:17 | 000,486,400 | ---- | M] () MD5=8571264244AB71C45DDDD5091FA79EB0 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2009/03/30 00:42:17 | 002,933,760 | ---- | M] () MD5=506B6592BF6116521F152DCCB39A6143 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2009/03/30 00:42:18 | 000,258,048 | ---- | M] () MD5=70891F0ED183AC39BE4C5E43666A35C7 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2009/04/10 22:04:15 | 000,113,664 | ---- | M] () MD5=296AACAE51A6995D2016C2C3E4774D81 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2009/02/18 14:39:19 | 000,368,640 | ---- | M] () MD5=D538EFF8D1C41E096CAF22C65F60BDA7 -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/03/30 00:42:19 | 000,261,632 | ---- | M] () MD5=B74BB4FA1CB68892CAF2E3A586A55E23 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/26 22:51:23 | 005,251,072 | ---- | M] () MD5=5D9C765B672099500041A4C5A9F73CA1 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >
[2009/03/30 00:42:10 | 000,010,752 | ---- | M] () MD5=ACB73BA568833B37E6E9353A87142BC0 -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
[2009/03/30 00:42:10 | 000,507,904 | ---- | M] () MD5=542AF30A979E29FF4F0FDFBD967962DB -- C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
[2009/02/18 14:38:41 | 000,166,752 | ---- | M] () MD5=13BFBE3C2A052DAB88F6096678ED5F33 -- C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
[2009/03/30 00:42:11 | 000,013,312 | ---- | M] () MD5=496C9F9FC93B297963A5341669A75177 -- C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
[2009/03/30 00:42:12 | 000,005,120 | ---- | M] () MD5=69A441197A71751AEF2EE0FD4DD95B18 -- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
[2006/11/02 08:35:34 | 000,090,112 | ---- | M] () MD5=31A526F5CADD9D5DFDE190900CE197CE -- C:\Windows\assembly\GAC_MSIL\ehCIR\6.0.6000.0__31bf3856ad364e35\ehCIR.dll
[2010/04/14 16:41:44 | 000,839,680 | ---- | M] () MD5=A1549AB3B9A3A97B4DF5E82389EC177A -- C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
[2008/01/19 03:38:16 | 000,139,264 | ---- | M] () MD5=8B0E68E2F90A0028E8C57F6497A1F922 -- C:\Windows\assembly\GAC_MSIL\ehepgdat\6.0.6000.0__31bf3856ad364e35\ehepgdat.dll
[2006/11/02 08:35:34 | 000,014,848 | ---- | M] () MD5=C042860FFA3F44FFA9A8F46950E8FC9C -- C:\Windows\assembly\GAC_MSIL\ehExtCOM\6.0.6000.0__31bf3856ad364e35\ehExtCOM.dll
[2009/04/11 02:30:19 | 000,131,072 | ---- | M] () MD5=63AB8E496AF20989A875CEACEA0CB7A2 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
[2007/11/17 04:03:21 | 000,000,806 | ---- | M] () MD5=979AEA9B1B55F27F5F1D6D501EE96172 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe.config
[2006/11/02 08:35:28 | 000,008,192 | ---- | M] () MD5=E448B1E3A106D7F4B88867091EB94712 -- C:\Windows\assembly\GAC_MSIL\ehiExtCOM\6.0.6000.0__31bf3856ad364e35\ehiExtCOM.dll
[2006/11/02 08:35:28 | 000,077,824 | ---- | M] () MD5=74FAA1DECFCD8A29A7D99A557F1A8E93 -- C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
[2006/11/02 08:35:29 | 000,208,896 | ---- | M] () MD5=7BD7533A6A3FDF3058FDA460890843ED -- C:\Windows\assembly\GAC_MSIL\ehiPlay\6.0.6000.0__31bf3856ad364e35\ehiPlay.dll
[2008/01/19 03:38:18 | 000,401,408 | ---- | M] () MD5=615350179F84AFCB598370EC89486CB7 -- C:\Windows\assembly\GAC_MSIL\ehiProxy\6.0.6000.0__31bf3856ad364e35\ehiProxy.dll
[2008/01/19 03:38:18 | 000,019,456 | ---- | M] () MD5=2C62E50AA084C3D2F07D9C2F655DB56B -- C:\Windows\assembly\GAC_MSIL\ehiReplay\6.0.6000.0__31bf3856ad364e35\ehiReplay.dll
[2006/11/02 08:35:34 | 000,018,944 | ---- | M] () MD5=F6F04579325F5D75E9C648E1095C7D7C -- C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.0.6000.0__31bf3856ad364e35\ehiUserXp.dll
[2008/01/19 03:38:19 | 000,307,200 | ---- | M] () MD5=52018EA8BDDFCE380ED7627D57806370 -- C:\Windows\assembly\GAC_MSIL\ehiVidCtl\6.0.6000.0__31bf3856ad364e35\ehiVidCtl.dll
[2008/01/19 03:38:19 | 000,143,360 | ---- | M] () MD5=6B8EBA0553A23B12B27AEF89BE1F88BC -- C:\Windows\assembly\GAC_MSIL\ehiwmp\6.0.6000.0__31bf3856ad364e35\ehiwmp.dll
[2006/11/02 08:35:29 | 000,049,152 | ---- | M] () MD5=E14DB9587B7EFF1CA566AA7926E5D050 -- C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.0.6000.0__31bf3856ad364e35\ehiWUapi.dll
[2010/04/14 16:42:14 | 000,532,480 | ---- | M] () MD5=2062FABCC7D3DD90BD4EAA1F314551B0 -- C:\Windows\assembly\GAC_MSIL\ehRecObj\6.0.6000.0__31bf3856ad364e35\ehRecObj.dll
[2010/04/14 16:42:21 | 004,059,136 | ---- | M] () MD5=4FA7251123A1E7EB0432B5CC5A56C0A9 -- C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
[2009/04/11 02:38:06 | 000,008,192 | ---- | M] () MD5=EEE2E9126E9AE6044DAEC9739EC27925 -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_en_31bf3856ad364e35\EventViewer.resources.dll
[2008/01/19 03:38:21 | 000,364,544 | ---- | M] () MD5=0D5AC2B7BB1C83383805BF8310B45542 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
[2009/03/30 00:42:12 | 000,008,192 | ---- | M] () MD5=C1153992185AB32C7E80526AD180E918 -- C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
[2009/03/30 00:42:12 | 000,077,824 | ---- | M] () MD5=71AD860B59DDD84B9EF9D815A47EC2CF -- C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
[2009/03/30 00:42:12 | 000,006,656 | ---- | M] () MD5=F6572BFD87FD71CECD33E2BBD885C288 -- C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
[2006/11/02 08:35:34 | 000,118,784 | ---- | M] () MD5=9F60059AE9ED630DD317168AF9327127 -- C:\Windows\assembly\GAC_MSIL\loadmxf\6.0.6000.0__31bf3856ad364e35\loadmxf.exe
[2010/04/14 16:42:56 | 000,188,416 | ---- | M] () MD5=84B58B512CA8CB2A8FCD0176AF9F08E2 -- C:\Windows\assembly\GAC_MSIL\mcstore\6.0.6000.0__31bf3856ad364e35\mcstore.dll
[2011/04/06 03:06:31 | 000,542,560 | ---- | M] () MD5=9A7625CCDBAF9E4428F8F3C4862504A5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
[2011/04/06 03:06:27 | 000,137,056 | ---- | M] () MD5=9FF937EBBC03BC1FDDBBB1490D336BC5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
[2011/04/06 03:06:27 | 001,214,304 | ---- | M] () MD5=F71FAA5BF8F48333C67601B793435194 -- C:\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
[2009/10/12 17:59:59 | 000,007,168 | ---- | M] () MD5=EBD42BC4FABE46581048D1B596A6D983 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
[2009/10/09 17:57:42 | 000,057,344 | ---- | M] () MD5=2F7FE3A781BA8C0A67C775F20E3E9F70 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
[2009/07/01 18:57:40 | 000,106,496 | ---- | M] () MD5=29CED3B606BA7E2B49E52931C5CB53B7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
