Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Recovery Virus with Google Redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 josh131

josh131

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 12 April 2012 - 07:30 PM

Recently, my computer was infected with what I believe to be the Windows 7 Recovery virus. Prior to posting here, I did find another topic (link below) that provided steps for correcting the issue. I followed the steps in this posting and it appears to have corrected the Windows 7 Recovery virus, but the Google redirects that the post mentions still remain. The steps that address the Google redirects did not resolve this issue. I did execute multiple virus detection and removal programs to try eliminating the problem, but to no avail.

The link to the post containing the steps I performed is here (if relevant):

www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery

Below is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Anthony at 16:53:17 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1682 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\STacSV.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081024
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\anthony\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Meebo Notifier] "c:\users\anthony\appdata\local\meebo\meebo notifier\MeeboNotifier.exe" /startup
uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000001" /M "WorkForce 845"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [JYSiYyRGNluwQXA.exe] c:\programdata\JYSiYyRGNluwQXA.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\anthony\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop (2).ini
StartupFolder: c:\users\anthony\appdata\roaming\micros~1\windows\startm~1\programs\startup\dsmobi~1.lnk - c:\program files\brother\dsmobilescan ii\DSmobileSCAN.exe
StartupFolder: c:\users\anthony\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\users\anthony\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\users\anthony\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://jran.uscourts.gov/whalecombd68af80722ce69399d78a55ef3e82fe78c1edc099/whalecom0/dwa85W.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://jran.uscourts.gov/whalecombd68af80722ce6939cd78a55ef3e82fe8c1969de0d/whalecom0/iNotes6W.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://jport.uscourts.gov/download/,DanaInfo=AOMAIL01d.uscmail.dcn+dolcontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://jran.uscourts.gov/InternalSite/WhlCompMgr.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://jport.uscourts.gov/,DanaInfo=AOMAIL01a.uscmail.dcn+dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://jport.uscourts.gov/,DanaInfo=AOMAIL01a.uscmail.dcn+dwa7W.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://uscourts.webex.com/client/WBXclient-T27L10NSP25-10481/training/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://jport.uscourts.gov/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E3852375-0BF1-443F-98C8-F5F05B44FA3D} : DhcpNameServer = 192.168.2.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\d0jyfg13.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\anthony\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-10 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-10 467592]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120406.003\IDSvix86.sys [2012-4-10 368248]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-13 652360]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-7 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-13 20464]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008030.006\symndisv.sys [2011-10-10 48760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DMService;Whale Component Manager;c:\windows\downloaded program files\DMService.exe [2008-12-4 423576]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-24 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]
.
=============== Created Last 30 ================
.
2012-04-10 20:50:17 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c927d587-e72d-4426-adb3-6f71d0d9df75}\offreg.dll
2012-04-10 18:28:45 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c927d587-e72d-4426-adb3-6f71d0d9df75}\mpengine.dll
2012-04-10 18:28:43 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-09 21:28:20 -------- d-----w- c:\programdata\AVAST Software
2012-04-09 21:28:20 -------- d-----w- c:\program files\AVAST Software
2012-04-09 19:22:21 -------- d-----w- c:\users\anthony\appdata\roaming\AVG2012
2012-04-09 19:20:41 -------- d-----w- c:\programdata\AVG2012
2012-04-09 19:19:56 -------- d-----w- c:\program files\AVG
2012-04-09 19:17:27 -------- d--h--w- c:\programdata\Common Files
2012-04-09 19:17:14 -------- d-----w- c:\programdata\MFAData
2012-03-14 07:00:45 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:00:44 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 02:54:26 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:54:25 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:04:56 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:04:56 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 19:04:56 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:04:55 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:04:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:04:55 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-03-11 20:16:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-14 19:29:47 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 16:56:53.06 ===============


I did have some issues running gmer.exe. It took several tries but I do believe it eventually completed successfully. The log file is attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:24 PM

Posted 13 April 2012 - 12:46 AM

Hello josh ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





Please download ComboFix from the link below:

ComboFix

Save it to your Desktop, but do not run it yet <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
  • Double click it & follow the prompts.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.



-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.




Regards,
Georgi

cXfZ4wS.png


#3 josh131

josh131
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 13 April 2012 - 12:01 PM

Below is the information contained in the ComboFix log file. The file is also attached.

ComboFix 12-04-13.01 - Anthony 04/13/2012 12:23:52.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1716 [GMT -4:00]
Running from: c:\users\Anthony\Desktop\Security Programs\Bleeping Computer\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1aeQXbjdmLoeek
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Anthony\Desktop\System Check.lnk
F:\Autorun.inf
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_a25e7b019f016e70\grpconv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 16:34 . 2012-04-13 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 16:34 . 2009-07-14 01:14 16384 ----a-w- c:\windows\system32\grpconv.exe
2012-04-13 16:02 . 2012-04-13 16:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C927D587-E72D-4426-ADB3-6F71D0D9DF75}\offreg.dll
2012-04-13 07:02 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 07:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 07:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 07:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 07:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-13 07:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 18:28 . 2012-03-20 07:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C927D587-E72D-4426-ADB3-6F71D0D9DF75}\mpengine.dll
2012-04-10 18:28 . 2012-02-23 14:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-09 21:28 . 2012-04-10 17:10 -------- d-----w- c:\programdata\AVAST Software
2012-04-09 21:28 . 2012-04-09 21:28 -------- d-----w- c:\program files\AVAST Software
2012-04-09 19:22 . 2012-04-09 19:22 -------- d-----w- c:\users\Anthony\AppData\Roaming\AVG2012
2012-04-09 19:20 . 2012-04-10 19:27 -------- d-----w- c:\programdata\AVG2012
2012-04-09 19:19 . 2012-04-09 19:19 -------- d-----w- c:\program files\AVG
2012-04-09 19:17 . 2012-04-09 19:17 -------- d--h--w- c:\programdata\Common Files
2012-04-09 19:17 . 2012-04-10 19:26 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 20:16 . 2011-05-22 12:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 19:04 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 19:04 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 19:04 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 02:54 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 02:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-13 19:04 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 19:04 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 19:04 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-14 19:29 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-14 19:05 . 2012-01-14 19:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-14 19:05 . 2012-01-14 19:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-14 19:05 . 2012-01-14 19:05 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-14 19:05 . 2012-01-14 19:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-14 19:05 . 2012-01-14 19:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-14 19:05 . 2012-01-14 19:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-14 19:05 . 2012-01-14 19:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-14 19:05 . 2012-01-14 19:05 367104 ----a-w- c:\windows\system32\html.iec
2012-01-14 19:05 . 2012-01-14 19:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-14 19:05 . 2012-01-14 19:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-14 19:05 . 2012-01-14 19:05 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-14 19:05 . 2012-01-14 19:05 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-14 19:05 . 2012-01-14 19:05 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-14 19:05 . 2012-01-14 19:05 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-14 19:05 . 2012-01-14 19:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-14 19:05 . 2012-01-14 19:05 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-14 19:05 . 2012-01-14 19:05 101888 ----a-w- c:\windows\system32\admparse.dll
2010-08-26 23:42 . 2010-08-26 23:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Meebo Notifier"="c:\users\Anthony\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-15 818888]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2011-04-24 219008]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"WD Button Manager"="WDBtnMgr.exe" [2009-10-25 364544]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-07-18 20480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop (2).ini [2009-7-14 174]
DSmobileSCAN II.lnk - c:\program files\Brother\DSmobileSCAN II\DSmobileSCAN.exe [2009-10-10 518144]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-2-8 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-2-8 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-2-8 94208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-2-8 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-2-8 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-2-8 94208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-24 05:15 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 DMService;Whale Component Manager;c:\windows\Downloaded Program Files\DMService.exe [2008-12-04 423576]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-26 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [2011-10-11 467592]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120412.001\IDSvix86.sys [2012-03-06 368248]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 521600]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS [2011-09-22 48760]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:51]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:51]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2177584724-3349562556-1696289249-1000Core.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 01:50]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2177584724-3349562556-1696289249-1000UA.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 01:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://jran.uscourts.gov/whalecombd68af80722ce69399d78a55ef3e82fe78c1edc099/whalecom0/dwa85W.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://jport.uscourts.gov/download/,DanaInfo=AOMAIL01d.uscmail.dcn+dolcontrol.cab
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\d0jyfg13.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-JYSiYyRGNluwQXA.exe - c:\programdata\JYSiYyRGNluwQXA.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_USERS\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{82C3107B-C8C2-4B7F-9268-C91A9719B7F2}"=""
"{EB7884B5-7805-489E-BE8F-FC8F4B7B306B}"=""
"{DC2BA1A2-451C-42A8-A944-4BB09B203C9E}"=""
"{AEAE3465-BF6A-495D-B1B7-251D36560685}"=""
"{3E7AB6A2-ACA1-46FF-82FB-415CE9E08885}"=""
"{C538B410-2937-4FA7-ADB7-DFEA6A0E0E4A}"=""
"{F436DFA5-6909-4F05-9E28-1E3690DA1DBC}"=""
"{9A26F036-ADF3-4850-89B0-233DAD15B9F1}"=""
"{FD368ABE-B042-4CD9-8EF4-11DDB2F31FDB}"=""
"{CFD355A1-137E-4411-A8F7-FBDBB979D8CA}"=""
"{021EACED-9276-4B3E-AD10-FB4BBA8BD91B}"=""
"{4EDDF772-08B5-4544-BAE4-DFF66475DDA6}"=""
"{32557773-A3B4-46B1-81F2-EF19A349827A}"=""
"{37C92FA7-C47E-4F59-9981-78C7913ADF52}"=""
"{178F145A-D46A-458F-AD7C-EEF0100BB3CE}"=""
"{A887A66F-9023-4B34-BC13-808D101F24AC}"=""
"{7170F900-61B1-43F7-BD84-AF0E3C254565}"=""
"{6C0EDB91-8803-4CB0-AE7C-21E73B2AC339}"=""
"{40D98920-E938-4981-B5B6-E677F396A990}"=""
"{494E5CFD-77B8-406B-BE9D-7CB18BF73573}"=""
"{6023C8C3-B7E2-43E1-BBBE-10248AADA338}"=""
"{A76872F0-BFA0-4D83-B1A9-968D72EA4127}"=""
"{08611F96-5885-4FE6-A555-A1275566ED7B}"=""
"{04E027A3-ABCD-4B85-A975-E987FFDB5FA2}"=""
"{AF776A4B-11FF-45DF-89E3-BA77207A0A1C}"=""
"{A611EE00-408A-44A3-89D4-71104644D334}"=""
"{67419EB8-7874-4234-BFB5-D02D53D6DE80}"=""
"{7CD7E440-B7C5-4241-843A-23E125D5DA69}"=""
"{32BBE5B0-A21E-4E53-9179-1E3FFB486402}"=""
"{01063709-2A94-4DEB-BA0E-698991E888CD}"=""
"{50EC7B7D-C9BE-4412-A62A-C62898345E11}"=""
"{BFF4D432-4588-4636-BDAC-6FC44B857575}"=""
"{CE7D6457-3397-4035-AADA-255D696AFBE9}"=""
"{B4152FF0-CAC9-436F-9B31-CE829BBE08D4}"=""
"{242AF37D-6C0B-4749-8894-2AE6A39AA0EC}"=""
"{6A7F2249-F12E-4A2D-A7BF-5F96F302C742}"=""
"{DC3E6650-2043-4D33-A856-D88A0D6D3DE7}"=""
"{58D6745D-843C-47A3-9671-01A7719F4ED8}"=""
"{9CBD42AA-E9BD-43D5-88EC-CB5E2B145F09}"=""
"{8033A4A2-F6E3-416A-BF02-9E30401D37FD}"=""
"{F3CCEDEE-74E9-4887-96B0-B874484C63F4}"=""
"{322766C0-177E-43D9-B5DC-662E3EA018EB}"=""
"{CD90094C-04D1-4936-8F5D-64D5BD7357DF}"=""
"{E42A15D8-538E-4835-A948-505A58256B9E}"=""
"{164C07E6-FC57-4395-8D04-4A8CC67D41A4}"=""
"{54099D79-9FDA-4BE2-B53A-F986BFA60B52}"=""
"{A1745E38-B4F0-4434-A502-1973605A429E}"=""
"{661C4F35-09D8-4DCE-83B1-221764082495}"=""
"{BCB61620-DC31-4BC0-9B46-D478151EEBA2}"=""
"{63F64EB1-84C6-444C-94CD-F0AF2E2508EF}"=""
"{AC289BB4-DA17-44B0-81F0-57277C2FF4B7}"=""
"{5D2C0CB1-7E1B-451F-B841-9F01DBE4155D}"=""
"{B506FDFA-290F-48C3-B944-B5616D89789C}"=""
"{A4E9376F-7262-41F5-9BCD-8D0312166EF9}"=""
"{25AFFE3A-C64C-4121-B8D8-A810F558A3B2}"=""
"{37D893E4-D778-4341-825E-B637B34ED2BF}"=""
"{9FD07499-8DB4-4229-B862-8F9A0213CB29}"=""
"{02887797-38EA-4876-B63B-FE0C15500F17}"=""
"{3A24861D-A3B2-4105-AC09-7972A3E42422}"=""
"{B521234D-9F51-4C81-87AA-AD825CB7D231}"=""
"{99576F4C-D571-4956-B75C-98C077782654}"=""
"{8A6765A3-AC32-4502-A821-63CD8A2A42B0}"=""
"{A3865908-F44E-45B6-9672-2C82881AD293}"=""
"{40089256-6232-4F5F-AB7A-BDD1919CBFF4}"=""
"{9C8D8384-F0B9-4A9E-9DB8-DBCA0B419304}"=""
"{543D7E34-F096-4DE7-85F6-D657CDF6E9CB}"=""
"{07439910-97C3-4756-871A-A4C6B9144B6D}"=""
"{DBF37D08-1C65-478C-BB16-8FCC278E86D6}"=""
"{30AE45BD-29ED-4A23-8DA3-A819AB171368}"=""
"{F4D420AC-FAA0-473B-8445-461D8A4739A2}"=""
"{FB0A685A-0EB4-49D8-B5A4-E3802713A100}"=""
"{4493562B-E0C5-4562-A7BE-705F42119CB3}"=""
"{C13C2F46-1B6D-42E6-BDBA-ACA4E2805F2C}"=""
"{2DA5ACE5-35F4-4F62-BEB0-7571C554673F}"=""
"{2E6C7988-C207-4F9F-8AD0-CD8CDAB07ECE}"=""
"{F7239F9E-A26D-450D-B870-7C14AB13F6FF}"=""
"{F0210917-7E3D-45EE-908E-1D223DFB59ED}"=""
"{6DFCCC49-BA01-4C8F-8853-EB1820AAF48D}"=""
"{80C1BA0E-DBB5-40E8-87B0-3B3A991D5CA8}"=""
"{8C6F951B-BD64-4346-B14B-1EDD4829A48E}"=""
"{11B60A30-0D24-4D52-9620-7C7EAD47FF56}"=""
"{AE74750D-DDCD-45B4-9716-93E8D8C00553}"=""
"{83564A66-E44D-439A-A833-4FD4E59F8BA4}"=""
"{86F4D3DB-0B55-4F0B-A778-3B90C2F2E73D}"=""
"{BB0C9B53-1B4F-4E31-976C-3C66416B2780}"=""
"{7B8EFDA3-64B7-43CF-B73A-7517E880E1EE}"=""
"{92FDD265-7668-4DFF-8CB0-F1545990DA68}"=""
"{BA9B235D-820A-4D32-A963-6F1C3019BBCD}"=""
"{F1A3EB94-9B83-42AD-9F4A-1151F5CAE4C3}"=""
"{84CA791D-D831-4E6F-A73C-96A4F6C83110}"=""
"{8972BE88-7BF8-4831-BE35-421269FA0F6C}"=""
"{13D8EDA1-E37C-4F55-BB1E-F496C501A192}"=""
"{E3A71352-D94D-4420-91E1-037393EED9C3}"=""
"{240620CE-6D34-4593-9833-F0692D1CFC53}"=""
"{E3F783AE-4E79-48ED-9BF1-B563D7758FF4}"=""
"{D8C01C4C-20FF-44C9-A979-70A8B92D5B76}"=""
"{755A31E4-8D8E-4981-9C57-9A5EFBCA160C}"=""
"{E295AFEC-8E3B-4D76-A8CC-4AF849956D75}"=""
"{1835BEB2-CB8A-45DC-A52D-EE4CF785167F}"=""
"{7ED5BD44-1F50-4BA7-A21A-7D1D2EABAB5B}"=""
"{8C5177F0-1D5C-4636-9889-502B93E35105}"=""
"{3A785ECC-C5C0-4E68-A739-8242B4F361DF}"=""
"{0B8A31D6-655F-46CA-AC71-CF0F397B494D}"=""
"{D20539D9-C2B8-45D9-A165-4C34E70F626A}"=""
"{6DFBE1B9-E70F-4AB8-8844-C85F1CD20C30}"=""
"{3C062A44-0D9D-46D1-BD1C-656EBBE5C277}"=""
"{77C6FC98-4B02-4BBE-A2C0-8D0D19275B7B}"=""
"{CDEE5507-B1A9-4242-A945-CFCC4D8C86BD}"=""
"{B302D67B-3B1F-41D0-8FC2-5DBD0A0A7B94}"=""
"{D0122EAA-7837-4B6E-8F6D-1ED5A34DF22F}"=""
"{99337351-050F-4B9C-989D-39BA06B534B3}"=""
"{E0D5E739-D46C-4355-A96F-EFA2F4AC7C72}"=""
"{4ACD8724-2B54-428D-886C-E89C255AD18D}"=""
"{D0FD5EFC-A2A6-4C92-996F-2427F418123B}"=""
"{EA58F158-A6EF-47AB-BD56-C9E4C3822686}"=""
"{332DDDEE-48CF-4AE3-A27E-65891969612A}"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_3952"="{9F0FF90B-20E6-42F9-A210-CA2E316C8640}"
"ccSvcHst_UserSession_4328"="{2DC077AC-B352-4A9D-A412-AB9C5E8280E3}"
"ccSvcHst_UserSession_3128"="{F0BFD0E3-5A5C-4154-9299-AC01CC9EF84D}"
"ccSvcHst_UserSession_3092"="{B49F3B79-329B-4E2A-B38F-25E738839D14}"
"ccSvcHst_UserSession_3112"="{4D135B82-3571-40BD-A633-1413062E5F46}"
"ccSvcHst_UserSession_3328"="{AC6C4AA8-DB70-4415-8267-64ACEA7614D0}"
"ccSvcHst_UserSession_2308"="{3E706194-F8D1-47F6-AD2B-2C6A3402836B}"
"ccSvcHst_UserSession_2840"="{4E4FC17C-B48A-4B37-89FD-F3A32A8E4835}"
"ccSvcHst_UserSession_3688"="{B0F11937-C734-493A-9467-D9C33F8E69BB}"
"ccSvcHst_UserSession_1200"="{49FF89AF-41A2-4590-BA1A-DCAE1C1DA2BE}"
"ccSvcHst_UserSession_2880"="{09E7ABCF-8F7C-412B-AB18-3ED1E334935A}"
"ccSvcHst_UserSession_3296"="{76E19C1A-8C44-46C8-8F35-F0E0CC335D8D}"
"ccSvcHst_UserSession_2412"="{E90C0DE4-8EFD-4256-A805-CB8ACD538E4D}"
"ccSvcHst_UserSession_4132"="{7C68487F-1A19-408B-8BCF-66370DAEE0DD}"
"ccSvcHst_UserSession_3972"="{9A6A32D4-EE70-4803-9347-F827187538B8}"
"ccSvcHst_UserSession_3852"="{7F24C2E0-610F-433E-9700-84240B91D14E}"
"ccSvcHst_UserSession_4032"="{B0FFE110-B93A-4E35-84A7-B77A047012B6}"
"ccSvcHst_UserSession_3840"="{8A6F1EEA-2792-4BDD-8164-C4832D388BD6}"
"ccSvcHst_UserSession_3024"="{FD315B1D-C557-4E3C-BD8A-AA7510BCD0DF}"
"ccSvcHst_UserSession_4192"="{A3A9BDFD-5D53-4D30-AEA3-952EB72579BF}"
"ccSvcHst_UserSession_2548"="{7DD7AE51-748A-4E30-9A72-F7F57018589A}"
"ccSvcHst_UserSession_3048"="{0B924456-2C3D-4975-B97B-7AAF444BF0D1}"
"ccSvcHst_UserSession_3016"="{5406F7EE-BA6D-44D8-B0DF-DDA0A4727FB4}"
"ccSvcHst_UserSession_3248"="{53FFC29B-9F5E-4608-9F98-E965D1540205}"
"ccSvcHst_UserSession_2532"="{E325D0D2-28E6-4DC6-B915-7C795D625EA6}"
"ccSvcHst_UserSession_2144"="{FDB78703-B456-4833-B814-70AC7EA6E0DC}"
"ccSvcHst_Norton Internet Security"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"g_coVistaProxyChannel"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccSvcHst_UserSession_3816"="{B167D63C-3B8F-4723-A2EE-E0C5729D236F}"
"uiPerf_Service_Channel"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccGenericEvent_Global_EM"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"IPS_COMMAND_CHANNEL"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccGenericEvent_Global_LM"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"SNDServiceRequestChannel"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"SNDLocationChannel"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccGenericLog_Manager"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccSettingsService"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"FWAlert"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"_AvProdSvcComm_"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"_isDataPrComm_"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"SymRedirSvcRequestChannel"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"NortonNetServiceIPC"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"NetMapServiceIPC"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"BashIPCChannel"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"_StatisticsCommand_"="{75A4EB11-AEBC-4448-B886-337DE4C40865}"
"ccSvcHst_UserSession_3264"="{DFFABAA9-D086-4FC0-BD16-4486A6FB281A}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"AvProdSession_01"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"AvProdSession_Options_01"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"AvProdSession_Scanless_01"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"clt::AlertChannel2_01"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"AccountServices_1"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"FormHandler_1"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"TRUSTCHANNEL"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"SDKCHANNEL1"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"ToasterNotify\\SessionID_1"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
"_TrustSvcComm_"="{F6AA66C4-5740-4F99-ACAD-A696786D4AD9}"
"ccSvcHst_UserSession_3556"="{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{9F0FF90B-20E6-42F9-A210-CA2E316C8640}"=""
"{A4CC8776-1611-45D6-8858-8A0F6D7A09C3}"=""
"{672130B8-76F1-4447-98AA-43F4331D7FD3}"=""