[2009/03/30 00:42:12 | 000,389,120 | ---- | M] () MD5=7F575F51A478652183E22457003625A1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2009/07/01 18:57:40 | 000,733,184 | ---- | M] () MD5=31C6E94759BF4D2FBE3239FFA717967D -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2009/03/30 00:42:12 | 000,036,864 | ---- | M] () MD5=BE7309BD55E20791F004BF13AC296441 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2009/07/01 18:57:40 | 000,036,864 | ---- | M] () MD5=17C6F3F73858732DE59D6D957958E9AF -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2009/07/01 18:57:41 | 000,802,816 | ---- | M] () MD5=37F17D4698086C90127BBD90E73D7FE2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
[2009/03/30 00:42:13 | 000,655,360 | ---- | M] () MD5=CD044E0BA510BE6BF4227DBD0FADB284 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
[2009/07/01 18:57:41 | 000,094,208 | ---- | M] () MD5=E32A06F647517D0DEA80F29B459E8FA2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
[2009/03/30 00:42:13 | 000,077,824 | ---- | M] () MD5=CCB04FEBDF4FCB7F0EB72B8EB1F4DA3C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
[2011/04/06 03:06:27 | 000,034,656 | ---- | M] () MD5=43B4CA0474CDDED16B020F050A07D368 -- C:\Windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
[2007/08/03 14:41:26 | 000,052,040 | ---- | M] () MD5=E5B0F10BE3820248F23EEA9490F56BB3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.eCRM.AxSHDocVw\1.1.0.3__31bf3856ad364e35\Microsoft.eCRM.AxShDocVw.dll
[2007/12/13 21:07:25 | 000,218,216 | ---- | M] () MD5=70A3B77CA3DA57212168C1683209E14F -- C:\Windows\assembly\GAC_MSIL\Microsoft.eCRM.Office\2.3.0.0__31bf3856ad364e35\Microsoft.eCRM.Office.dll
[2006/11/02 08:41:30 | 000,036,864 | ---- | M] () MD5=4A76BB7B006119113336BAB8102DF9DC -- C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.0.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll
[2007/12/13 21:06:49 | 001,102,952 | ---- | M] () MD5=1FBD3BC2A93A571AD804A08A8D636568 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.Excel\1.5.0.0__31bf3856ad364e35\Microsoft.Interop.eCRM.Excel.dll
[2007/08/03 14:41:27 | 000,240,456 | ---- | M] () MD5=D92E4423719668171337F6D0B2C9F355 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.MSComCtl\2.0.0.3__31bf3856ad364e35\Microsoft.Interop.eCRM.mscomctl.dll
[2007/08/03 14:41:27 | 000,379,720 | ---- | M] () MD5=9CD121E38203B915D2DCBFDA416459B7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.msforms\2.0.0.3__31bf3856ad364e35\Microsoft.Interop.eCRM.MSForms.dll
[2007/08/03 14:41:27 | 000,031,560 | ---- | M] () MD5=4188ED3E403F8629D11FCA8BB54A9DF4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.NetFw\1.0.0.3__31bf3856ad364e35\Microsoft.Interop.eCRM.NetFw.dll
[2007/08/03 14:41:27 | 000,026,952 | ---- | M] () MD5=231B39948E57F600C413A53924D4AD0C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.Ole\1.0.0.3__31bf3856ad364e35\Microsoft.Interop.eCRM.Ole.dll
[2007/12/13 21:07:31 | 000,214,120 | ---- | M] () MD5=449A635DE59E5A0D67983ED1E627B4FD -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.Publisher\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.eCRM.Publisher.dll
[2007/08/03 14:41:27 | 000,138,056 | ---- | M] () MD5=F1D3A4ABC95DFD269400D164A05D6865 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.SHDocVw\1.1.0.3__31bf3856ad364e35\Microsoft.Interop.eCRM.ShDocVw.dll
[2007/12/13 21:07:32 | 000,668,776 | ---- | M] () MD5=7BF3B701C98F3304661D4223FE8D474F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Interop.eCRM.Word\8.3.0.0__31bf3856ad364e35\Microsoft.Interop.eCRM.Word.dll
[2009/03/30 00:42:13 | 000,749,568 | ---- | M] () MD5=2CA359B0B0A393356326E2BF2DD23CD3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
[2006/11/02 08:40:56 | 000,016,384 | ---- | M] () MD5=0C0D4EC0B0D68AEAAB69B1BFD3674623 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
[2009/04/11 02:31:19 | 000,188,416 | ---- | M] () MD5=299666FC81663CA52C7B45BADF574185 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
[2010/04/14 16:43:18 | 001,249,280 | ---- | M] () MD5=E42E1CDDF02A6F811E8AC02E6B53709C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
[2008/01/19 03:38:36 | 000,167,936 | ---- | M] () MD5=302C0EE6AD74B5F4E57AF3ADFF26E85C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
[2010/04/14 16:43:21 | 001,970,176 | ---- | M] () MD5=C47EE1D3E1D05F31396A2D442D76103E -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
[2010/04/14 16:43:15 | 000,212,992 | ---- | M] () MD5=CFC7E5F79AD1A78D9CD5E54F5428CA36 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
[2011/04/06 03:04:58 | 000,132,960 | ---- | M] () MD5=DC19515BD085C765ED8B4A4BB69A685E -- C:\Windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
[2009/10/12 17:59:59 | 000,010,752 | ---- | M] () MD5=A17990F1176512F09130AE223450F55B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
[2009/10/09 17:57:43 | 000,102,400 | ---- | M] () MD5=08E87E8ABF7B41B28663DCE817CE0AB6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
[2009/10/12 17:59:59 | 000,036,864 | ---- | M] () MD5=2810A7BB550F2AEF36BFDF541EB54699 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
[2009/10/09 17:57:44 | 000,262,144 | ---- | M] () MD5=F3AC3F844F90380AAB2B4C0836C4288F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
[2009/10/12 17:59:59 | 000,049,152 | ---- | M] () MD5=1252EA0CBD3CDE552CF51ED64A5C2F6C -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
[2009/10/09 17:57:43 | 000,618,496 | ---- | M] () MD5=DFEB401CC051E5DA721C584FF6A90F88 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
[2009/10/12 17:59:59 | 000,040,960 | ---- | M] () MD5=133C5AB7B6B594653A22EDBA47CC3554 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
[2009/10/09 17:57:43 | 000,200,704 | ---- | M] () MD5=3991B7FA452A9C9C291C06365A236792 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
[2009/10/12 17:59:59 | 000,069,632 | ---- | M] () MD5=26310BBFA225DE8AA12922D094501395 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
[2009/10/09 17:57:44 | 000,991,232 | ---- | M] () MD5=208FA9D0EBE2CEB9616042772E96598E -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
[2009/10/12 17:59:59 | 000,040,960 | ---- | M] () MD5=2B1BB987AED8D47ABD2785619CEF00D6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
[2009/10/09 17:57:43 | 000,651,264 | ---- | M] () MD5=D4EEFCCDC3DE6CED901535FA4153C491 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