"{B968EE7D-EC82-4734-BB45-F15253793F81}"=""
"{88267557-71AB-4D9B-9825-928CD3FF1DC5}"=""
"{CB11351C-A19F-4AFB-8984-3FED8351FA23}"=""
"{53E8B147-AC1A-4F47-8616-24438946D997}"=""
"{DC2D7039-E173-41FD-92E5-838BBD30F58B}"=""
"{503DA854-74E5-42F7-A55F-EE84F5A20AD9}"=""
"{D8F3A3AF-3E83-4F8D-9484-15F5B3BE409F}"=""
"{630FAF7E-C7D9-4AAB-9FA6-A27A34E2FB52}"=""
"{CBB4C921-1A91-49D6-8F08-B1010C7BB4C2}"=""
"{15004979-1C16-4C03-A5F4-3D298C6FF724}"=""
"{8F018A82-60B2-47A6-BA8D-D41BA591BC5C}"=""
"{22ADA447-4691-476C-95B0-6B5C8CB33C11}"=""
"{07495AE8-B5D7-496F-8C4E-B359B948316A}"=""
"{48938E6F-151B-4775-AAFE-375B9EA67B81}"=""
"{191AD230-9B2E-45AE-8D50-2A6BDAC27949}"=""
"{9B0C6397-B89D-4E53-BDB6-2AD4E1837B74}"=""
"{DB4B2D11-9437-4A2A-84AD-8C9E0A30EBC2}"=""
"{4E400E73-CD34-4938-8B23-7B2EBB6ED38B}"=""
"{CE9F6C34-CA7F-4A93-8A57-14112153F2D5}"=""
"{E78F57D1-B54B-40D1-B31B-F55812369099}"=""
"{D300D342-B57E-4056-88E7-F85C4075D430}"=""
"{221E7C3C-3A1F-42DE-BEC1-CA1667B387EE}"=""
"{E3E2917C-A96F-44F2-98FA-94276DE32EF8}"=""
"{420B3E94-6B7C-4F36-8D59-56BDE3EF183C}"=""
"{1058FBF2-6A62-40DF-9278-DF949834F45C}"=""
"{27627148-EFAD-4BA8-9C1D-3FFBFA043E95}"=""
"{88B54BEA-A27D-4A06-8E4F-C69693F8D06F}"=""
"{9E8ADCC1-ABB1-4C69-B3CA-CF4A29AB96FC}"=""
"{B7401DC1-1ABC-4385-9783-E4D27BDA11ED}"=""
"{2092E0E8-F17D-4854-B260-C31CF7D1468D}"=""
"{B5C565A2-C405-44E2-9D14-92E86DEF445B}"=""
"{A2589219-2F0C-4ED7-966E-CD2A17B27C49}"=""
"{E0B936ED-636F-44FC-A1DA-E40EF9B8ADC5}"=""
"{2F3D02AC-6D08-42A5-AD93-D54A0CBE72AC}"=""
"{485E5A32-DCBF-4278-B281-B72332293E1D}"=""
"{9E848AF3-6738-4D71-8D5C-4BBCF0442BB9}"=""
"{D20A3DC4-8619-4584-8928-F6FAC3689D59}"=""
"{F3102E4F-32AC-4262-A0DE-CE4A471FEC76}"=""
"{4F315E8A-C408-412B-B26C-3D21A223445B}"=""
"{BCB55CB4-0E9C-4FF6-8DC6-F898A73D5D8D}"=""
"{CB846200-229E-4CD9-8FE0-C2AD3EA5FD2F}"=""
"{C822F78D-2592-485D-91C3-CC4FBF68718D}"=""
"{D8A174A5-EF80-4EC4-9CD0-C734FAB64A70}"=""
"{72C98FA3-3E16-4133-AB98-24D5D12B4EF5}"=""
"{0DB37BD8-E89A-440D-A855-EA78046911A1}"=""
"{882E3043-49CE-4387-8D37-62E8C269CB6D}"=""
"{8FD0F421-0FBC-48CB-9AA8-D1A02A614CC8}"=""
"{E81D0367-1016-43E7-BF64-DEFC6C28B010}"=""
"{6BC59E7F-52B3-419D-AB6F-2668453029D9}"=""
"{3EDBF3BD-19EF-46CA-BF69-90C9DD0646C4}"=""
"{B3571B9E-5831-43F0-B369-F77B976C980C}"=""
"{7A297456-C15D-4121-B7C9-0D98422884C5}"=""
"{A280CAAA-09C4-4E90-BE20-90E23DB073DD}"=""
"{4B00DC8F-E4BF-41FA-81E1-D6E3AC101707}"=""
"{FC94E6BC-7992-4DE7-8C7B-2B570B4AAC3A}"=""
"{FC7BCB63-9473-42FD-98E4-D6DD1A2B6DCB}"=""
"{54333434-2238-488E-B273-9F824FACCD0D}"=""
"{9BF6DCEA-1768-4BA9-983F-CC46FB4A1722}"=""
"{850F024A-06DC-4B9F-9825-520CBC7DEC06}"=""
"{04EFB1C1-8504-49F7-AF21-1119D48EBF91}"=""
"{1B1DCD59-C840-4AB6-A949-8F4C2D467968}"=""
"{70CCEABD-168C-4B1E-A663-F50DBAAD970F}"=""
"{6ACF4620-823C-46DE-8A1C-E9161A0E65DE}"=""
"{46CDB58F-5BD7-4A43-921D-6CF24B0A59D7}"=""
"{0059443A-A9AE-4B36-A293-9307FECC213A}"=""
"{538EC68E-C552-46EF-8050-003D7BDFA4C1}"=""
"{16DB09AD-2803-4418-9E97-4939E27707CC}"=""
"{2DC077AC-B352-4A9D-A412-AB9C5E8280E3}"=""
"{432165CA-D885-45B6-83EE-D14259E99015}"=""
"{0977EEDC-C294-4E40-A013-9099105332B7}"=""
"{704C6B9B-C0B5-4C29-A297-2D314CEA1131}"=""
"{F0BFD0E3-5A5C-4154-9299-AC01CC9EF84D}"=""
"{3820CA43-73F8-48E8-818B-500CF07FA186}"=""
"{852A9A8A-3D71-477E-BD3C-1B3F91045B35}"=""
"{129A37C7-9915-43B7-A8E1-AC3C72000CC4}"=""
"{1E23088A-CBC9-452E-827A-5FD79B510338}"=""
"{2A68F492-7430-4F99-8CAF-34EB529259F3}"=""
"{D0744C91-6BC4-420C-B6E0-62D941425387}"=""
"{BDFE81F4-D004-4AFA-A8D7-E51EF90AE388}"=""
"{A0A6C372-2364-42B3-BE8E-86BA64D5808A}"=""
"{68B22D62-B54D-4745-90AA-78B5938E8AA6}"=""
"{553D9364-68D4-464B-9B8A-03FF0265E72E}"=""
"{4E1815C5-144B-497E-84F8-0E9675093F60}"=""
"{412A1BD5-F4CD-4473-ADC7-8D4F35383FD8}"=""
"{6F0BA817-A92F-410B-AC0D-2C92C9056236}"=""
"{ACF2236A-0F46-437F-986C-36DFB3C4E3F6}"=""
"{246E0F75-71B7-4645-A34D-34C21B1490AA}"=""
"{56BA44D8-F081-445D-8153-97D815C7E576}"=""
"{F3CCC7B2-9F6B-42E4-8731-7804E136FA53}"=""
"{8A705536-BA53-4866-B2BF-A1C88AE775EF}"=""
"{A7D9FAD2-4695-4656-A4B4-DEF63F11EE93}"=""
"{553E5824-802A-40EF-9A2C-C16564F4F92B}"=""
"{1B8D5058-1608-4CE5-9F5A-8257B69D4ADB}"=""
"{B49F3B79-329B-4E2A-B38F-25E738839D14}"=""
"{3E887819-6A3F-4515-9A1A-8714581474C4}"=""
"{E7F5438B-5AC7-457C-B8D2-50E44A957600}"=""
"{DA1AAD70-3F0B-4221-B049-EFB54714DB5A}"=""
"{DBB447D1-B9B9-45FF-8525-5553BEAC01CD}"=""
"{140868DC-BA27-45B6-9BDF-1A4624B08242}"=""
"{76548AC6-97C2-4674-B3D8-793848AA466D}"=""
"{B7C3A88B-6E94-4F19-A8FF-A297EC78C889}"=""
"{0F70F206-76B3-4F5B-8B27-B96C0D8DF507}"=""
"{73C635E7-BFBE-432F-B848-0FC0B5502E18}"=""
"{BCF07942-CF69-43B6-BB7D-8F1B7F1C0D91}"=""
"{42FF06C5-F71C-4C86-9D24-9AEA206ADD9E}"=""
"{13C0BBF7-0789-4F9C-81FB-8B3BEDCA7E50}"=""
"{39AFB945-EC94-497A-A908-2D21FB26E09D}"=""
"{5D495CCE-0D68-4585-8E9E-88BFCA06AF43}"=""
"{784A430F-D642-4EF6-9312-2340B5E6010C}"=""
"{E7992C7F-07BE-415E-BD75-0200F5FA28AC}"=""
"{76D8E488-7548-4EB0-9E1F-7BAF9BFB435A}"=""
"{60DCBD0F-9CA8-43CC-BCC6-E1372202EA96}"=""
"{1427A996-E597-4826-A544-CB82A5ED3649}"=""
"{D1D2F731-A3FC-49EF-9D07-BD3002B20EE6}"=""
"{1F2CC5C3-05D0-4BF1-BA1E-8424DF297033}"=""
"{BEF6557B-BE53-4ED9-9746-4BBFFE882BEE}"=""
"{8BC1C643-04B2-4007-80BE-48C96AE33BE8}"=""
"{08B06FCF-C5CE-4031-8C35-FA23E471A6E7}"=""
"{BB6F8167-4EC0-445B-9A9C-F6845DFE8E62}"=""
"{199C1F31-BD81-44E8-B983-56A0391F410D}"=""
"{40DD1CAE-689B-496B-8A89-A6E7A2A456AB}"=""
"{0F730320-1D35-4588-BB41-541C0CA3FCA0}"=""
"{6795F361-E201-4671-A488-7D9B1251E420}"=""
"{9151E407-16EB-4E08-8523-60CC91DC9EC6}"=""
"{CE404B10-D600-4274-8BF3-BA51EB3DEE48}"=""
"{FC3311AC-2F76-4423-864C-32ABABC5B611}"=""
"{2F25A64D-6BED-4712-8BC6-71430E53024C}"=""
"{773E68C0-1999-4F52-866D-E36DE26A900B}"=""
"{EDBA5CEB-BBEE-4D6C-9CCF-50350C052980}"=""
"{28AC12DD-C367-47AB-B549-A5BB0CA46382}"=""
"{47BCC6DB-298F-4D2C-AE4D-B1CF5930D059}"=""
"{C09A4662-C1F9-4D91-8C58-D9D96351D09D}"=""
"{75180E99-6800-4D6C-A5C1-D39C370C7FBA}"=""
"{D0BE3CA3-93D6-43E4-B9F8-DCEE1B217368}"=""
"{492FC921-9F7C-490D-92C9-C8EAE76A12C6}"=""
"{69692285-1163-4C49-8645-1EF9F09C870F}"=""
"{7C8C52EA-350E-4A11-9F74-B53FB8FFE54E}"=""
"{50B980B0-B213-4798-8174-C75E0C99637B}"=""
"{B8118D1B-F0CB-47AD-9141-B24399290680}"=""
"{E8F5D968-786D-425E-901D-72E26C33F080}"=""
"{6540049D-0F6F-4A7E-8AEA-9619355FAE6D}"=""
"{27339881-9792-4997-8F69-12BE4932BEE7}"=""
"{C741B03D-A09F-4C67-9EE1-5E52D84BFBE9}"=""
"{97C734AF-4EB1-4A0E-A258-938BDDF72951}"=""
"{45490BEC-0B9C-4036-8E61-80D39E65F512}"=""
"{681857A1-0474-4F79-A549-A87782E1E763}"=""
"{26EAB59D-D097-4BD4-A38A-458B77C0D395}"=""
"{55169BD7-EFCC-41F7-9ACA-D4161D02E436}"=""
"{CCB85F4E-3F5B-4AFA-A71E-FF64FBEE3B93}"=""
"{E8BB70AB-D6B5-4E7F-BAE1-E0742D904086}"=""
"{2192AFCE-E436-4DE1-8305-7941CA51D541}"=""
"{4D135B82-3571-40BD-A633-1413062E5F46}"=""
"{64E026AB-E30F-4713-BC1E-179FA41AF489}"=""
"{2CE02772-AA4A-4681-8FC3-127C6F821924}"=""
"{67EBD247-8286-4C6A-9ED3-610C1C1E8F4D}"=""
"{AD23E8B0-EAA1-46E8-AFF4-8730B5060098}"=""
"{D2AA9896-A3EB-42C0-B2B0-AC7938F5D2DB}"=""
"{AC6C4AA8-DB70-4415-8267-64ACEA7614D0}"=""
"{631D85D6-278F-41F7-B773-B2630A5B3BA3}"=""
"{3B5EEC30-EAB1-43DE-8B91-5EB22D419D0A}"=""
"{FD0AAD88-7F4C-4CDA-A309-CABD0DF01CED}"=""
"{40309BF8-C5B5-472D-8F0E-64E797476E14}"=""
"{5389691F-53A8-41AC-81C6-981F3877F2EC}"=""
"{4E4FC17C-B48A-4B37-89FD-F3A32A8E4835}"=""
"{D9455A50-6B8D-4BF6-9FA6-32C8B5DB469C}"=""
"{B0F11937-C734-493A-9467-D9C33F8E69BB}"=""
"{51025FBD-ED92-456E-92F1-1B660B59167C}"=""
"{49FF89AF-41A2-4590-BA1A-DCAE1C1DA2BE}"=""
"{15128497-5BA7-4380-B9C8-F90C277515C7}"=""
"{09E7ABCF-8F7C-412B-AB18-3ED1E334935A}"=""
"{F2D90B7D-92F2-437E-BC15-6913F9024D50}"=""
"{DA2D4243-7A12-44C0-AFBF-0913F9E3C38B}"=""
"{FF485E4B-3E35-47A1-8AA4-A372CDECE980}"=""
"{76E19C1A-8C44-46C8-8F35-F0E0CC335D8D}"=""
"{B278D534-82F5-432F-992D-624B2C62F48C}"=""
"{3E706194-F8D1-47F6-AD2B-2C6A3402836B}"=""
"{CEB3F1EF-E79A-4FF9-9991-586F441950E6}"=""
"{7E5ADC8C-DBE7-48A0-ABB9-D7718FFD3E82}"=""
"{20860BE7-F3FB-43FD-BD5D-F113E18CAF95}"=""
"{E90C0DE4-8EFD-4256-A805-CB8ACD538E4D}"=""
"{66386AA7-BBDF-4BC1-BCB2-6F6639DB2A0D}"=""
"{7C68487F-1A19-408B-8BCF-66370DAEE0DD}"=""
"{BAC42240-B8DE-406A-8AB7-EBE3A985C301}"=""
"{4EC52BF0-5F0C-4259-8918-31C7074E3224}"=""
"{2021C1E7-832D-442E-A8E4-92B565A0606E}"=""
"{89514252-5EF1-42B7-A59F-5AAEAF0FCF14}"=""
"{68B3F605-EE75-4DFB-951E-98D9726CC72F}"=""
"{9A6A32D4-EE70-4803-9347-F827187538B8}"=""
"{6853C70E-1450-4D4E-B0BE-52263CAEF436}"=""
"{7F24C2E0-610F-433E-9700-84240B91D14E}"=""
"{8A475A09-0EF6-4532-AD38-BCFF520DFE56}"=""
"{B0FFE110-B93A-4E35-84A7-B77A047012B6}"=""
"{79142DF1-8D02-4235-90DB-09E72C5ACA07}"=""
"{8A6F1EEA-2792-4BDD-8164-C4832D388BD6}"=""
"{E4942FFF-606B-4E27-8AC7-639B2063699E}"=""
"{F2024EBF-E7C4-46F5-8363-416092DCB9C7}"=""
"{6DBF7AAA-5111-46F3-A702-D8C8B6BCE530}"=""
"{FD315B1D-C557-4E3C-BD8A-AA7510BCD0DF}"=""
"{C1395F32-3BFA-4C35-B852-FB383E566C76}"=""
"{A3A9BDFD-5D53-4D30-AEA3-952EB72579BF}"=""
"{64597E6D-78A5-4E81-8673-6CB0D2A89971}"=""
"{1D9EB339-7294-4E74-B673-2A8BECD4E34C}"=""
"{CA36DB08-5F42-4588-AE64-51B78BA9BEC8}"=""
"{6C288A1A-FE36-4B36-9044-165463642461}"=""
"{22822BD0-2A27-46E8-86E0-E26C9BB9AC53}"=""
"{AAFC46FF-45FC-45DD-9A2D-68408C150F6A}"=""
"{24A4F7D0-9D0C-4083-8615-53891575A38C}"=""
"{011F8D86-11BA-45AA-9954-198F44F00CD4}"=""
"{AF588C78-60B5-4051-8B28-641138E1DAB1}"=""
"{F4C3B1F4-D021-4D56-9518-A5FB72842B73}"=""
"{9E5E35B0-1B6A-46A4-B312-8DAE541D6906}"=""
"{C71AF915-CDC0-46D8-AA37-1D9FBA54146F}"=""
"{C1D53CA5-E020-4BF2-BE4F-509AD998507D}"=""
"{E3D9214A-4E01-454A-A194-C9AB305B40CF}"=""
"{643D0950-7ACF-46B3-AAA8-C42D2EC2A41F}"=""
"{18D6F609-C2F2-4C08-8868-820533A3F559}"=""
"{4709374E-C9F3-4366-85D5-A0618320470D}"=""
"{83951C78-C23E-4A9E-8014-461731888CEF}"=""
"{2F3F4DB9-D270-43D6-A390-00D865CE74EB}"=""
"{7DD7AE51-748A-4E30-9A72-F7F57018589A}"=""
"{844F9AC2-A2D4-4B29-BC9D-6FBBF2A7CBDA}"=""
"{F12FFF35-1369-4503-AE0F-38E8D17EA434}"=""
"{E9D781C1-1173-4530-9D54-6753AF2F6275}"=""
"{CB2BDF12-7829-45A5-8BAC-AA4F383346D8}"=""
"{41E63704-D778-4186-A9F2-96454351B392}"=""
"{0B76C793-FF89-45AF-A593-E48F16D55DFA}"=""
"{6E8098E1-3474-4886-800B-F5F4ADC33973}"=""
"{52F6AD1F-7E5A-4550-858B-801A7639187A}"=""
"{4365A5CC-BD98-4464-9600-D49721E25256}"=""
"{D56A7279-7693-42EB-A7AF-D09D7DBF9C7B}"=""
"{DB2F9818-B50A-452B-9FC3-31DEDDDC4A8B}"=""
"{7BC78F62-D67D-4589-9366-C3CD35853E1E}"=""
"{29AC7FD6-01C6-4413-921C-3DD73F6678EE}"=""
"{405BEB99-B754-40DE-B71A-CB55D90BEC64}"=""
"{4B80B906-8651-4AB6-B945-35FC71C27A8A}"=""
"{F355E787-E8D2-4923-A481-06AB2428B0F7}"=""
"{637DA929-8792-4161-B5F5-F9BDF02D2175}"=""
"{9397A2B9-F84A-4355-8EB5-188C2ECDC5D4}"=""
"{A7BD6DF8-96D7-40F7-87F5-DA43D156D5D2}"=""
"{F75B2474-CD9A-40EF-A789-3A149D92DAB3}"=""
"{33539537-8BA1-41CE-952E-F2CC56A8CB34}"=""
"{7414F2CC-2BA5-40AD-B556-DF1D171419E2}"=""
"{6AA76BC1-1BF9-4AE4-9CC0-D196B457BE57}"=""
"{D38BBB9C-BE9C-489A-8604-3CE09DE6E115}"=""
"{457788C2-7672-46CB-A53E-D94F8B1F3718}"=""
"{0B924456-2C3D-4975-B97B-7AAF444BF0D1}"=""
"{5414E463-6CA8-475D-AE99-3406D8FF1BC9}"=""
"{BDAE3209-7FFF-4A06-BA81-DE6683425542}"=""
"{74CFAE8B-440E-48F1-9206-43352852D01A}"=""
"{5406F7EE-BA6D-44D8-B0DF-DDA0A4727FB4}"=""
"{31EBD8FC-16D7-42D2-8FB1-2C40F732E09B}"=""
"{9EE0C333-E715-493F-AFCC-6B9764058F7A}"=""
"{2E467427-01F3-4A8B-897C-480CCE8E1834}"=""
"{60B0D6DE-BE8E-4B02-B723-23E2504F98ED}"=""
"{C3B1640F-9BA1-41B9-94EF-E6B62ECE112C}"=""
"{A1541E93-210B-45C3-A023-8DB31E952267}"=""
"{2E49414D-3A60-4D8B-9868-0B7EE87AD471}"=""
"{80526C75-A7D4-4F8C-94CA-8307DED63714}"=""
"{F98DC5DB-4F6C-4BFD-B8B7-0ECF7BA3894E}"=""
"{1A837074-1294-4240-BFB8-9EE43E2F6255}"=""
"{B3B66260-21A3-44A0-A47A-375EC3F9BA46}"=""
"{A221C442-D84C-428D-A098-893634BA133C}"=""
"{B08D4405-D999-4F45-8194-51745290F62A}"=""
"{5364790B-0F4A-4468-8E6F-FA4F8500E4DF}"=""
"{C7C78FF2-E481-44FF-96AC-EDA3AF7C180C}"=""
"{6CCE3F3A-E998-4680-9D41-B0478888D3FA}"=""
"{659D4B59-E8A6-4861-A853-83D0A62D0B9F}"=""
"{49D1AD76-CE04-448D-9CC5-E1AEE7EACFB3}"=""
"{11A59D40-51C8-4F52-9DD7-333621716235}"=""
"{7829960D-F4F0-4A67-9E1F-CA9CCE5C5FFA}"=""
"{53E6A879-CE22-45E9-A197-6DF6DEF7A325}"=""
"{AFA8BB45-EB96-4857-B1E4-E7580C99BDAB}"=""
"{3FC5D5CE-AC1E-40DF-B6F6-5D5CEA23509B}"=""
"{DEB42CD4-D180-4820-9293-940FD5C0A93C}"=""
"{5028F470-CBAB-44AC-87E5-36EA7154E03D}"=""
"{608721A4-104F-4D7C-976E-51CB61860B5E}"=""
"{C9E3B556-5D54-42A8-A099-1119DA111491}"=""
"{AE54B878-3516-45A4-BC05-E13F363B5ECF}"=""
"{2C8FF766-824C-4E74-B105-4D8D31288617}"=""
"{658E7CDC-1257-4CFF-94DA-DFDF9A98F867}"=""
"{49427641-BB23-4676-A30D-E72E71B4FE6E}"=""
"{6DB5CC27-A523-484B-AB53-C549D0716327}"=""
"{1DA43218-A77E-41FE-8FD9-0F5233793DC3}"=""
"{66F9EFC7-0048-4A98-A436-C2C03812A123}"=""
"{E45138EA-B131-4140-A75D-3A9D36D2F8FB}"=""
"{53FFC29B-9F5E-4608-9F98-E965D1540205}"=""
"{E9A1D25C-4339-42D3-89A7-ED32B5229C07}"=""
"{131B3553-E4B0-430F-8302-CBB8E7D81FF4}"=""
"{6E7B94C9-0054-4578-A259-05285FCC31D2}"=""
"{6E984AE8-DFEB-4E46-A755-C2BA2E7ACB7C}"=""
"{73CF1533-0B36-482B-A7ED-24FDDD856DC2}"=""
"{2D03A2FC-5487-4C8A-9178-A2B19969432E}"=""
"{B6F1D9F6-F371-40D3-96C2-59D623C1EDF4}"=""
"{D6152706-A282-4E9C-9B3E-412450A3024A}"=""
"{F8D74CC7-4422-4067-81C0-203BE11B0CAD}"=""
"{E97C973A-BF8E-4E91-808A-8B6F19CA13BE}"=""
"{F0E0041A-F13A-4EA4-B56B-F71C8CF03A67}"=""
"{8DED6959-7C5E-4F7F-8390-2E3CC8F2B372}"=""
"{4419FC0D-D509-4323-96DF-B05DC73A52A4}"=""
"{2FECE8AA-B87E-418D-8DB0-F49C1BCADAF3}"=""
"{1EE74341-1F88-4C63-B4F4-5F2C4607627A}"=""
"{000ED14C-D29F-429F-AC48-AF40D5AA0EDD}"=""
"{C96E061F-B039-4EA2-AB4E-5E413B1CD46A}"=""
"{0F6D1199-7602-4C75-87C0-D0B05970C93D}"=""
"{F3A45CEE-6C2A-4A09-8654-B46FE5554233}"=""
"{721B18FF-021D-4280-A225-35EF87F12255}"=""
"{EC9CC09C-F2A7-468F-ADEF-D0D24887F4F8}"=""
"{0ACD5C2C-90D0-4079-A480-CD48653566F4}"=""
"{666C099B-859D-46B3-A362-4400D83F3BF4}"=""
"{F49A612B-D568-4028-AD24-8B7E6CD0BFF1}"=""
"{2B7E6F8D-AB6A-4753-804A-73421BC48686}"=""
"{66E9B5EA-2DE5-47B8-83AB-2D3CD5F401AC}"=""
"{FD518281-1FBA-44CF-976F-663BCD8A46BF}"=""
"{ED3EDF8B-A187-4D40-A370-4D5D3A96C868}"=""
"{224A904B-2193-4F41-B53A-8123F7BC642F}"=""
"{B980E84F-25FF-497A-A04B-7016D5B96A53}"=""
"{CF1F9E6E-9FF5-4C9A-B1D2-28B03E2245F6}"=""
"{A93C46B6-E84A-4FA3-A56A-B985B89A1526}"=""
"{3FC953AB-C922-4D9C-B299-D5EBEA5CC92B}"=""
"{C8291886-43BD-4C37-BF40-2DDD15751B3F}"=""
"{48FC7F14-A552-4589-B5DC-79D934CD1AA9}"=""
"{2E5F4699-CE7A-41CA-87D4-F8DB31EE2C62}"=""
"{61F0650D-5949-45A9-B418-F15A0F16C874}"=""
"{61C6A767-6E2C-4B11-92E9-0F4932791107}"=""
"{9A09A0EA-D9DA-4263-83EC-F4B007E606EE}"=""
"{B753120F-B524-4C11-8D94-66EB26E10F75}"=""
"{2BBB4B92-4741-46B0-A9E3-BE4BFB130586}"=""
"{9BE0B30E-5C65-4661-BBE9-BDF94362232A}"=""
"{5E078E5B-678E-4F25-A8D1-6E927E8525D0}"=""
"{763896C5-4D8D-4999-94E8-B30301AC54EE}"=""
"{494CC43D-F3DB-4DB4-903F-A99C44E5386D}"=""
"{3E40DF31-868F-4A70-A0E3-542733112E83}"=""
"{0E846FDD-C024-44AA-B064-54315BD4F04A}"=""
"{F295A979-569B-42EE-B1A0-A717F56D1EA6}"=""
"{FDDE5905-5BBC-4D59-81D6-09D0EF7D2F01}"=""
"{E325D0D2-28E6-4DC6-B915-7C795D625EA6}"=""
"{CB743676-58F4-4EC7-816F-F6AF088BB744}"=""
"{66DE87D3-5E6C-4ED2-B346-03A11F82210E}"=""
"{98B9AFFC-F9B8-4FA8-B621-9354299CE6EB}"=""
"{FDB78703-B456-4833-B814-70AC7EA6E0DC}"=""
"{EB73CD0A-6044-482F-AE6A-ED05378D90F1}"=""
"{FD9AA2AB-0DA1-4039-9190-A3D611E85C82}"=""
"{B70C2339-8DD4-4E37-BFC4-16062DC64027}"=""
"{59E59F53-D17D-44A5-89A2-608A43878305}"=""
"{D7F079A5-8FB8-4706-A867-B3E83202109A}"=""
"{B167D63C-3B8F-4723-A2EE-E0C5729D236F}"=""
"{FBEF55B1-990D-4490-A61F-B7CF1CFC1D8F}"=""
"{A87FFD6D-30AE-4DB4-9086-1CC40244B7C2}"=""
"{F6AA66C4-5740-4F99-ACAD-A696786D4AD9}"=""
"{DFFABAA9-D086-4FC0-BD16-4486A6FB281A}"=""
"{75A4EB11-AEBC-4448-B886-337DE4C40865}"=""
"{D01AE040-7B76-4EE5-9D83-323FCD03F84D}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WDBtnMgr.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-13 12:44:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 16:44
.
Pre-Run: 51,209,457,664 bytes free
Post-Run: 51,926,454,272 bytes free
.
- - End Of File - - DCF321E2DE13C32DFED4340AE2612B90

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:24 PM

Posted 13 April 2012 - 07:08 PM

Hi josh,



I have a question for you. Did you purposely install GoToAssist 8.0.0.514?
If not I suggest you to uninstall it VIA "uninstall a program" from the Control Panel, since this is some king of Remote support service.



Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 10.1.3 to your PC's desktop.

* Uninstall Adobe Reader 9.5.0 via Start => Control Panel > Uninstall a program
* Install the new downloaded updated software.


Note: Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
Posted Image



Note: Adobe Reader X is a large program and if you prefer a smaller program you can get Foxit Reader 5.1.4 Build 0104 instead.

Foxit Reader 5.1.4 Build 0104 offer 5 levels of security. Click Me for more information.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.





Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

  • Download the latest version of Java SE 7u3.
  • Click the Java SE 7u3 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u3-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u3-windows-i586.exe and select "Run as an Administrator.")




Your Mozilla Firefox is out of date!

You can download and install the latest version 11 from here.
I would recommend you to do a backup of your existing profile using Mozbackup before you proceed with the update (just in case).




Combofix got rid of some of the baddies. How are the things now ?
Let's do some additional scans to locate/remove any remaining malware.



Run Scan with Malwarebytes



I see you have Malwarebytes' Anti-Malware installed on your computer.
Please start the application by double-click on it's icon.
Once the program has loaded go to the UPDATE tab and check for updates.
When the update is complete, select the Scanner tab
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to a convenient location and post the results in your next reply.





Please download aswMBR.exe to your desktop.

  • Double click the aswMBR.exe icon to run it.
  • The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  • When it's done in the AV Scan drop down options choose C:\
    Posted Image
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note - do NOT attempt any Fix or FixMBR yet.




  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
    %windir%\temp\*.*
    %windir%\system32\*.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC_32\*.* /S /MD5
    %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
    /md5start
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    hlp.dat
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Edited by B-boy/StyLe/, 13 April 2012 - 07:16 PM.

cXfZ4wS.png


#5 josh131

josh131
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 15 April 2012 - 09:12 AM

Due to it's size, this reply is divided into multiple parts.

I believe the GoToAssist 8.0.0.514 application was pre-installed on the computer when I purchased it from Dell. As you stated, it's a tool for Dell to provide remote technical support. I've never used it. I don't know whether this changes your viewpoint on whether to install/uninstall. At this point, I have not removed it.

I updated Adobe Reader, Java, and Firefox based on your instructions.

I executed a Quick Scan with Malwarebytes. The log is below:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anthony :: ANTHONY-PC [administrator]

Protection: Enabled

4/14/2012 4:53:52 PM
mbam-log-2012-04-14 (16-53-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199089
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


NOTE: I also executed a Full Scan with Malwarebytes. On doing this I received the 'blue screen' during the scan. I executed a Full Scan a second time and also received the 'blue screen' during the scan. I have not encountered this with Malwarebytes in the past. It may be worth noting that a new version of the Malwarebytes software installed yesterday. I'm unsure if this may be the cause of the issue. Because of the issues I had with Malwarebytes, I peformed a Full Scan with Norton Internet Security and this scan completed with no problems. I'm uncertain if the issue I encountered with Malwarebytes is anything with which I should be concerned.


The log file for the aswMBR.exe is below:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-14 18:39:41
-----------------------------
18:39:41.562 OS Version: Windows 6.1.7601 Service Pack 1
18:39:41.562 Number of processors: 4 586 0xF0B
18:39:41.578 ComputerName: ANTHONY-PC UserName: Anthony
18:39:43.232 Initialize success
18:39:47.319 AVAST engine defs: 12041401
18:39:53.871 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:39:53.871 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:39:53.996 Disk 0 MBR read successfully
18:39:53.996 Disk 0 MBR scan
18:39:53.996 Disk 0 Windows 7 default MBR code
18:39:54.027 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
18:39:54.058 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
18:39:54.089 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
18:39:54.167 Disk 0 scanning sectors +976771072
18:39:54.401 Disk 0 scanning C:\Windows\system32\drivers
18:40:53.628 Service scanning
18:41:12.614 Modules scanning
18:42:36.825 Disk 0 trace - called modules:
18:42:37.386 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:42:37.386 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7e030]
18:42:37.402 3 CLASSPNP.SYS[8b77c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86838028]
18:42:39.523 AVAST engine scan C:\
04:42:34.782 Scan finished successfully
06:45:12.410 Disk 0 MBR has been saved successfully to "C:\Users\Anthony\Desktop\Security Programs\Bleeping Computer\MBR.dat"
06:45:12.410 The log file has been saved successfully to "C:\Users\Anthony\Desktop\Security Programs\Bleeping Computer\aswMBR2.txt"


Remainder of reply is contained in next post.

Edited by josh131, 15 April 2012 - 09:39 AM.


#6 josh131

josh131
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 15 April 2012 - 09:34 AM

Again, due to size constraints, multiple replies are required.

Apparently, the OTL report is too long for a single post, so it's divided into two posts.

Here is the the OTL report:

OTL logfile created on: 4/15/2012 6:49:41 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Anthony\Desktop\Security Programs\Bleeping Computer
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 42.89% Memory free
5.99 Gb Paging File | 4.08 Gb Available in Paging File | 68.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 46.94 Gb Free Space | 10.42% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.03 Gb Free Space | 66.87% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 16.17 Gb Free Space | 1.74% Space Free | Partition Type: FAT32

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 16:54:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Desktop\Security Programs\Bleeping Computer\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/23 23:36:11 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/04/24 14:01:00 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
PRC - [2011/03/09 01:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 01:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/07/14 21:20:03 | 000,818,888 | ---- | M] (Meebo, Inc.) -- C:\Users\Anthony\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe
PRC - [2010/01/04 21:24:24 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2009/12/02 03:03:00 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/10/25 13:29:29 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
PRC - [2009/10/10 08:49:39 | 000,518,144 | ---- | M] (Brother International) -- C:\Program Files\Brother\DSmobileSCAN II\DSmobileSCAN.exe
PRC - [2009/08/18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/12/19 10:19:52 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/12 04:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 04:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/08/23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/07/18 16:15:08 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 04:29:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 04:28:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/15 04:20:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/26 19:42:31 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2007/08/23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
MOD - [2007/07/18 16:15:08 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2010/05/13 03:01:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/02 03:03:00 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/08/18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/12/04 14:04:06 | 000,423,576 | ---- | M] (Whale Communications, a Microsoft subsidiary) [On_Demand | Stopped] -- C:\Windows\Downloaded Program Files\DMService.exe -- (DMService)
SRV - [2008/10/24 01:15:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/14 11:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 11:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 11:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/12 04:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Anthony\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Anthony\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 17:04:10 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120413.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/02/03 05:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 05:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/10 21:16:19 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP)
DRV - [2011/09/21 20:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI)
DRV - [2011/09/21 20:35:58 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symfw.sys -- (SYMFW)
DRV - [2011/09/21 20:35:58 | 000,048,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symndisv.sys -- (SYMNDISV)
DRV - [2011/08/03 04:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120413.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120413.025\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/08/22 03:28:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA)
DRV - [2009/08/22 03:28:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP)
DRV - [2009/08/22 03:28:17 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:28:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 03:28:07 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/18 22:27:35 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/03/26 22:41:04 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/09/12 04:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/12 04:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}


IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=0Rh1wddCCIy8e8l0Y_0OGqwvqCY?q={searchTerms}
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/14 03:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/14 10:01:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/14 10:01:40 | 000,000,000 | ---D | M]

[2009/11/06 15:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions
[2010/10/31 11:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\d0jyfg13.default\extensions
[2009/11/06 15:30:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\d0jyfg13.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/14 10:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/14 03:30:33 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2012/04/14 10:33:53 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Cloud Reader = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\

O1 HOSTS File: ([2012/04/13 12:36:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000..\Run: [Meebo Notifier] C:\Users\Anthony\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe (Meebo, Inc.)
O4 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini ()
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk = C:\Program Files\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Brother International)
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://jran.uscourts.gov/whalecombd68af80722ce69399d78a55ef3e82fe78c1edc099/whalecom0/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://jran.uscourts.gov/whalecombd68af80722ce6939cd78a55ef3e82fe8c1969de0d/whalecom0/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} https://jport.uscourts.gov/download/,DanaInfo=AOMAIL01d.uscmail.dcn+dolcontrol.cab (LotusDRSControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://jran.uscourts.gov/InternalSite/WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://jport.uscourts.gov/,DanaInfo=AOMAIL01a.uscmail.dcn+dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://jport.uscourts.gov/,DanaInfo=AOMAIL01a.uscmail.dcn+dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://uscourts.webex.com/client/WBXclient-T27L10NSP25-10481/training/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://jport.uscourts.gov/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3852375-0BF1-443F-98C8-F5F05B44FA3D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Anthony\Pictures\taylor1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anthony\Pictures\taylor1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 90 Days ==========

[2012/04/14 09:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/14 09:51:00 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/04/14 09:51:00 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/04/14 09:51:00 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/04/14 09:51:00 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/14 09:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/04/13 12:43:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/13 12:34:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2012/04/13 12:22:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/13 12:22:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/13 12:22:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/13 12:21:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/13 12:21:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/13 12:21:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 03:06:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/13 03:06:06 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/13 03:06:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/13 03:06:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/13 03:06:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/13 03:06:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/13 03:00:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/13 03:00:38 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/10 17:31:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/10 14:28:43 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/04/10 07:18:41 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Users\Anthony\Desktop\ccsetup317.exe
[2012/04/09 17:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/09 17:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/09 15:22:21 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\AVG2012
[2012/04/09 15:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/09 15:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/04/09 15:19:44 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Security Programs
[2012/04/09 15:17:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/09 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/01 13:52:12 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Anthony\Desktop\unhide.exe
[2012/03/31 17:05:56 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anthony\Desktop\aldrink.com
[2012/03/31 08:55:23 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Anthony\Desktop\FixTDSS.exe
[2012/03/29 22:05:12 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YNAB 3
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roxio Creator Premier
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quicken 2011
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/03/29 22:05:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/03/29 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/29 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/29 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhone Configuration Utility
[2012/03/29 22:05:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2012/03/29 22:05:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/29 22:05:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Desktop
[2012/03/29 22:05:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/03/29 22:05:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/03/29 22:05:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/03/29 22:05:08 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2012/03/29 22:05:08 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
[2012/03/29 22:05:07 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/03/29 22:05:06 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon PhotoRecord
[2012/03/29 22:05:05 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcSoft Camera Suite
[2012/03/29 22:05:05 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Any Video Converter
[2012/03/29 22:05:05 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2012/03/13 22:54:26 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 22:54:25 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/13 15:04:56 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/13 15:04:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/13 15:04:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/13 15:04:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/11 16:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/11 16:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/16 00:51:08 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/15 11:01:50 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2012/01/25 14:18:49 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/25 14:18:48 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