[2009/10/12 17:59:59 | 000,016,896 | ---- | M] () MD5=2E231551F33CB83001A72CE77889092F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
[2009/10/09 17:57:43 | 000,278,528 | ---- | M] () MD5=3EAB4DBDC290EDC4D53FE77F1FDB9E59 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
[2009/10/12 17:59:59 | 000,009,216 | ---- | M] () MD5=4421D5EC8EA7DB5C5AEA1535BC40FB9A -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
[2009/10/09 17:57:44 | 000,069,632 | ---- | M] () MD5=53A9D748EF09920A0D06DA2583C298AD -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
[2011/04/06 03:06:26 | 000,153,440 | ---- | M] () MD5=CACCF284C13BBD35052947C3A114B0C7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
[2011/04/06 03:04:59 | 000,042,848 | ---- | M] () MD5=9E4FA3A20F2DE77CCAB6A8EFA7D287F5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
[2011/04/06 03:04:59 | 000,198,496 | ---- | M] () MD5=575855B6A47777F788AD39F8FA93CEF8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
[2007/08/03 14:39:45 | 000,016,600 | ---- | M] () MD5=735A502E1F6BBFE11D4CC09DD18ED321 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.Instapi\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.InstApi.dll
[2011/04/06 03:06:27 | 000,067,424 | ---- | M] () MD5=6D8D726CE2ABD1885566CA90623F7A23 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
[2011/04/06 03:06:28 | 000,554,848 | ---- | M] () MD5=F1F94C4355A27D49DA674B92AAD920F2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
[2011/04/06 03:06:27 | 000,038,752 | ---- | M] () MD5=5E651390EF1BB842DDEBA206401DBD2E -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
[2007/08/03 14:39:07 | 000,289,496 | ---- | M] () MD5=FA7255A4256C6A3C5331FDE3793E080F -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll
[2011/04/06 03:06:25 | 001,603,424 | ---- | M] () MD5=FE4E17F9D35306D494DD43F7B4243084 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
[2011/04/06 03:06:25 | 000,218,976 | ---- | M] () MD5=2FC9BB59E07E492E3C95F94E66EDBA36 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
[2011/04/06 03:06:26 | 000,919,392 | ---- | M] () MD5=3A9BF9F2B30AC4F73FCFAA61B6A9E232 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
[2007/08/03 14:39:45 | 000,043,736 | ---- | M] () MD5=BE2492D92C4FC10105472AE195E02C57 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlTDiagM\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlTDiagM.dll
[2007/08/03 14:39:45 | 000,020,184 | ---- | M] () MD5=1317C4E0EEBA05F82FD9767EBFA5DD17 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.SString\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SString.dll
[2011/04/06 03:04:59 | 000,591,712 | ---- | M] () MD5=7EBA82E9FD96B5E8E9F3894500FE4D42 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
[2011/04/06 03:06:26 | 000,042,848 | ---- | M] () MD5=A24A67B53B7CE04449E82ADADFED1584 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
[2008/01/19 03:49:03 | 000,069,632 | ---- | M] () MD5=691FF909C75247767DE9B84606777853 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.0.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll
[2006/11/02 05:47:02 | 000,200,704 | ---- | M] () MD5=635178CDD551FACB59A7F016BDB7F37E -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.0.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
[2009/02/18 14:38:42 | 000,397,312 | ---- | M] () MD5=35B6FD44455ABE68A6FC0438CFDE17AD -- C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
[2009/03/30 00:42:13 | 000,110,592 | ---- | M] () MD5=C0756C92AA38764C7A2988FCFFBC9E67 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
[2009/03/30 00:42:13 | 000,372,736 | ---- | M] () MD5=D18070925B10AAA4D990550E3F6214A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
[2009/03/30 00:42:13 | 000,028,672 | ---- | M] () MD5=5DAA435A97B97C28750DD5E67461DDCA -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
[2009/03/30 00:42:13 | 000,659,456 | ---- | M] () MD5=5D8C1295B5981B51892F93C9B3988D9F -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
[2009/07/01 18:57:40 | 000,041,984 | ---- | M] () MD5=9F065BF574C956B85DB355C32E7E995E -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
[2008/07/27 14:03:12 | 000,005,632 | ---- | M] () MD5=7E50D25F9A5BC75F22CA7AEB52176CA2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
[2009/03/30 00:42:13 | 000,012,800 | ---- | M] () MD5=1F72577DDFB6BC3DA9F01CEC2A68609B -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
[2009/03/30 00:42:13 | 000,032,768 | ---- | M] () MD5=8A674487880E45E54A83CF40989F7FAB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
[2009/10/12 17:59:59 | 000,013,824 | ---- | M] () MD5=92F9D3F7EAA19A52A14D6CCE65E9B7E9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
[2009/10/09 17:57:43 | 000,274,432 | ---- | M] () MD5=1A4E900C2FE3CD31D10107670D184FE6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
[2009/10/09 17:57:43 | 000,007,168 | ---- | M] () MD5=F7DA27672D2E4C21A1F996EE31DE0DBF -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
[2008/07/27 14:03:12 | 000,007,168 | ---- | M] () MD5=9659028AFA77387D6D2BF4280C10AB94 -- C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
[2008/01/19 03:49:05 | 001,499,136 | ---- | M] () MD5=ED0EC258B984979B8C5F4B3552051750 -- C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll
[2009/04/11 02:31:25 | 003,375,104 | ---- | M] () MD5=5DE7E95F52DDC2D1548709F7C6EE0ECA -- C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
[2006/11/02 08:40:50 | 000,036,864 | ---- | M] () MD5=8EC963741AB0CA1B2016B02091CF494B -- C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll
[2009/04/11 02:31:25 | 000,417,792 | ---- | M] () MD5=E5B45B5D3E4F58F04945617528CD6E2B -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
[2008/01/19 03:49:05 | 000,004,096 | ---- | M] () MD5=462A8A43D0E2EFE031964D3D096B2741 -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll
[2009/04/11 02:31:26 | 000,110,592 | ---- | M] () MD5=61CABB114FA0E877173E4263FAEAC71C -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
[2007/08/03 14:39:45 | 000,084,696 | ---- | M] () MD5=67725D9F391E53FCF358241D831FD000 -- C:\Windows\assembly\GAC_MSIL\MSClusterLib\1.0.0.0__89845dcd8080cc91\MSClusterLib.dll
[2006/11/02 08:41:24 | 000,040,960 | ---- | M] () MD5=57F16BA5DEA0C8D8F8A32457909B97DB -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_en_31bf3856ad364e35\napinit.Resources.dll