========== Files - Modified Within 90 Days ==========

[2012/04/15 06:40:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 06:00:11 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2177584724-3349562556-1696289249-1000UA.job
[2012/04/14 18:40:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 14:08:59 | 000,009,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 14:08:59 | 000,009,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 14:01:58 | 000,001,116 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk
[2012/04/14 14:01:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/14 14:00:55 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 13:28:47 | 526,545,118 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/14 10:32:24 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/14 10:02:10 | 000,001,996 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/14 10:02:10 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/14 10:02:03 | 000,002,240 | ---- | M] () -- C:\Users\Anthony\Desktop\Google Chrome.lnk
[2012/04/14 10:02:03 | 000,002,117 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/14 10:00:36 | 000,987,636 | ---- | M] () -- C:\Users\Anthony\Documents\Firefox 3.6.6 (en-US) - 2012-04-14.pcv
[2012/04/14 09:50:31 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/04/14 09:50:31 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/04/14 09:50:31 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/14 09:50:25 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/04/14 09:50:24 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/04/14 09:23:15 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/13 13:00:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2177584724-3349562556-1696289249-1000Core.job
[2012/04/13 12:36:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/13 03:04:28 | 000,627,104 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/13 03:04:28 | 000,107,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/10 16:51:13 | 000,000,000 | ---- | M] () -- C:\Users\Anthony\defogger_reenable
[2012/04/10 07:18:33 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Users\Anthony\Desktop\ccsetup317.exe
[2012/04/09 17:28:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/01 13:52:08 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Anthony\Desktop\unhide.exe
[2012/04/01 11:29:05 | 001,008,141 | ---- | M] () -- C:\Users\Anthony\Desktop\iExplore.exe
[2012/03/31 17:05:54 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anthony\Desktop\aldrink.com
[2012/03/31 08:55:18 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Anthony\Desktop\FixTDSS.exe
[2012/03/29 07:23:39 | 000,000,679 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/14 17:30:41 | 000,001,109 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/14 03:21:10 | 000,369,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/11 16:16:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/11 16:07:52 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/11 16:01:17 | 000,002,503 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/11 16:01:16 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/06 01:59:47 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/06 01:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/27 21:18:55 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/27 21:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/27 21:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/27 21:08:15 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/27 21:03:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/27 20:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/17 01:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/02/15 11:01:50 | 004,547,944 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2012/02/10 01:38:43 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/02 23:54:27 | 002,343,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/01/26 04:16:40 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/01/25 01:32:35 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/01/25 01:32:34 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/01/25 01:27:51 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

========== Files Created - No Company Name ==========

[2012/04/14 10:02:10 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/14 10:00:34 | 000,987,636 | ---- | C] () -- C:\Users\Anthony\Documents\Firefox 3.6.6 (en-US) - 2012-04-14.pcv
[2012/04/14 09:23:15 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/14 09:23:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/13 12:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/13 12:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/13 12:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/13 12:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/13 12:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/10 17:30:48 | 526,545,118 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/10 16:51:13 | 000,000,000 | ---- | C] () -- C:\Users\Anthony\defogger_reenable
[2012/04/01 14:08:32 | 000,002,765 | ---- | C] () -- C:\Users\Public\Desktop\Citrix Program Neighborhood.lnk2
[2012/04/01 14:08:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/04/01 14:08:32 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/01 14:08:32 | 000,002,416 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/04/01 14:08:32 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Presto! PageManager 7.16.80.lnk
[2012/04/01 14:08:32 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\VideoImpression 1.7.lnk
[2012/04/01 14:08:32 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\PhotoStudio 5.lnk
[2012/04/01 14:08:32 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Kindle For PC.lnk
[2012/04/01 14:08:32 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 845 User's Guide.lnk
[2012/04/01 14:08:32 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/04/01 14:08:32 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/04/01 14:08:32 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Dell Support Center.lnk
[2012/04/01 14:08:32 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2011.lnk
[2012/04/01 14:08:32 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/01 14:08:32 | 000,001,738 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Auto Backup.lnk
[2012/04/01 14:08:32 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2012/04/01 14:08:32 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/01 14:08:32 | 000,001,486 | ---- | C] () -- C:\Users\Public\Desktop\Windows Media Center.lnk
[2012/04/01 14:08:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/04/01 14:08:32 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/04/01 14:08:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/01 14:08:32 | 000,001,276 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft FREE trial.lnk
[2012/04/01 14:08:32 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2012/04/01 14:08:32 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/04/01 14:08:32 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/04/01 14:08:32 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Product Documentation.lnk
[2012/04/01 14:08:32 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/01 14:08:32 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Music, Photos & Videos.lnk
[2012/04/01 14:08:32 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/04/01 14:08:32 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
[2012/04/01 14:08:32 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2012/04/01 14:08:32 | 000,000,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
[2012/04/01 14:08:32 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
[2012/04/01 14:08:32 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\i80 Setup Utility.lnk
[2012/04/01 14:08:32 | 000,000,357 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2012/04/01 14:08:31 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/04/01 14:08:31 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/01 14:08:31 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/04/01 14:08:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/01 14:08:30 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/04/01 11:29:13 | 001,008,141 | ---- | C] () -- C:\Users\Anthony\Desktop\iExplore.exe
[2012/03/31 09:26:16 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/29 22:06:10 | 000,000,174 | -HS- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini
[2012/03/29 22:05:47 | 000,001,130 | -HS- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop (2).ini
[2012/03/29 22:05:11 | 000,000,886 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
[2012/03/29 22:05:11 | 000,000,870 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
[2012/03/29 22:05:11 | 000,000,866 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
[2012/03/29 22:05:05 | 000,002,519 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/29 22:05:05 | 000,002,491 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/03/29 22:05:05 | 000,001,998 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/03/29 22:05:05 | 000,001,924 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/03/29 22:05:05 | 000,001,515 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/03/29 22:05:05 | 000,001,352 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/03/29 22:05:05 | 000,001,345 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/29 22:05:05 | 000,001,330 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/03/29 22:05:05 | 000,001,326 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/29 22:05:05 | 000,001,246 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/03/29 22:05:05 | 000,001,210 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/03/29 22:05:05 | 000,001,018 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/03/29 22:05:04 | 000,002,441 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/29 22:05:04 | 000,000,888 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/03/29 07:23:39 | 000,000,679 | ---- | C] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/26 04:16:40 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/01/14 17:13:29 | 000,000,106 | ---- | C] () -- C:\Windows\EWF845.ini
[2011/03/26 18:08:13 | 000,004,608 | ---- | C] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 10:29:59 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010/10/31 10:15:27 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/10/31 10:15:04 | 000,000,021 | ---- | C] () -- C:\Windows\CS_setup.ini
[2010/10/27 18:13:12 | 000,001,940 | ---- | C] () -- C:\Users\Anthony\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/31 12:20:06 | 000,004,216 | ---- | C] () -- C:\Users\Anthony\AppData\Local\rx_audio.Cache
[2010/07/31 12:20:06 | 000,000,144 | ---- | C] () -- C:\Users\Anthony\AppData\Local\rx_image32.Cache

#7 josh131

josh131
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 15 April 2012 - 09:37 AM

Remainder of OTL report:

========== LOP Check ==========

[2012/03/04 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\.oit
[2009/11/06 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Amazon
[2011/02/18 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Any Video Converter
[2012/04/09 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\AVG2012
[2011/05/01 12:29:50 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2012/01/15 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Epson
[2009/11/06 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\ICAClient
[2011/01/11 12:32:28 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Juniper Networks
[2012/01/14 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Leadertech
[2010/01/31 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Meebo
[2011/07/01 13:19:45 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\NewSoft
[2012/03/29 02:48:52 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Spotify
[2008/11/08 15:11:20 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Template
[2011/06/15 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\webex
[2011/10/14 03:28:28 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2009/11/06 18:14:55 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/04/13 12:44:22 | 000,042,714 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/05/14 12:21:26 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\DC_ShellExt.dll
[2008/10/24 03:49:39 | 000,004,703 | R--- | M] () -- C:\dell.sdr
[2012/04/14 14:00:55 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/31 10:14:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/31 10:14:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/14 14:00:52 | 3219,050,496 | -HS- | M] () -- C:\pagefile.sys
[2012/04/01 11:30:48 | 000,000,568 | ---- | M] () -- C:\rkill.log
[2012/04/01 11:37:25 | 000,126,376 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_11.33.47_log.txt

< %USERPROFILE%\*.* >
[2012/04/10 16:51:13 | 000,000,000 | ---- | M] () -- C:\Users\Anthony\defogger_reenable
[2012/04/15 06:51:54 | 009,699,328 | -HS- | M] () -- C:\Users\Anthony\NTUSER.DAT
[2012/04/15 06:51:54 | 000,262,144 | -HS- | M] () -- C:\Users\Anthony\ntuser.dat.LOG1
[2009/11/06 15:20:05 | 000,000,000 | -HS- | M] () -- C:\Users\Anthony\ntuser.dat.LOG2
[2009/11/06 15:20:06 | 000,065,536 | -HS- | M] () -- C:\Users\Anthony\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/06 15:20:06 | 000,524,288 | -HS- | M] () -- C:\Users\Anthony\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/06 15:20:06 | 000,524,288 | -HS- | M] () -- C:\Users\Anthony\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/06 16:13:46 | 000,000,020 | -HS- | M] () -- C:\Users\Anthony\ntuser.ini

< %USERPROFILE%\AppData\Local\*.* >
[2011/11/07 23:36:16 | 000,004,608 | ---- | M] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 17:57:52 | 000,008,248 | ---- | M] () -- C:\Users\Anthony\AppData\Local\en.ini
[2009/11/06 16:31:21 | 000,092,632 | ---- | M] () -- C:\Users\Anthony\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/04/14 10:32:33 | 003,724,527 | -H-- | M] () -- C:\Users\Anthony\AppData\Local\IconCache.db
[2010/07/31 12:39:23 | 000,004,216 | ---- | M] () -- C:\Users\Anthony\AppData\Local\rx_audio.Cache
[2010/07/31 12:39:23 | 000,000,144 | ---- | M] () -- C:\Users\Anthony\AppData\Local\rx_image32.Cache
[2011/01/28 19:01:15 | 000,001,940 | ---- | M] () -- C:\Users\Anthony\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

< %USERPROFILE%\AppData\Roaming\*.* >
[2011/04/29 09:22:12 | 000,000,196 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\wklnhst.dat

< %ProgramData%\*.* >

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
[2011/01/12 17:03:49 | 000,001,940 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >
[2009/01/26 19:35:52 | 000,000,000 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri.log
[2008/12/06 15:42:39 | 000,000,000 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri1.log
[2008/12/06 15:42:39 | 000,000,440 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRcvr1.log
[2009/01/26 19:35:53 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRecvr.log
[2012/04/15 05:59:16 | 000,023,982 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log
[2012/04/12 19:22:31 | 000,000,628 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog00.sqm
[2012/04/12 19:32:31 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog01.sqm
[2012/03/31 07:21:22 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog02.sqm
[2012/04/01 09:28:48 | 000,000,628 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog03.sqm
[2012/04/01 09:38:48 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog04.sqm
[2012/04/02 17:40:21 | 000,000,628 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog05.sqm
[2012/04/02 17:50:21 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog06.sqm
[2012/04/03 17:40:23 | 000,000,640 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog07.sqm
[2012/04/03 17:50:23 | 000,000,260 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog08.sqm
[2012/04/11 17:32:37 | 000,000,628 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\wmpnsslog09.sqm

< %windir%\temp\*.* >
[2012/04/13 13:21:47 | 000,000,000 | ---- | M] () -- C:\Windows\temp\FXSAPIDebugLogFile.txt
[2012/04/13 13:21:47 | 000,000,000 | ---- | M] () -- C:\Windows\temp\FXSTIFFDebugLogFile.txt
[2012/04/14 09:15:18 | 000,000,090 | ---- | M] () -- C:\Windows\temp\GoogleToolbarInstaller1.log
[2012/04/15 05:57:16 | 000,007,176 | ---- | M] () -- C:\Windows\temp\MpCmdRun.log
[2012/04/13 13:56:27 | 000,003,882 | ---- | M] () -- C:\Windows\temp\MpSigStub.log
[2012/04/14 13:51:58 | 000,524,288 | ---- | M] () -- C:\Windows\temp\TMP00000006533E7E2CB2B4FC21
[2012/04/14 10:43:57 | 000,524,288 | ---- | M] () -- C:\Windows\temp\TMP0000001AEA6A0002F890FDDB
[2012/04/14 10:46:54 | 000,524,288 | ---- | M] () -- C:\Windows\temp\TMP0000001BD4F9494974F9923E
[3 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %windir%\system32\*. >
[2009/07/14 00:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/07/13 22:37:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2012/01/14 15:42:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\Boot
[2009/11/06 15:24:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\Branding
[2012/04/13 03:06:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2012/04/13 03:06:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2009/11/06 15:26:04 | 000,000,000 | ---D | M] -- C:\Windows\system32\CodeIntegrity
[2011/06/25 16:40:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\Color
[2009/07/14 00:56:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2012/04/15 05:54:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2012/01/14 15:42:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2012/01/14 15:42:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2012/04/14 17:02:24 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2012/03/11 16:03:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2009/11/06 16:30:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\DRVSTORE
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2008/10/24 01:02:40 | 000,000,000 | ---D | M] -- C:\Windows\system32\ENU
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2012/01/14 15:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\EventProviders
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2012/04/09 13:21:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/13 22:03:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/13 22:03:57 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ias
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/13 22:05:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/11/09 19:35:22 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2009/11/06 15:24:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2009/11/06 18:13:45 | 000,000,000 | --SD | M] -- C:\Windows\system32\Microsoft
[2012/04/13 03:23:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2012/01/14 15:42:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2009/07/14 00:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2012/03/29 08:12:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2009/11/06 15:24:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\oem
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2009/07/14 00:56:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/13 22:37:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/11/06 16:13:44 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/11/06 15:24:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\RemInst
[2009/11/06 16:29:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2009/07/14 00:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2008/01/20 22:34:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\SLUI
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\SMI
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/14 00:41:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\spool
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2012/01/14 15:20:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\SPReview
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2012/01/14 15:42:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2012/04/13 12:43:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2010/05/13 03:01:05 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2012/01/14 15:42:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/07/14 00:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2010/10/05 17:16:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/14 00:54:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\wfp
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\WinBioDatabase
[2009/07/14 00:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\WinBioPlugIns
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2009/07/13 22:37:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\winevt
[2009/07/14 00:56:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2009/11/06 15:24:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\XPSViewer
[2009/07/13 22:37:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2010/02/08 18:42:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/01 01:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fs_rec.sys
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/02/17 00:14:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2012/02/17 00:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdtcp.sys
[2012/02/15 11:01:50 | 000,043,520 | ---- | M] (Apple, Inc.) -- C:\Windows\system32\drivers\usbaapl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 06:46:04 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll
[2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2010/11/20 08:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/04 21:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2010/11/04 21:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/20 08:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2010/11/20 08:32:22 | 000,186,368 | ---- | M] () MD5=F65CFF843B6E073A4F8188E19EC538D2 -- C:\Windows\assembly\GAC_32\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
[2010/11/20 08:32:22 | 000,121,856 | ---- | M] () MD5=6B35B443F4EF4AA695487BC83EADAEC6 -- C:\Windows\assembly\GAC_32\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2009/07/13 21:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/13 21:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2011/08/17 00:28:53 | 000,280,576 | ---- | M] () MD5=6A700621ECF04A54DB76EE9D1ADC79B7 -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
[2010/11/20 08:35:58 | 000,129,536 | ---- | M] () MD5=796046D31F7CEEFFF6243A98FABA290B -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
[2010/11/20 08:35:58 | 000,053,248 | ---- | M] () MD5=700A8CF1409EBEEAD7D20B704C338C57 -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
[2010/11/20 08:35:59 | 000,139,264 | ---- | M] () MD5=3B3D543F595910584AC45C75186CD3DA -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
[2010/11/20 08:35:58 | 000,307,712 | ---- | M] () MD5=C6F74E2405934514BB0434B7FCF7B7ED -- C:\Windows\assembly\GAC_32\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2010/11/04 21:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2009/07/13 21:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2010/11/20 08:32:22 | 000,019,968 | ---- | M] () MD5=36D6B6EFE1AFD20700DB4C4E20F400A7 -- C:\Windows\assembly\GAC_32\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2009/06/10 17:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 17:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009/06/10 17:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 17:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 17:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2011/07/08 18:33:43 | 004,550,656 | ---- | M] () MD5=67A80B7ABA247E0B6D8FE0E85A58F001 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 17:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 17:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 17:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 17:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 17:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 17:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 17:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 17:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 17:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 17:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2009/11/06 15:24:22 | 000,046,080 | ---- | M] () MD5=18A24D038910FB55AC04EDC30B95BEC3 -- C:\Windows\assembly\GAC_32\napcrypt\6.0.0.0__31bf3856ad364e35\napcrypt.dll
[2010/11/20 08:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2009/11/06 15:24:22 | 000,103,936 | ---- | M] () MD5=B621CEA9D376BB8E85D6F65807068281 -- C:\Windows\assembly\GAC_32\naphlpr\6.0.0.0__31bf3856ad364e35\naphlpr.dll
[2010/11/20 08:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/07/13 18:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2009/07/13 21:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2009/06/10 17:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/13 21:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 17:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/13 21:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 18:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2009/07/13 21:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2009/07/13 18:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/13 21:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2010/11/04 21:53:22 | 004,218,880 | ---- | M] () MD5=8A68B7F6F17377EFC0E7B12ABE54A8A4 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 17:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2010/11/04 21:53:31 | 001,736,536 | ---- | M] () MD5=189EF45EB56724A888159C084588155D -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/04 21:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/04 21:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/04 21:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/20 00:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2010/11/04 21:53:24 | 000,372,736 | ---- | M] () MD5=D5DB261885C0FEBF106DD3921C764F1E -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 17:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2011/12/25 16:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >
[2009/06/10 17:22:40 | 000,010,752 | ---- | M] () MD5=7E8C840853FB6EBD5CC16D3C10C7C127 -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
[2009/11/06 15:24:16 | 000,036,864 | ---- | M] () MD5=E5D9FA5C7B5EC7CA7D3EE002B1230C58 -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2768.38796__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
[2009/11/06 15:24:16 | 000,045,056 | ---- | M] () MD5=21DF68AA66B926CE477EC15009CC58D0 -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2768.38458__90ba9c70f846762e\AEM.Server.dll
[2009/11/06 15:24:16 | 000,094,208 | ---- | M] () MD5=813CA4B4A35373EDC1460C20B75B2154 -- C:\Windows\assembly\GAC_MSIL\AEM.UI\2.0.2768.38751__90ba9c70f846762e\AEM.UI.dll
[2009/11/06 15:24:16 | 000,045,056 | ---- | M] () MD5=D1B68C7C4847CC21F80E40C0488D3D97 -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2768.38460__90ba9c70f846762e\APM.Server.dll
[2009/06/10 17:22:47 | 000,507,904 | ---- | M] () MD5=11B30A8447A724C6E9FBF6261AC0DA6E -- C:\Windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
[2009/11/06 15:24:16 | 000,065,536 | ---- | M] () MD5=47376CD13BB36B8387072B431C8742E7 -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2768.38461__90ba9c70f846762e\ATIDEMOS.dll
[2009/11/06 15:24:16 | 000,032,768 | ---- | M] () MD5=C0C307CB8396DFF4F9C59645F15D2A78 -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2768.38751__90ba9c70f846762e\CCC.Implementation.dll
[2009/11/06 15:24:17 | 000,131,072 | ---- | M] () MD5=BD539B47B00DA8923D4326C13C637D16 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.2768.38790__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,012,288 | ---- | M] () MD5=E6D323A8007C6CD32E1BFCFC84878094 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.2768.38789__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,020,480 | ---- | M] () MD5=488D5043D75768DDF95A665A7B14D63E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.2729.30263__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
[2009/11/06 15:24:17 | 000,098,304 | ---- | M] () MD5=06CD1E691B3C322D71B4B710407C4949 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.2768.38605__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,475,136 | ---- | M] () MD5=D0AF10B415103107A4BAB6C1E9B509B7 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2768.38626__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,040,960 | ---- | M] () MD5=E0AE79F98916709E2D1F61F6AD93AC9C -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2768.38632__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,659,456 | ---- | M] () MD5=69238458B619652146F1BC169F233451 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2768.38689__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,065,536 | ---- | M] () MD5=5DD8D059AC2D0B48F12907387FE41C87 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2768.38688__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,684,032 | ---- | M] () MD5=6AD447AC34377204591C1B6341E4D75C -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2768.38708__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
[2009/11/06 15:24:17 | 000,327,680 | ---- | M] () MD5=AFEB20E82D44334A3D57D4BBCE2A83CA -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2768.38619__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,057,344 | ---- | M] () MD5=62187695778AB7F7432F3CC1C74B6566 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2768.38625__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,401,408 | ---- | M] () MD5=8778D44B3069E6D7B7672290BEC865FC -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2768.38675__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,032,768 | ---- | M] () MD5=9DA85A90F6A6663F97781062DFDFDE4F -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2768.38674__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,303,104 | ---- | M] () MD5=D473C4C6919FE3CFA59AE7575CEBBA1B -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2768.38543__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
[2009/11/06 15:24:17 | 000,282,624 | ---- | M] () MD5=B47AC6F80D916066E41E6C0C46C29705 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.2768.38612__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
[2009/11/06 15:24:17 | 000,032,768 | ---- | M] () MD5=CA32840CC0AF82301C4121107FFB9A9D -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2768.38625__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,897,024 | ---- | M] () MD5=E6FE1FBFE5173BFA95D43CDF2D236D1A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2768.38730__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,077,824 | ---- | M] () MD5=EA73D236B5A376A383EF2663B6EB2704 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2768.38729__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,360,448 | ---- | M] () MD5=88BF7FFC578EBA5E8C34FF26CB5A7762 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2768.38737__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
[2009/11/06 15:24:17 | 000,589,824 | ---- | M] () MD5=9DA0188EB4978B96E1BCD7BE1CD5F467 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2768.38536__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 000,040,960 | ---- | M] () MD5=0598F7EE64FAE46ACD8F62CA10AA9C77 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2768.38542__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
[2009/11/06 15:24:17 | 000,438,272 | ---- | M] () MD5=C38728BA3571468DF91149776F8E5032 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2768.38489__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
[2009/11/06 15:24:17 | 001,675,264 | ---- | M] () MD5=88BAA37406DEFD27B61081CC03BF2E8A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2768.38511__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
[2009/11/06 15:24:18 | 000,118,784 | ---- | M] () MD5=1CF82EDC9C136C4BC70CA36B197E475C -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2768.38654__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,032,768 | ---- | M] () MD5=97F5EA8937564C83B99F89481D3D9557 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2768.38653__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,020,480 | ---- | M] () MD5=BB4E3A9261E087F93E04AB5550383A4F -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2768.38488__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,208,896 | ---- | M] () MD5=25F90F4AEC98C87C49266234AA6BA9BB -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2768.38530__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,032,768 | ---- | M] () MD5=D4872C1170AF370367C54B09BB0B60B6 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2768.38523__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,184,320 | ---- | M] () MD5=84DBF2F65B2A2034C7BFA3651C49F174 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2768.38524__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
[2009/11/06 15:24:18 | 000,262,144 | ---- | M] () MD5=65E878546421176641CFC90189256251 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.2768.38556__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,020,480 | ---- | M] () MD5=6345CE6702E9D25C2FDFFA31C746821E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.2768.38562__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,790,528 | ---- | M] () MD5=56B959D06E6AD3C25F9DD83483E9D1E4 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2768.38633__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,065,536 | ---- | M] () MD5=E578DCF0A13F9B3B4B87DA04D4B5A77E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2768.38632__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,401,408 | ---- | M] () MD5=6CD5F4D7BCE6BAAABA5A3B0445F79F24 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2768.38715__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