[2008/01/19 03:38:45 | 000,065,536 | ---- | M] () MD5=DB480950449461485B2748A35FD584BD -- C:\Windows\assembly\GAC_MSIL\napinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
[2009/04/11 02:38:24 | 000,245,760 | ---- | M] () MD5=CC0BF237BDEA84A252B8AC7731B83109 -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_en_31bf3856ad364e35\napsnap.resources.dll
[2008/01/19 03:38:45 | 000,458,752 | ---- | M] () MD5=E23E798E853A609BABBFD45AF89FE91C -- C:\Windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
[2006/11/02 05:47:04 | 000,991,232 | ---- | M] () MD5=27BB54357A51594D9F9B6257B5B9A879 -- C:\Windows\assembly\GAC_MSIL\Narrator\6.0.0.0__31bf3856ad364e35\Narrator.exe
[2009/02/18 14:39:17 | 000,598,016 | ---- | M] () MD5=D8EC761B23A596323DA009E0EF0B582F -- C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
[2009/02/18 14:39:20 | 000,032,768 | ---- | M] () MD5=3E846BA45F45A299A3B696888D456923 -- C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
[2009/02/18 14:39:20 | 000,043,904 | ---- | M] () MD5=C7FBDD1ED42F82BFA35167A5C9803EA3 -- C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2009/02/18 14:39:17 | 000,196,608 | ---- | M] () MD5=BB0E998A7AED7F35692803D12F33E797 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
[2009/02/18 14:39:17 | 000,139,264 | ---- | M] () MD5=5528A1B5FE430C6D24E828B817EA9A20 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
[2009/02/18 14:39:18 | 000,397,312 | ---- | M] () MD5=2069A8DB4193E3CC0A4F36AAC88C56BF -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
[2009/02/18 14:39:18 | 000,163,840 | ---- | M] () MD5=4FA5837FB5965DF1794F039AA028F174 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
[2010/04/05 08:19:18 | 005,279,744 | ---- | M] () MD5=641A5197EE4BB6BA548A63D8A5813372 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
[2009/02/18 14:39:20 | 000,864,256 | ---- | M] () MD5=655ADE9C73C583D9A2E49C591D11D48D -- C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
[2009/02/18 14:39:18 | 000,532,480 | ---- | M] () MD5=970C4FB75281B4C0824B7CA0681F6659 -- C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
[2009/07/01 18:57:41 | 000,005,632 | ---- | M] () MD5=807B70A78ACE7D01F769FE502A769E67 -- C:\Windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
[2009/02/18 14:38:42 | 000,154,472 | ---- | M] () MD5=33D9E0FA6F1AC7AA97D2BE68B3B97DEB -- C:\Windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
[2010/04/12 08:21:14 | 000,110,592 | ---- | M] () MD5=547198A24E5A4BCAE8093344A30B9B4A -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
[2009/02/18 14:38:43 | 000,129,880 | ---- | M] () MD5=D6C4E4A39A36029AC0813D476FBD0248 -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
[2006/11/02 08:35:33 | 000,086,016 | ---- | M] () MD5=D319894DBBDA22F7C6CEAD03C4E4E608 -- C:\Windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.0.6000.0__31bf3856ad364e35\SonicMCEBurnEngine.dll
[2009/03/30 00:42:17 | 000,110,592 | ---- | M] () MD5=B743A255DCC0A728A6F5C3FC0B3AD54B -- C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
[2009/07/01 18:57:43 | 000,045,056 | ---- | M] () MD5=B34B75256D536385B927193FB1DCBB81 -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
[2009/07/01 18:57:44 | 000,163,840 | ---- | M] () MD5=212E7E4F44432B5EDA508D454FC01A61 -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
[2009/07/01 18:57:48 | 000,057,344 | ---- | M] () MD5=34AAEA0DCF908A7D3C1D8C2132B0E4D4 -- C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
[2009/03/30 00:42:17 | 000,081,920 | ---- | M] () MD5=ED4DA1AD8F1231955BF46322D91CEA22 -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
[2009/03/30 00:42:17 | 000,425,984 | ---- | M] () MD5=562AC2A26CA4AA54ABD5F50463F5FA6A -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
[2009/07/01 18:57:44 | 000,667,648 | ---- | M] () MD5=6617F24759BB1F3873C88AD9E0DF0435 -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
[2009/07/01 18:57:45 | 000,053,248 | ---- | M] () MD5=1FDC244EEDD9B7804C7829DA11F1522E -- C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
[2009/07/01 18:57:45 | 000,229,376 | ---- | M] () MD5=3FE6C3CDB01F039110152B1B0AE4980F -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
[2009/07/01 18:57:46 | 002,879,488 | ---- | M] () MD5=CB45DFC6F9E1F954A718769D02D9C312 -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
[2009/07/01 18:57:39 | 000,684,032 | ---- | M] () MD5=DDFB10C4A14ADD5D0A6C96E6DC3D29DF -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
[2009/07/01 18:59:18 | 000,294,912 | ---- | M] () MD5=2F69FF4ED483D3FF399534F99BD4694A -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
[2009/07/01 18:57:38 | 000,114,688 | ---- | M] () MD5=0A7F3B1C1A9CC722F48A7A16394F61C4 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
[2009/07/01 18:59:19 | 000,442,368 | ---- | M] () MD5=AE975C122A442146D7D5A6A996C42F91 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
[2009/03/30 00:42:18 | 000,745,472 | ---- | M] () MD5=6C99A302FA3D8D08B5EFD6F25541FDF8 -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
[2009/03/30 00:42:18 | 000,970,752 | ---- | M] () MD5=42EEA3753CEE067FBD197CF27BDC84A4 -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
[2009/03/30 00:42:18 | 005,062,656 | ---- | M] () MD5=E61DD816379FFFD8A090F3330D54DC79 -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
[2009/07/01 18:57:39 | 000,286,720 | ---- | M] () MD5=4C6FBCBB7E7D4E3B0CAAA42043B6A01F -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
[2009/03/30 00:42:18 | 000,188,416 | ---- | M] () MD5=891AA60D72C0D51286FD7792D53C2A12 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
[2009/03/30 00:42:18 | 000,401,408 | ---- | M] () MD5=85290FF9B6B3A161E95AFCCC22480347 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
[2009/03/30 00:42:18 | 000,081,920 | ---- | M] () MD5=69D398A8AADADCB67C9CFDD20465B4C9 -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
[2012/01/26 07:00:14 | 000,630,784 | ---- | M] () MD5=1261A063610A4780FBD0E3A371CA760A -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
[2009/02/18 14:38:39 | 000,126,976 | ---- | M] () MD5=AA78449EA277D52D315FF2EDC70D92C8 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
[2010/04/12 08:20:59 | 000,438,272 | ---- | M] () MD5=A24C912115A7FA0D8FF9E44595CAFFF0 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
[2009/02/18 14:38:39 | 000,131,072 | ---- | M] () MD5=1B0B61F3CADCB3B53063503CB472FA1D -- C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