[2009/11/06 15:24:18 | 000,204,800 | ---- | M] () MD5=4F6601EC24E8231A5A971C891DF80ADE -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.2768.38640__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,036,864 | ---- | M] () MD5=3FDE40AF5DE55A2E11DEB7B10BFB160E -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Runtime\2.0.2768.38639__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,204,800 | ---- | M] () MD5=C7078DD3D2C4A132E3C7393403C323E0 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.2768.38648__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,036,864 | ---- | M] () MD5=CD58E2D7FC4A67B8182042B530C006A8 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.2768.38646__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,208,896 | ---- | M] () MD5=CAE8D01462A13713291D91D3A15BF27B -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.2768.38753__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,036,864 | ---- | M] () MD5=1F55F00DCD0BDDBB656D16D3092528AC -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.2768.38752__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,479,232 | ---- | M] () MD5=C1D032136AFB3A460CB379A7714B0B9B -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Dashboard\2.0.2768.38563__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,028,672 | ---- | M] () MD5=E4C77CC7F50F325F6ED5F61D9A4EE0A7 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Runtime\2.0.2768.38562__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 001,032,192 | ---- | M] () MD5=7BF87CF821D9261E6B39926AA85E5891 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.2768.38584__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll
[2009/11/06 15:24:18 | 000,061,440 | ---- | M] () MD5=0B67CDC7A79C0862AF7A194ED0527D31 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.2768.38576__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll
[2009/11/06 15:24:18 | 000,425,984 | ---- | M] () MD5=B0A5901FA5CC8F604E842564F64B7795 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2768.38810__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,065,536 | ---- | M] () MD5=6076C0022F8141B3097483ED74E90527 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2768.38810__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,167,936 | ---- | M] () MD5=151557D348031F37436CB03DBBFA9828 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2768.38681__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,049,152 | ---- | M] () MD5=06F703FA43738E37910CE78EB1250CA2 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2768.38688__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,139,264 | ---- | M] () MD5=9F3E0B108D9112EDD4FCFAC6CBCCEB99 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.2768.38780__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,045,056 | ---- | M] () MD5=C0581854B2C80D6F8BF256F0C5BBA185 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.2768.38779__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,139,264 | ---- | M] () MD5=86B1F11D578FCC383B657AA310C7A714 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2768.38760__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,040,960 | ---- | M] () MD5=20A1E135C9391689D23580A699D419A7 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2768.38760__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,102,400 | ---- | M] () MD5=028DD2741C9195F0BCA26C0A4C44A7D7 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.2768.38803__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,016,384 | ---- | M] () MD5=2390CA076281A79E1943FBEB2C5C5F71 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.2768.38809__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,331,776 | ---- | M] () MD5=28437CE338BBF9DBBAAC138429EDC91A -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2768.38696__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,061,440 | ---- | M] () MD5=FFDDCB3983FC9703E7D740EE22492059 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2768.38695__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,090,112 | ---- | M] () MD5=A1EFAD1219411B25BBDEC83D660F4817 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2768.38701__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
[2009/11/06 15:24:19 | 000,282,624 | ---- | M] () MD5=B606B0ADF83283F43C9B3603D2E4C7E6 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.2768.38549__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,028,672 | ---- | M] () MD5=6FCB49651AD79BD02F89FE575A3ACE92 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.2768.38556__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,483,328 | ---- | M] () MD5=B26EC68A995DC7CA86C71FA6B2F64F58 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2768.38767__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
[2009/11/06 15:24:19 | 000,167,936 | ---- | M] () MD5=51205C5FBB4C28463F05347C0FDDBDB8 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.2768.38661__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,032,768 | ---- | M] () MD5=BD63362DB0D97E52C763D46A01CC4A92 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.2768.38660__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,102,400 | ---- | M] () MD5=29408CA5587DEC6F03ADF12CFF4AB8A5 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2768.38516__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,028,672 | ---- | M] () MD5=1DCED319EC6E869119514B67D84B2D94 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2768.38516__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,135,168 | ---- | M] () MD5=C046BF5974A19555F6FCEC98202435E7 -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2768.38773__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,102,400 | ---- | M] () MD5=C44360B018357257A7751647F8CFACAB -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig.Graphics.Dashboard\2.0.2768.38668__90ba9c70f846762e\CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,036,864 | ---- | M] () MD5=DD21BBF0D329F0C3D4418210D151FCEB -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig.Graphics.Runtime\2.0.2768.38667__90ba9c70f846762e\CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,073,728 | ---- | M] () MD5=B1AF49DA1C9A39C8A80FA1D7F71CE980 -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2768.38482__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
[2009/11/06 15:24:19 | 000,020,480 | ---- | M] () MD5=FDF7F23143F9DA20F775CADE5825D63B -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
[2009/11/06 15:24:19 | 000,237,568 | ---- | M] () MD5=4FD005A331A182790B353CDD3281D941 -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2768.38469__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
[2009/11/06 15:24:19 | 000,040,960 | ---- | M] () MD5=6135395F7F15D7578F571F1EC4FE997C -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2768.38502__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
[2009/11/06 15:24:20 | 000,024,576 | ---- | M] () MD5=DEB162486D2C27158B71380B9D15354A -- C:\Windows\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.2768.38729__90ba9c70f846762e\CLI.Component.AutoRemoval.dll
[2009/11/06 15:24:20 | 000,040,960 | ---- | M] () MD5=C4A080DD1340EAA05A81CED39373BE0B -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
[2009/11/06 15:24:20 | 000,065,536 | ---- | M] () MD5=53FD45DE328C38FBF3DF8FD632F95FAA -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.2768.38598__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.dll
[2009/11/06 15:24:20 | 000,204,800 | ---- | M] () MD5=FB5934831DD29817A45FD3F5C506678F -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.2768.38591__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.dll
[2009/11/06 15:24:20 | 000,065,536 | ---- | M] () MD5=C669B08E0EF10625A961A64B912C8C62 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.2768.38605__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.dll
[2009/11/06 15:24:20 | 000,208,896 | ---- | M] () MD5=4DCF0133BA6FC85344B6BBE73ABAD488 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.2768.38599__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.dll
[2009/11/06 15:24:20 | 000,020,480 | ---- | M] () MD5=483821D0842BBBD6FBBA41B5CEF485F1 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
[2009/11/06 15:24:20 | 001,507,328 | ---- | M] () MD5=7C401B09AC3F51AA54F9489A3E713F41 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2768.38477__90ba9c70f846762e\CLI.Component.Dashboard.dll
[2009/11/06 15:24:20 | 000,557,056 | ---- | M] () MD5=E955AB13720C26DD02E0EC365743C6CF -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.2768.38722__90ba9c70f846762e\CLI.Component.Eeu.dll
[2009/11/06 15:24:20 | 000,057,344 | ---- | M] () MD5=6B25F9B98F255D3B6E857BFEB6760EFE -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.2768.38569__90ba9c70f846762e\CLI.Component.Erecord.dll
[2009/11/06 15:24:20 | 000,020,480 | ---- | M] () MD5=20967A70CD2AF7132C1184C916AC81B4 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Help\2.0.2768.38750__90ba9c70f846762e\CLI.Component.Help.dll
[2009/11/06 15:24:20 | 000,020,480 | ---- | M] () MD5=EE1BC378E7D3DBA9388C1B98EB5025E4 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.2768.38523__90ba9c70f846762e\CLI.Component.Icomponent.dll
[2009/11/06 15:24:20 | 000,491,520 | ---- | M] () MD5=E3A0ADDFC1E1CB269ABFD37F6559805B -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.2768.38809__90ba9c70f846762e\CLI.Component.Launchpad.dll
[2009/11/06 15:24:20 | 000,020,480 | ---- | M] () MD5=C7F497FF40E05F763115608C0FF12A1F -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Load\2.0.2768.38750__90ba9c70f846762e\CLI.Component.Load.dll
[2009/11/06 15:24:20 | 000,006,656 | ---- | M] () MD5=82EB06DDB088B5A535969CB6C3460F00 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2768.38458__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
[2009/11/06 15:24:20 | 000,040,960 | ---- | M] () MD5=ABE8B189ACE0008304BBF0D776FF8347 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
[2009/11/06 15:24:20 | 000,069,632 | ---- | M] () MD5=135F2CCCA64C334B391C44EC5617BEE7 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2768.38460__90ba9c70f846762e\CLI.Component.Runtime.dll
[2009/11/06 15:24:20 | 000,049,152 | ---- | M] () MD5=6823A4739D01D5573E5682BA3AAEC201 -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.2768.38462__90ba9c70f846762e\CLI.Component.SkinFactory.dll
[2009/11/06 15:24:20 | 000,446,464 | ---- | M] () MD5=5E27EEA86270B9BF8CC4069CBD44892A -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2768.38744__90ba9c70f846762e\CLI.Component.Systemtray.dll
[2009/11/06 15:24:20 | 000,024,576 | ---- | M] () MD5=8D01462D36CE0EF16395847C5E88AF7F -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
[2009/11/06 15:24:20 | 000,471,040 | ---- | M] () MD5=15F858AD57A263B3FC11FF4DAD7DD0DD -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2768.38497__90ba9c70f846762e\CLI.Component.Wizard.dll
[2009/11/06 15:24:21 | 000,040,960 | ---- | M] () MD5=ABBA5B9C74A55EAE8B0D5436C1A99D68 -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
[2009/11/06 15:24:21 | 000,020,480 | ---- | M] () MD5=5B7096E464F7A36ED52A9C37AE7E0671 -- C:\Windows\assembly\GAC_MSIL\CLI.Implementation\2.0.2768.38457__90ba9c70f846762e\CLI.Implementation.dll
[2010/11/04 21:52:35 | 000,165,720 | ---- | M] () MD5=501E961FEEBBDE040FB836CB5DE122C2 -- C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe
[2009/06/10 17:22:50 | 000,013,312 | ---- | M] () MD5=AAD128271C76C6596E69CFA81D765C2C -- C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
[2009/06/10 17:22:50 | 000,005,120 | ---- | M] () MD5=BA86FDE9C3B5BD2FF5EA7A99BF648E82 -- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
[2010/11/20 08:32:20 | 000,094,208 | ---- | M] () MD5=3AC3967EB34A432332FF4E2D971397E8 -- C:\Windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
[2010/11/20 08:32:20 | 000,143,360 | ---- | M] () MD5=7F404ED2BAD3365F1A6452DBE40024FD -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
[2009/07/13 17:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe.config
[2009/07/13 21:20:19 | 000,015,872 | ---- | M] () MD5=8C0473A82FF7D19D19B8F3E120B3BB3A -- C:\Windows\assembly\GAC_MSIL\ehiActivScp\6.1.0.0__31bf3856ad364e35\ehiActivScp.dll
[2009/07/13 21:22:13 | 000,011,776 | ---- | M] () MD5=49D389CC7E7DC17C507F4B5AD6203AD3 -- C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ehiBmlDataCarousel.dll
[2009/07/13 21:20:15 | 000,077,824 | ---- | M] () MD5=598383C42098DF7D0FFD61F459B6CBAF -- C:\Windows\assembly\GAC_MSIL\ehiExtens\6.1.0.0__31bf3856ad364e35\ehiExtens.dll
[2009/07/13 21:20:46 | 000,040,960 | ---- | M] () MD5=0DBF6B6DEBD8C1F3F810C17AF4A18CE5 -- C:\Windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\ehiiTV.dll
[2010/11/20 08:32:20 | 000,172,032 | ---- | M] () MD5=3B813FB741DF5CD45EB4EA36AE0F83B3 -- C:\Windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
[2009/07/13 21:20:56 | 000,086,016 | ---- | M] () MD5=2CC68F809DAF4D4FAC0E66B35A4EB9BE -- C:\Windows\assembly\GAC_MSIL\ehiTVMSMusic\6.1.0.0__31bf3856ad364e35\ehiTVMSMusic.dll
[2009/07/13 21:20:37 | 000,006,144 | ---- | M] () MD5=A924F87D32D7D28D58D3CBDB8B103E6F -- C:\Windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ehiUPnP.dll
[2009/07/13 21:20:38 | 000,032,768 | ---- | M] () MD5=62F20E48B43B44D9C6E9B4CF08FB120D -- C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ehiUserXp.dll
[2009/07/13 21:20:51 | 000,335,872 | ---- | M] () MD5=DB2189BF0B4D192F70605F50EC30037B -- C:\Windows\assembly\GAC_MSIL\ehiVidCtl\6.1.0.0__31bf3856ad364e35\ehiVidCtl.dll
[2009/07/13 21:21:00 | 000,143,360 | ---- | M] () MD5=391EF4FF1EF376B4408C0DEFE2041DBF -- C:\Windows\assembly\GAC_MSIL\ehiwmp\6.1.0.0__31bf3856ad364e35\ehiwmp.dll
[2009/07/13 21:22:59 | 000,086,016 | ---- | M] () MD5=82A5798BD1A2FE8678A51CC9CE493F7F -- C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ehiWUapi.dll
[2010/11/20 08:32:21 | 000,196,608 | ---- | M] () MD5=641443B48D34539ED0F58C1FC3A379F0 -- C:\Windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
[2010/11/20 08:32:21 | 006,307,840 | ---- | M] () MD5=89AFF2261ECF21647B126E596675E302 -- C:\Windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
[2009/11/06 15:24:21 | 000,008,192 | ---- | M] () MD5=1277DEDA0EB85996C37DC9E16FFDBEAC -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_en_31bf3856ad364e35\EventViewer.Resources.dll
[2010/11/20 08:19:48 | 000,008,192 | ---- | M] () MD5=D7081D68005C975549685E8BF129794E -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_en_31bf3856ad364e35\EventViewer.resources.dll
[2009/11/06 15:24:21 | 000,364,544 | ---- | M] () MD5=0D5AC2B7BB1C83383805BF8310B45542 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
[2010/11/20 08:32:20 | 000,368,640 | ---- | M] () MD5=F046EB4BBFC631D178C6DF20819C1DE5 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.1.0.0__31bf3856ad364e35\EventViewer.dll
[2009/06/10 17:22:54 | 000,008,192 | ---- | M] () MD5=96D9E7E468D537443DE037A7E15CB804 -- C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
[2009/06/10 17:22:55 | 000,077,824 | ---- | M] () MD5=AF29AA7F2F613951A9E913B4290B2ECE -- C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
[2009/06/10 17:22:55 | 000,006,656 | ---- | M] () MD5=D051642D0ED61E2886FD8917E8B6FAFD -- C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
[2009/07/13 21:23:32 | 000,106,496 | ---- | M] () MD5=967047584598B8EA09A742328872C06D -- C:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe
[2009/11/06 15:24:21 | 000,020,480 | ---- | M] () MD5=00C7153ADD0698EF226AD86EFCDB0574 -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
[2009/11/06 15:24:21 | 000,061,440 | ---- | M] () MD5=E8A2D36FD9F9302AE7E42DE3758042FD -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2768.38750__90ba9c70f846762e\LOG.Foundation.Implementation.dll
[2009/11/06 15:24:21 | 000,032,768 | ---- | M] () MD5=D1B812CF04120A67A84486E5C66CED3B -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
[2009/11/06 15:24:21 | 000,086,016 | ---- | M] () MD5=20CEF767051CD3F678066B34F0BF775C -- C:\Windows\assembly\GAC_MSIL\LOG\2.0.2768.38751__90ba9c70f846762e\LOG.exe
[2010/11/20 08:32:22 | 000,942,080 | ---- | M] () MD5=95738FEDB3C23753C20CBCF7D772E259 -- C:\Windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
[2009/07/13 21:19:48 | 000,053,248 | ---- | M] () MD5=F499B89A60548AF6B4E8EE715C6599B0 -- C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\MCESidebarCtrl.dll
[2010/11/20 08:32:22 | 000,122,880 | ---- | M] () MD5=8E8ADA64942CF38625A557C026059AC3 -- C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\mcglidhostobj.dll
[2010/11/20 08:32:22 | 000,171,520 | ---- | M] () MD5=C6FB5599850922CE6B440899C078A2CF -- C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
[2010/11/20 08:32:22 | 000,638,976 | ---- | M] () MD5=F338EC894AA0CE005156B4AB2FF77CCC -- C:\Windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
[2009/07/13 22:12:50 | 000,007,168 | ---- | M] () MD5=FCA8AC8ABBCE37458663CCA33E7F71F7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
[2009/07/13 21:20:28 | 000,057,344 | ---- | M] () MD5=D16F569EB4264641241465BEFA107BD0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
[2009/06/10 17:14:36 | 000,106,496 | ---- | M] () MD5=550E75434C424A17A1E06669D8335C26 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
[2010/11/04 21:57:44 | 000,348,160 | ---- | M] () MD5=24FDCD95121E59D39DCB1585EC8C5901 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 21:53:30 | 000,733,184 | ---- | M] () MD5=DC6476726F4A15BF5BC8CF2C235B17C6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/11/04 21:57:44 | 000,036,864 | ---- | M] () MD5=4B177641BEBC8965220EC474D65981A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2009/06/10 17:14:40 | 000,036,864 | ---- | M] () MD5=80F89EC03B39E5A6700C9CA5A5545230 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2010/11/04 21:53:36 | 000,802,816 | ---- | M] () MD5=9EBE67131D1776B86410B56FFC95A5BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
[2010/11/04 21:57:45 | 000,655,360 | ---- | M] () MD5=5B5AEB3CEB1FC6D77E57821E6A42DE72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
[2010/11/04 21:53:30 | 000,094,208 | ---- | M] () MD5=B6EF0B4C1898D03FC7814B890FCE9B72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
[2010/11/04 21:57:45 | 000,077,824 | ---- | M] () MD5=D7A537839EAB83BAD8F3C053098198E8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
[2009/07/13 22:13:02 | 000,036,864 | ---- | M] () MD5=3576E621125C0ECE94313B85CCE6F8B6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll
[2009/06/10 17:23:03 | 000,749,568 | ---- | M] () MD5=3CF65928E67E362D5B25424EBCC27B12 -- C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
[2009/07/13 22:13:00 | 000,016,384 | ---- | M] () MD5=4D9D34F0204D5DF8EF1DBBD704735EEB -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll
[2009/07/13 21:21:42 | 000,188,416 | ---- | M] () MD5=F8B72BFD1D8C36E1A2C98E25C9CF2504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
[2009/07/13 21:22:44 | 001,159,168 | ---- | M] () MD5=2D994989944FA2E9D2AD7450953523A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Bml.dll
[2009/07/13 21:22:09 | 000,024,576 | ---- | M] () MD5=97D4AC2BAD43C5D5C8C42EDB71B2E532 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTv.Hosting\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTv.Hosting.dll