[2009/10/12 17:59:59 | 000,253,952 | ---- | M] () MD5=921217A14850FFD9BE5ED2F401260500 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll
[2009/10/09 17:57:45 | 002,682,880 | ---- | M] () MD5=4D8AB4FAD244F7985D8C59D456E026D7 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
[2009/07/01 18:57:46 | 000,143,360 | ---- | M] () MD5=217A1E1DED132261C825313A7FB2616C -- C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
[2009/03/30 00:42:18 | 000,372,736 | ---- | M] () MD5=48F38047CCB38CC1F99D008EC166CB76 -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
[2009/03/30 00:42:18 | 000,258,048 | ---- | M] () MD5=25E7A734B70C1F6B28764EF7F0436118 -- C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
[2009/07/01 18:57:49 | 000,233,472 | ---- | M] () MD5=2E66DE31546A6AB3A8160CE337E1C6BC -- C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
[2009/03/30 00:42:19 | 000,303,104 | ---- | M] () MD5=3481E62E3CE48C148E85906328641D7E -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
[2009/03/30 00:42:19 | 000,131,072 | ---- | M] () MD5=DEBF2D9BA6131A92147B84080407EBA5 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/04/12 08:21:01 | 000,970,752 | ---- | M] () MD5=F976DFBF212D7AF5B195A9A2D9F616E4 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2010/03/04 08:53:19 | 000,258,048 | ---- | M] () MD5=CAF56A8081D89AB0CAF51C8580D5CDFD -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
[2009/02/18 14:38:44 | 000,073,728 | ---- | M] () MD5=89697DA589616E9FF1A235D5B0660CCD -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
[2010/04/12 08:21:28 | 000,032,768 | ---- | M] () MD5=CCD2AD3B8CA1979452419B8070EB86AC -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
[2009/07/01 18:57:38 | 000,569,344 | ---- | M] () MD5=1565B7FAFDFA6EEE16101388E57E749F -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
[2010/04/12 08:21:06 | 005,967,872 | ---- | M] () MD5=3B90699F5CB0ED08D00A837014262495 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
[2009/03/30 00:42:19 | 000,114,688 | ---- | M] () MD5=588736B08D25E07A1A8F6AD22F200E44 -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
[2008/01/05 07:21:55 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
[2009/07/01 18:57:49 | 000,077,824 | ---- | M] () MD5=2C3559C513F7CD6F95DC382F31A6A22D -- C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
[2009/07/01 18:57:50 | 000,032,768 | ---- | M] () MD5=9E0D101B086297D5E166E03A8ACBF260 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
[2009/07/01 18:59:20 | 000,229,376 | ---- | M] () MD5=CC8D03C33986926A68696DAAAB5FF2F8 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
[2009/07/01 18:57:47 | 000,131,072 | ---- | M] () MD5=A6A5297AAD0A9BA8829D20B1CBD68D32 -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
[2009/07/01 18:59:19 | 000,139,264 | ---- | M] () MD5=E42797003722BD930D83AB26998394D8 -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
[2009/07/01 18:57:51 | 000,335,872 | ---- | M] () MD5=7E83B8040233DDCDE03CF7F0A5F2837B -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
[2012/01/11 04:14:50 | 001,277,952 | ---- | M] () MD5=821B0AAB24CB11417381F8AE881309A2 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
[2009/03/30 00:42:19 | 000,835,584 | ---- | M] () MD5=F81133A7FC8FD47E2D5A068233C47F06 -- C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
[2009/03/30 00:42:19 | 000,077,824 | ---- | M] () MD5=923E77C9B66AB6025EEEAC8C3BD42FB9 -- C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
[2009/07/01 18:57:52 | 000,061,440 | ---- | M] () MD5=5B7868DF14D71D328EE8C1213F852393 -- C:\Windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
[2009/03/30 00:42:19 | 000,839,680 | ---- | M] () MD5=D59A5B6EBFCE6DBF9EE5D8A72EB8219B -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
[2011/03/29 06:53:25 | 005,025,792 | ---- | M] () MD5=ABC4DD333A08C767C95BC2653283D00E -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
[2009/07/01 18:57:48 | 000,012,288 | ---- | M] () MD5=044C3400A836E5FB60D4A49EAEC24544 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
[2009/02/18 14:39:28 | 001,138,688 | ---- | M] () MD5=5AC7D82F2E4F63D400F3A2E17A8381F2 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
[2009/02/18 14:39:29 | 001,630,208 | ---- | M] () MD5=CB351A275A42D5E6D3C34993E0B5C1D7 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
[2009/02/18 14:39:29 | 000,540,672 | ---- | M] () MD5=64890F03B79E4B0458AACAE680CBF749 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
[2009/07/01 18:57:38 | 000,507,904 | ---- | M] () MD5=E249D1B3114088C0D390A60643BF2BBC -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
[2009/07/01 18:57:48 | 000,139,264 | ---- | M] () MD5=64925CC79EA9E8245A4F18703CCABEC4 -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
[2009/03/30 00:42:20 | 002,048,000 | ---- | M] () MD5=214A848813988454474E21ED531D3CEC -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
[2011/11/01 07:23:33 | 003,186,688 | ---- | M] () MD5=23E863275902E6A767D406A946704C5D -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
[2006/11/02 08:41:20 | 000,006,656 | ---- | M] () MD5=9AA315F0EB92E005FEDB833766E8C8F9 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll
[2008/01/19 03:39:26 | 000,163,840 | ---- | M] () MD5=A3412B8CAE691416C7393E542F6C65E3 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
[2009/02/18 14:39:19 | 000,167,936 | ---- | M] () MD5=CDFF3D68B137D52866C2BE0CABB85BF1 -- C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
[2009/02/18 14:39:19 | 000,385,024 | ---- | M] () MD5=EC59E39D4035284620A68986120A7791 -- C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
[2009/02/18 14:39:19 | 000,040,960 | ---- | M] () MD5=6CB31D67EFBA7CF52452D40D3F752C20 -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
[2009/02/18 14:39:19 | 000,098,304 | ---- | M] () MD5=ED6B87BA6DEAC501C34BACB1C79A8F4E -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
[2010/04/05 08:19:27 | 001,249,280 | ---- | M] () MD5=1134BC3D23F3B2FD10371E21B2B5A253 -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
[2009/02/18 14:39:19 | 000,094,208 | ---- | M] () MD5=10E9793BEB3A1BFDF58AFE4CC072060C -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
[2009/02/18 14:38:45 | 000,150,360 | ---- | M] () MD5=E2D20DB4F58BC0B507A59AF509EB5A15 -- C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

< MD5 for: AFD.SYS >
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2006/11/02 04:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2011/04/21 09:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/19 01:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 09:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/08/03 22:01:58 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/08/03 22:01:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007/08/03 22:01:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007/08/03 22:01:58 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/08/03 22:01:58 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 22:45:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 22:45:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 22:45:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 22:45:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DFSC.SYS >
[2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2011/04/14 10:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
[2008/01/19 01:28:20 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9E635AE5E8AD93E2B5989E2E23679F97 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
[2011/04/14 10:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=A3E9FA213F443AC77C7746119D13FEEC -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys
[2006/11/02 04:31:04 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=A7179DE59AE269AB70345527894CCD7C -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys
[2011/04/13 09:22:40 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=E20FB30D720810646ED24FB7CA9899A2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys
[2011/04/14 10:59:03 | 000,075,264 | ---- | M] () MD5=F7F11E66ABF5C225437CB8BF219564A4 -- C:\Windows\System32\drivers\dfsc.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 04:10:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 04:10:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: I8042PRT.SYS >
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 04:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/02/13 22:48:44 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2008/02/13 22:48:44 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2008/02/13 22:48:44 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/02/13 22:48:44 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys
[2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008/02/13 22:48:43 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/02/13 22:48:44 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2007/04/23 06:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/04/23 06:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/23 06:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/04/23 06:51:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: LSASS.EXE >
[2009/06/15 08:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009/09/10 10:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009/06/15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009/02/13 03:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006/11/02 05:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2009/06/15 09:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\ERDNT\cache\lsass.exe
[2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\System32\lsass.exe
[2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18541_none_a806cc745a10ffad\lsass.exe
[2009/06/15 08:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009/02/13 00:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009/06/15 08:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009/06/15 09:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009/09/09 07:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009/09/10 10:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008/01/19 03:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008/01/19 03:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008/01/19 03:33:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2011/11/16 09:57:04 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=EBFAEB786C46B407930811F94F08877D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22742_none_a8916b6f732db5f5\lsass.exe
[2009/02/13 04:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NETBT.SYS >
[2008/01/19 01:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2006/11/02 04:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=E3A168912E7EEFC3BD3B814720D68B41 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: SERIAL.SYS >
[2008/01/19 01:49:35 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
[2008/01/19 01:49:35 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serial.sys
[2008/01/19 01:49:35 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys
[2008/01/19 01:49:35 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys
[2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\drivers\serial.sys
[2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys
[2006/11/02 04:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2008/01/10 04:03:34 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=028061C7F6D2D03068C72E2A27E4228A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/12/08 16:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 17:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 13:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 16:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 10:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2008/01/10 04:03:33 | 000,804,352 | ---- | M] (Microsoft Corporation) MD5=43EAE40B50FE3E60D194DD9C97EBB1FD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
[2009/12/08 16:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2008/02/13 04:03:55 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
[2009/12/08 16:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2008/02/13 04:03:56 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 12:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 16:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\System32\drivers\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 13:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 13:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009/12/08 13:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2006/11/02 04:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[2007/04/20 05:55:56 | 000,803,840 | ---- | M] (Microsoft Corporation) MD5=D993AAC691DEEC99A064420FAF3437E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008/01/19 03:43:39 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 12:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/10 04:01:44 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/01/10 04:01:44 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/01/10 04:01:44 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 03:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 03:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >






I appreciate your continued efforts to clean up my computer.

Stephen

and here is the second report from the OTL scan:

OTL Extras logfile created on: 4/14/2012 8:49:29 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Stephen Clossick\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.38% Memory free
4.21 Gb Paging File | 2.77 Gb Available in Paging File | 65.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 57.69 Gb Free Space | 42.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.61 Gb Free Space | 56.07% Space Free | Partition Type: NTFS

Computer Name: SCDELLLAPTOP | User Name: Stephen Clossick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{123530CA-16A9-4C78-AC5F-40F2B31626A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{350B9ADB-E131-40F3-88EB-5E2DE6C28A14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{550C6055-26B4-44B7-BAB2-85A0CB2A736F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7C331FB0-A84B-4DD3-B6BD-FC5DAB193308}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9906D378-F19A-469A-B8B0-5EDB2A02724F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{263E63AD-DCD8-450E-ACDE-94C78AE8C2D9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{39C857BC-CE3B-480D-8914-D89F1DEF82E6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{3A270CAD-8302-45C9-AE12-A9E13D9BA862}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{46E41294-045A-407B-A740-1C4EF1F6DED0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E73061E-70F5-4175-B4B2-041AE264B09E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{553A4911-704C-4355-B427-FD6D8C3A04AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{553C3C6A-D3F4-4FE8-8EF2-E3109271B06D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A392E9F-0020-4518-954D-0C3A717E70BF}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{5B46D54F-CE5F-4966-8D11-8F795A67BE53}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{6891E648-B61F-448F-A9FC-8B9EF517EBCA}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{6CA0FA73-6692-419F-B767-FC7F0DDF0CD4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{7751CDBD-24FE-457C-AC5F-32E46241CFD5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{837ABAD3-6C31-487E-8963-2925C140D521}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{86FD2FAF-BB43-4F9E-92ED-00BDC804772C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{88EE29AB-5595-4B48-95E7-968AC918EB68}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\ttax.exe |
"{8F6982A8-F3DC-471A-906E-2C60EFFB580B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{90E4E839-55CF-47D4-8998-3FB135472A93}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{910E2744-DA25-43F3-BD8E-B3B55B5DCBE2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{91469CFE-FF50-44D9-9EFF-9B437B7ED918}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9594FA7D-38D2-4B82-B691-02AE3C71855E}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\ttax.exe |
"{A5233E60-36EC-4D96-B77A-E471454D2BA1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AAF40039-0EC8-46DD-8170-88D49444F804}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{AB4E895B-8BE3-4E54-BE56-021B7ABDEE5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ABFE490D-69CE-4D65-AAD1-4B1B10477F3E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{B31FA695-AC8C-4E38-8B0B-7F38FA542DE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B54BC076-BA52-4936-8794-4EC6415BBD31}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CE5784A9-AB24-4031-BE47-42DC5AD4DBF0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"TCP Query User{55B81869-0A26-4E21-9086-41C6CA2BA59D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ADB89B38-C62B-42C6-A0D4-8BC78F2DEB79}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00A92F66-3579-11D5-B892-00A0247B9F6F}" = Projector Manager
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20159B36-3A64-49AB-B3AA-FE6DE1D93C7C}" = Computrace
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C48D1F-9BBF-450A-BBCE-1D775AB94B15}" = FileMaker Pro 9
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.480
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1000000772-1970631579-4226086422-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2009 1:20:06 PM | Computer Name = SCDellLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/22/2009 1:24:28 PM | Computer Name = SCDellLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/22/2009 1:28:32 PM | Computer Name = SCDellLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/22/2009 1:28:54 PM | Computer Name = SCDellLaptop | Source = ESENT | ID = 488
Description = Windows (3400) Windows: An attempt to create the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log"
failed with system error 1393 (0x00000571): "The disk structure is corrupted and
unreadable. ". The create file operation will fail with error -1022 (0xfffffc02).

Error - 9/22/2009 1:28:57 PM | Computer Name = SCDellLaptop | Source = ESENT | ID = 413
Description = Windows (3400) Windows: Unable to create a new logfile because the
database cannot write to the log drive. The drive may be read-only, out of disk
space, misconfigured, or corrupted. Error -1022.

Error - 9/22/2009 1:28:57 PM | Computer Name = SCDellLaptop | Source = ESENT | ID = 492
Description = Windows (3400) Windows: The logfile sequence in "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\"
has been halted due to a fatal error. No further updates are possible for the
databases that use this logfile sequence. Please correct the problem and restart
or restore from backup.

Error - 9/22/2009 1:28:57 PM | Computer Name = SCDellLaptop | Source = Windows Search Service | ID = 3013
Description =

Error - 9/22/2009 1:28:58 PM | Computer Name = SCDellLaptop | Source = Windows Search Service | ID = 7040
Description =

Error - 9/22/2009 1:28:59 PM | Computer Name = SCDellLaptop | Source = ESENT | ID = 902
Description = Windows (3400) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x00AE0560 Session-context: 0x00000000 Session-context ThreadId: 0x0000263C Current
ThreadId: 0x00000DC4

Error - 9/22/2009 1:28:59 PM | Computer Name = SCDellLaptop | Source = ESENT | ID = 902
Description = Windows (3400) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x00AE0560 Session-context: 0x00000000 Session-context ThreadId: 0x0000263C Current
ThreadId: 0x00000DC4

[ OSession Events ]
Error - 3/16/2010 8:21:31 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105673
seconds with 600 seconds of active time. This session ended with a crash.

Error - 5/4/2010 6:18:07 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 214966
seconds with 300 seconds of active time. This session ended with a crash.

Error - 6/28/2010 3:25:12 AM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52170
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/3/2010 4:33:02 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 416084
seconds with 15420 seconds of active time. This session ended with a crash.

Error - 12/17/2010 4:58:57 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 178395
seconds with 11220 seconds of active time. This session ended with a crash.

Error - 12/20/2010 2:31:07 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/13/2011 4:33:07 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 525
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/10/2011 2:00:52 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 105760
seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/18/2012 6:06:01 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 610412
seconds with 7080 seconds of active time. This session ended with a crash.

Error - 3/20/2012 3:30:34 PM | Computer Name = SCDellLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 156373
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/13/2012 8:09:58 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7003
Description =

Error - 4/13/2012 8:09:58 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7003
Description =

Error - 4/13/2012 8:15:51 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7034
Description =

Error - 4/13/2012 8:18:47 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7030
Description =

Error - 4/13/2012 8:27:36 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7030
Description =

Error - 4/13/2012 8:33:18 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7030
Description =

Error - 4/13/2012 8:37:08 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 4/13/2012 8:37:08 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 4/13/2012 8:41:45 PM | Computer Name = SCDellLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 4/13/2012 10:50:36 PM | Computer Name = SCDellLaptop | Source = DCOM | ID = 10010
Description =


< End of report >

Attached Files



#8 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 14 April 2012 - 08:49 AM

Hmmmm, looks like the second post with the 2nd OTL scan was just appended to the original post, so you have both OTL scan reports in the prior post.

Best,

Stephen

#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 14 April 2012 - 09:37 AM

Hi Stephen,


Did you set these proxy settings ?

IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
FF - prefs.js..network.proxy.no_proxies_on: "*.local,192.168.*.*"


Is it possible to zip and upload this file (C:\Windows\System32\drivers\dfsc.sys) here => http://www.filedropper.com

Can you PM me with the download link please?



Next,



Backup Your Registry with ERUNT


  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
  • Open Erunt.exe. Follow the prompts leaving the values at default.



Next please download PsExec. Extract it and drop psexec.exe onto your desktop.
Please open an elevated command prompt (go to start, then all programs followed by Accessories, right-click Command Prompt, and then click Run as administrator) and type in:

cd desktop and hit Enter

psexec -s swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /GE:F and hit Enter

Now download the following files and save them to your desktop:

http://download.bleepingcomputer.com/win-services/vista/NwlnkFlt.reg
http://download.bleepingcomputer.com/win-services/vista/NwlnkFwd.reg
http://download.bleepingcomputer.com/win-services/vista/IpInIp.reg
http://download.bleepingcomputer.com/win-services/vista/blbdrive.reg

and double click on each of them one by one and merge them to registry. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Once the that fixes have been successfully merged run this following command from an elevated command prompt:


cd desktop and hit Enter

psexec -s swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /RE:F and hit Enter


Now reboot the computer.



We need to run an OTL Fix


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS
    IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DNUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=vpG5nUYMYHYpD9jdbMYmlTKxI_w?q={searchTerms}
    IE - HKU\S-1-5-21-1000000772-1970631579-4226086422-1003\..\SearchScopes\{AC42DD38-D573-4A08-8D0E-A23BCC3C7531}: "URL" = http://search.avg.com/route/?d=4cb7c291&v=6.10.6.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
    [2012/01/01 12:18:42 | 000,001,326 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\jiq211je8ego70uj2p441y1gjfyqg5np0qhix
    [2012/01/01 12:18:42 | 000,001,326 | -HS- | C] () -- C:\ProgramData\jiq211je8ego70uj2p441y1gjfyqg5np0qhix
    [2011/12/29 21:04:42 | 000,000,978 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3
    [2011/12/29 21:04:42 | 000,000,978 | -HS- | C] () -- C:\ProgramData\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3
    [2011/12/19 15:41:34 | 000,010,188 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\107357r7j173a311h074m2lqw2t2
    [2011/12/19 15:41:34 | 000,010,188 | -HS- | C] () -- C:\ProgramData\107357r7j173a311h074m2lqw2t2
    [2011/12/15 16:28:35 | 000,011,350 | -HS- | C] () -- C:\Users\Stephen Clossick\AppData\Local\054452l2d078j880h735m5rji6p4
    [2011/12/15 16:28:35 | 000,011,350 | -HS- | C] () -- C:\ProgramData\054452l2d078j880h735m5rji6p4
    :Files
    C:\Windows\System32\drivers\dfsc.sys|C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys /replace
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.



Regards,
Georgi

Edited by B-boy/StyLe/, 14 April 2012 - 09:40 AM.

cXfZ4wS.png


#10 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 14 April 2012 - 11:02 AM

Georgi,

I am hung up at the point where you want me to use the command prompt after downloading the PsExec program. I have ended up with 15 PS files on my desktop, but not an .exe file.

When I go to the command prompt and put in cd desktop the response is "The system cannot find the path specified."

Also, regarding your query as to whether I had made some settings, I don't think it was me.

Thanks,

Stephen

#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 14 April 2012 - 03:21 PM

Hi Stephen,


Here is how to make vista show extensions for all file types.

Go to Control Panel => Appearance and Personalization => Folder Options.
Click the View tab and then, look under Advanced settings
Look for “Hide file extensions for known file types” and remove any checkmark next to this option.
Click OK

Now you should be able to see the PsExec.exe

Then try again with the commands.
If no joy please put PsExec.exe in C:\

Copy/paste the following text at the command prompt and press enter after each line:

cd c:\

psexec -s swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /GE:F

Posted Image



Let me know about the results.



Regards,
Georgi

cXfZ4wS.png


#12 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 15 April 2012 - 08:04 PM

Georgi,

I was able to run the command prompt directions from your last post.

Should I now reboot the computer and go to your previous post and pick up with the rest of your directions?

Stephen

#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 16 April 2012 - 03:59 AM

Should I now reboot the computer and go to your previous post and pick up with the rest of your directions?




Hi Stephen,


Yes please. :)



Regards,
Georgi

cXfZ4wS.png


#14 sclossick

sclossick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 16 April 2012 - 07:29 AM

Georgi,

Good progress - here is the log report:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1000000772-1970631579-4226086422-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AC42DD38-D573-4A08-8D0E-A23BCC3C7531}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC42DD38-D573-4A08-8D0E-A23BCC3C7531}\ not found.
C:\Users\Stephen Clossick\AppData\Local\jiq211je8ego70uj2p441y1gjfyqg5np0qhix moved successfully.
C:\ProgramData\jiq211je8ego70uj2p441y1gjfyqg5np0qhix moved successfully.
C:\Users\Stephen Clossick\AppData\Local\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3 moved successfully.
C:\ProgramData\qej17wi58ii2gqgfuwhl155625h6ctk508k78epjxu3 moved successfully.
C:\Users\Stephen Clossick\AppData\Local\107357r7j173a311h074m2lqw2t2 moved successfully.
C:\ProgramData\107357r7j173a311h074m2lqw2t2 moved successfully.
C:\Users\Stephen Clossick\AppData\Local\054452l2d078j880h735m5rji6p4 moved successfully.
C:\ProgramData\054452l2d078j880h735m5rji6p4 moved successfully.
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\dfsc.sys with C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys without a reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Keegan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Madigan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17648374 bytes
->Flash cache emptied: 405 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stephen Clossick
->Temp folder emptied: 33875129 bytes
->Temporary Internet Files folder emptied: 3015334095 bytes
->Java cache emptied: 31381886 bytes
->FireFox cache emptied: 175436325 bytes
->Flash cache emptied: 2081913 bytes

User: Tina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169594 bytes
RecycleBin emptied: 12086119 bytes

Total Files Cleaned = 3,136.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04162012_081515

Files\Folders moved on Reboot...
File\Folder C:\Users\Stephen Clossick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCF82Z3I\page__p__2662538__fromsearch__1[1].htm not found!
C:\Users\Stephen Clossick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Stephen Clossick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Stephen Clossick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...


Let me know what is next.

Stephen

#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 16 April 2012 - 08:14 AM

Hi Stephen,


I am concerned about this:


========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\dfsc.sys with C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys without a reboot.



Please re-run OTL as described above and post the new logs. :)



Regards,
Georgi

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users