[2010/11/20 08:35:58 | 000,086,016 | ---- | M] () MD5=083B692697B5974B0A5ED59BF4D3147C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.dll
[2010/11/20 08:35:58 | 000,045,056 | ---- | M] () MD5=A9D673D4B371B9D918875386640113BA -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.ITVVM\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.ITVVM.dll
[2010/11/20 08:35:58 | 001,572,864 | ---- | M] () MD5=0CFCDCFB9D28CE7AFC3F1823250ABE71 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
[2010/11/20 08:35:58 | 000,241,664 | ---- | M] () MD5=3E1A7D201A38D73F14FFE90909B38A86 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
[2010/11/20 08:35:59 | 002,596,864 | ---- | M] () MD5=732807787D6FA99791370D934360AE4C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
[2010/11/20 08:35:59 | 000,385,024 | ---- | M] () MD5=2F4797433A371756FE937CE802C2F313 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
[2009/07/13 22:13:04 | 000,010,752 | ---- | M] () MD5=65B27C38DBD68EFEC636665FDBF4D1FF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
[2010/11/20 08:35:58 | 000,102,400 | ---- | M] () MD5=2E86EDB34D366FCC9425B1A4654FC543 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
[2009/07/13 22:13:06 | 000,036,864 | ---- | M] () MD5=10C9C4380C4B403B95D757C4517AFD5B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
[2010/11/20 08:35:58 | 000,290,816 | ---- | M] () MD5=33C0200ED261F9738AB90A58C97E2E52 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
[2010/11/20 08:19:49 | 000,049,152 | ---- | M] () MD5=28AF2A12179398B90A6F18E451010209 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
[2010/11/20 08:35:59 | 000,667,648 | ---- | M] () MD5=C23ACC08CB8049A8DDC7D8CD84280096 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
[2010/11/20 08:19:49 | 000,040,960 | ---- | M] () MD5=42CDE70A57616C7D54694E881C5F84A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
[2009/07/13 21:23:47 | 000,200,704 | ---- | M] () MD5=61408B3CF77B787A753B6F4F4A6840B1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
[2009/07/13 22:13:04 | 000,069,632 | ---- | M] () MD5=DF60F16CB3FA971EBD1CB6B1FA346AF6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
[2010/11/20 08:35:59 | 000,991,232 | ---- | M] () MD5=7E6557381C8CF162A4ED0D9A581F870B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
[2009/07/13 22:13:06 | 000,040,960 | ---- | M] () MD5=41888D6ED40E49C4DAED8E412BB18B90 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
[2009/07/13 21:22:04 | 000,651,264 | ---- | M] () MD5=E66B1EEE2AB24DE9F3D5189A1FC8D4BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
[2009/07/13 22:13:06 | 000,016,896 | ---- | M] () MD5=E848EEBF463086883E026AAD11C24F1A -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
[2009/07/13 21:20:38 | 000,278,528 | ---- | M] () MD5=3EAB4DBDC290EDC4D53FE77F1FDB9E59 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
[2009/07/13 22:11:48 | 000,009,216 | ---- | M] () MD5=462D0B841E939094840CFA61C990410F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
[2010/11/20 08:35:58 | 000,077,824 | ---- | M] () MD5=B1282FC909517D890C61F7F3313134EF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
[2009/11/06 15:24:21 | 000,069,632 | ---- | M] () MD5=691FF909C75247767DE9B84606777853 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.0.0.0_en_31bf3856ad364e35\Microsoft.Tpm.Resources.dll
[2009/07/13 22:13:06 | 000,073,728 | ---- | M] () MD5=67F68317A9F346A32039F9651C7EAC46 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll
[2009/11/06 15:24:21 | 000,200,704 | ---- | M] () MD5=635178CDD551FACB59A7F016BDB7F37E -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.0.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
[2009/07/13 21:24:19 | 000,192,512 | ---- | M] () MD5=466761E68D1AAED81DFD5E43B168D2F0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.1.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
[2009/06/10 17:14:03 | 000,397,312 | ---- | M] () MD5=130FF58B6245F78097E7619EFB61CDD2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
[2009/06/10 17:23:03 | 000,110,592 | ---- | M] () MD5=A070FD9509392CEB84A3ED8F8A42A504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
[2010/11/04 21:57:46 | 000,372,736 | ---- | M] () MD5=B424A0AF636B1D3DAE3A664285EF9795 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
[2009/06/10 17:23:04 | 000,028,672 | ---- | M] () MD5=A5B5F03020C0A01276801CF2C807FF8C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
[2010/11/04 21:57:46 | 000,610,304 | ---- | M] () MD5=DF1F3AFE18D254F759BB1A000B811C15 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
[2009/06/10 17:14:40 | 000,041,984 | ---- | M] () MD5=DD26812B72AF01116F7A1DDD4FA21E49 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
[2009/06/10 17:23:04 | 000,005,632 | ---- | M] () MD5=BBAEF0C6E310A25D3BCCAA2ADC538F82 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
[2009/06/10 17:23:04 | 000,012,800 | ---- | M] () MD5=71C2F1A0F8FFD6D017F039AC023DE81C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
[2009/06/10 17:23:04 | 000,032,768 | ---- | M] () MD5=45F2E4914DDCDA6F468D99FAA91911F2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
[2009/07/13 22:13:08 | 000,004,096 | ---- | M] () MD5=04D3E891B3256A1EBD36FA7B6F984920 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll
[2009/07/13 21:25:15 | 000,009,728 | ---- | M] () MD5=96F718F03F4D8782D7EB11954AC0E914 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll
[2009/07/13 22:13:08 | 000,004,096 | ---- | M] () MD5=ADD629AFA64864C8519B2485F6F61554 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll
[2009/07/13 21:26:39 | 000,010,752 | ---- | M] () MD5=78EF40CE03E23CB6702391D919F95436 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll
[2009/07/13 22:13:08 | 000,004,096 | ---- | M] () MD5=84AA3A80B726C6DCCDAA38A879862D6D -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll
[2009/07/13 21:25:40 | 000,009,216 | ---- | M] () MD5=EE5B0505F2E8E8305748DD270A7AD929 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll
[2009/07/13 22:13:08 | 000,004,096 | ---- | M] () MD5=BEBFDDCB2DB36E9302A4358878C8CFD4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll
[2009/07/13 21:25:32 | 000,008,192 | ---- | M] () MD5=7FBCA94271448B41DB000C98C9615312 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll
[2010/11/20 08:19:49 | 000,004,096 | ---- | M] () MD5=B8E015AD059FFAFCE9CB40DF775B11E0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.resources.dll
[2009/07/13 21:25:35 | 000,024,576 | ---- | M] () MD5=915BBFA6BBF105C0C51398A3398D19CB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.dll
[2009/07/13 22:13:08 | 000,006,656 | ---- | M] () MD5=FC66A5034B5B6A7C09FCE86C47BBF4ED -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll
[2009/07/13 21:26:37 | 000,049,152 | ---- | M] () MD5=4BB0FF1D72803CC075D92CE2FBDCA2B3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll
[2010/11/20 08:19:49 | 000,013,824 | ---- | M] () MD5=C58C7003380F76221AB9B5BBB4AE4452 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
[2010/11/20 08:36:00 | 000,286,720 | ---- | M] () MD5=64C192235DF8F704412F0D66BAF5C1B1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
[2009/07/13 21:22:00 | 000,007,168 | ---- | M] () MD5=D5F86545FAF811ED2CCF3C6117B0EC44 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
[2009/06/10 17:23:04 | 000,007,168 | ---- | M] () MD5=E5640EF09DA87B03E78F18F850CFF728 -- C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
[2009/07/13 22:13:12 | 001,552,384 | ---- | M] () MD5=5D85FA66189E6832466C8DEE97CA8C3F -- C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll
[2010/11/20 08:36:00 | 003,416,064 | ---- | M] () MD5=CD35B1936F50990D1FCEAE31E2D1553F -- C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
[2010/11/20 08:19:49 | 000,036,864 | ---- | M] () MD5=E5956455F8A07B174CF146247EC6315E -- C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll
[2009/07/13 21:26:50 | 000,421,888 | ---- | M] () MD5=A9D4275CE5EA165C267AE05A6821CB54 -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
[2010/11/20 08:19:49 | 000,004,096 | ---- | M] () MD5=930887F063E075C31E38E435F9C3D94C -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll
[2009/07/13 21:26:07 | 000,110,592 | ---- | M] () MD5=E72BF459A519312B4FF7F3FA8A85BA13 -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
[2009/11/06 15:24:22 | 000,102,400 | ---- | M] () MD5=AB28B9224AB7107CC9DE8E0DBD85EB6A -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2768.38752__90ba9c70f846762e\MOM.Implementation.dll
[2009/11/06 15:24:22 | 000,040,960 | ---- | M] () MD5=57F16BA5DEA0C8D8F8A32457909B97DB -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_en_31bf3856ad364e35\napinit.resources.dll
[2010/11/20 08:19:49 | 000,049,152 | ---- | M] () MD5=B0F301AA13B7E4F227F6964856739530 -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.1.0.0_en_31bf3856ad364e35\napinit.Resources.dll
[2009/11/06 15:24:22 | 000,065,536 | ---- | M] () MD5=DB480950449461485B2748A35FD584BD -- C:\Windows\assembly\GAC_MSIL\napinit\6.0.0.0__31bf3856ad364e35\napinit.dll
[2009/07/13 21:22:44 | 000,073,728 | ---- | M] () MD5=0E2E919A5255D305CF1B3AE9B9D452F1 -- C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\NAPINIT.DLL
[2009/11/06 15:24:22 | 000,245,760 | ---- | M] () MD5=1A4DB6D3CF3A2B998030EEFAFA4C629B -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_en_31bf3856ad364e35\napsnap.resources.dll
[2009/07/13 22:12:16 | 000,233,472 | ---- | M] () MD5=804C49310D2EA3B1A2E3809CE3C93B47 -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_en_31bf3856ad364e35\napsnap.resources.dll
[2009/11/06 15:24:22 | 000,458,752 | ---- | M] () MD5=E23E798E853A609BABBFD45AF89FE91C -- C:\Windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\napsnap.dll
[2009/07/13 21:25:01 | 000,454,656 | ---- | M] () MD5=FC35785CC6FD225A4E504A23DE13D085 -- C:\Windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL
[2009/11/06 15:24:22 | 000,991,232 | ---- | M] () MD5=27BB54357A51594D9F9B6257B5B9A879 -- C:\Windows\assembly\GAC_MSIL\Narrator\6.0.0.0__31bf3856ad364e35\Narrator.exe
[2010/11/20 08:36:00 | 001,077,248 | ---- | M] () MD5=95DE3CF54E0A360EED766DBDDF152F0D -- C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe
[2009/11/06 15:24:22 | 000,028,672 | ---- | M] () MD5=9ABF93124C9F80FDB69A53EBDAEA070A -- C:\Windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.2768.38796__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.dll
[2009/11/06 15:24:23 | 000,016,384 | ---- | M] () MD5=5E1148F28FE3890FBF5E01EFA1233AD0 -- C:\Windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.2729.30261__90ba9c70f846762e\PCKGHLP.Foundation.Private.dll
[2009/11/06 15:19:49 | 000,000,815 | ---- | M] () MD5=0A33273323603FCBD8DDD74758163161 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config
[2009/11/06 15:19:49 | 000,005,632 | ---- | M] () MD5=841736FAB112AC493646E4399E684D38 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
[2009/11/06 15:19:49 | 000,000,831 | ---- | M] () MD5=A9C1035129544B3867E06A8F02874FE4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config
[2009/11/06 15:19:49 | 000,005,632 | ---- | M] () MD5=1A49D09BD80C023A771214DA826FF6B6 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
[2009/11/06 15:19:49 | 000,000,828 | ---- | M] () MD5=52B88C0916FAFF34E0174CD718980AC4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config
[2009/11/06 15:19:49 | 000,005,632 | ---- | M] () MD5=0C8F794B0C057EB421569A4E5B8E98C5 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
[2010/11/04 21:53:21 | 000,598,016 | ---- | M] () MD5=AEFD96A1A087027A7EDC21F83F1B4727 -- C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
[2009/06/10 17:14:50 | 000,032,768 | ---- | M] () MD5=24F02A6A94DC8AE6F2ACDA7950CBEEB3 -- C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
[2009/06/10 17:14:51 | 000,042,856 | ---- | M] () MD5=E56F39F6B7FDA0AC77A79B0FD3DE1A2F -- C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2009/06/10 17:14:43 | 000,196,608 | ---- | M] () MD5=C9DF30B6F5D99C8147C528528B9CC498 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
[2009/06/10 17:14:44 | 000,139,264 | ---- | M] () MD5=98F2493B40E00061B4A4369E63790293 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
[2010/11/04 21:53:23 | 000,397,312 | ---- | M] () MD5=4E9FDA223530F931AC1F03ABB58E4DA5 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
[2009/06/10 17:14:44 | 000,163,840 | ---- | M] () MD5=13E8EC241CA1402C923DF3A1DA9CAF70 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
[2010/11/04 21:53:23 | 005,279,744 | ---- | M] () MD5=1D362AE9606BF7D4E3342EB7F7671CD0 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
[2009/06/10 17:14:52 | 000,864,256 | ---- | M] () MD5=0F8242348EBA698FF93193A6BDC55362 -- C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
[2010/11/04 21:53:24 | 000,532,480 | ---- | M] () MD5=270045542C06E099B22F8EF6577B8C09 -- C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
[2009/06/10 17:15:18 | 000,005,632 | ---- | M] () MD5=AA7004ABA8C37DDCA200E16F1570EF62 -- C:\Windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
[2009/11/06 15:24:23 | 000,156,688 | ---- | M] () MD5=CF77B66D02DA6CEAC6000FDFBACD6879 -- C:\Windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe
[2010/11/04 21:52:39 | 000,110,592 | ---- | M] () MD5=6F145DEF09821EB6614C501430CB838C -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
[2010/11/04 21:52:39 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
[2009/07/13 21:25:09 | 000,086,016 | ---- | M] () MD5=46107610B0BDFA104BDF859664DB1654 -- C:\Windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.1.0.0__31bf3856ad364e35\SonicMCEBurnEngine.dll
[2009/06/10 17:23:17 | 000,110,592 | ---- | M] () MD5=3C8AF820562CC8E3A1CF82650518F66C -- C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
[2010/11/04 21:53:30 | 000,045,056 | ---- | M] () MD5=6D593E9AE74E39A62F8184515B27DF28 -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
[2010/11/04 21:53:30 | 000,163,840 | ---- | M] () MD5=949408949F9C8FF4FDB82A8EB14792EE -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
[2010/11/04 21:53:30 | 000,057,344 | ---- | M] () MD5=27E76A55FA5C3586297C2D42986304AC -- C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
[2010/11/04 21:58:04 | 000,081,920 | ---- | M] () MD5=ED2D3B032733BFC7A68FCE05BC7F93B4 -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
[2010/11/04 21:58:04 | 000,425,984 | ---- | M] () MD5=5A7A33F7F9DFC0C0A8B8E000F4D9D898 -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
[2010/11/04 21:53:30 | 000,667,648 | ---- | M] () MD5=FC114C6C8AB34F1A357069AD3E4477F8 -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
[2010/11/04 21:53:31 | 000,053,248 | ---- | M] () MD5=82D34DEB3105E63981A0306B03C10A07 -- C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
[2010/11/04 21:53:31 | 000,229,376 | ---- | M] () MD5=02B81AAEB463E966372AF6A1C0B6038E -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
[2010/11/04 21:53:31 | 002,879,488 | ---- | M] () MD5=EEDCBC7607D2852BBF74409B49A8D1C1 -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
[2010/11/04 21:53:31 | 000,684,032 | ---- | M] () MD5=8AB40EB71BB5D5F4641AA5895712B981 -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
[2010/11/04 21:53:32 | 000,462,848 | ---- | M] () MD5=606ACF1553423BFDD3CABEBA3DF264B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
[2010/11/04 21:53:32 | 000,163,840 | ---- | M] () MD5=0ACA904F87E674CF3CB6746D9D3AB321 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
[2010/11/04 21:53:32 | 000,692,224 | ---- | M] () MD5=4BA482E447D6096E8D4348AAE306CE1B -- C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
[2010/11/04 21:58:05 | 000,745,472 | ---- | M] () MD5=800484A3335EACDAA9600120385CCBDC -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
[2010/11/04 21:58:05 | 000,970,752 | ---- | M] () MD5=418EC83A2FC441A3D40F3FDCDA851392 -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
[2010/11/04 21:58:06 | 004,927,488 | ---- | M] () MD5=2D7D124DCC4E7643F2B8AB4592150950 -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
[2010/11/04 21:53:32 | 000,290,816 | ---- | M] () MD5=CD86BDCB5E115635E6AB7DFE77FC1D11 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
[2009/06/10 17:23:18 | 000,188,416 | ---- | M] () MD5=EE1DCDAA3EA8F53DA56116875CD01653 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
[2010/11/04 21:58:06 | 000,401,408 | ---- | M] () MD5=AF1F47FBADABB9134002359970F5FD1C -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
[2009/06/10 17:23:18 | 000,081,920 | ---- | M] () MD5=D195A195E3D16A867FD4382D786313B8 -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
[2012/01/26 19:33:25 | 000,630,784 | ---- | M] () MD5=25279D7FAF0F1BE97EA477EB939A1469 -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
[2010/11/04 21:52:27 | 000,126,976 | ---- | M] () MD5=DF7FEE2563BF2D59926B786FBF636510 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
[2010/11/04 21:52:27 | 000,442,368 | ---- | M] () MD5=9638C20A92962CAFC45E8F48AE6238F5 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
[2009/06/10 17:13:54 | 000,131,072 | ---- | M] () MD5=AC45DB17E166ECEBD320D4FA2820C1B6 -- C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
[2010/11/20 08:19:49 | 000,253,952 | ---- | M] () MD5=53998D919FABB0F5EF2BD7C38533D2B7 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll
[2010/11/20 08:36:01 | 003,010,560 | ---- | M] () MD5=4214698AD147EA8E83CC0E7DCF883DB3 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
[2010/11/04 21:53:32 | 000,143,360 | ---- | M] () MD5=BCD4761D6E2290B490498126C67A35D0 -- C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
[2010/11/04 21:58:09 | 000,385,024 | ---- | M] () MD5=52C875E8F96E4F9E69914A538C129C6E -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
[2010/11/04 21:58:09 | 000,258,048 | ---- | M] () MD5=3035497DE3B9208633BC7F3604D781FB -- C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
[2010/11/04 21:53:32 | 000,237,568 | ---- | M] () MD5=74446FB0C54CB43A279E735F9C335752 -- C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
[2010/11/04 21:58:10 | 000,303,104 | ---- | M] () MD5=1D4DA021B0AD837B35AFB772CC7C636D -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
[2009/06/10 17:23:19 | 000,131,072 | ---- | M] () MD5=C9781DA4EE6A5BBAE271CC0AC4B25D7C -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/04 21:52:27 | 000,970,752 | ---- | M] () MD5=01D4E1005C901889517EED7F438DB501 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2010/11/04 21:58:10 | 000,258,048 | ---- | M] () MD5=A15491BE2D672FCDBFEB250E9594D7ED -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
[2010/11/04 21:52:40 | 000,073,728 | ---- | M] () MD5=4E0883AF9D5B4F2AAFD19F6663CBAF5F -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
[2010/11/04 21:52:41 | 000,032,768 | ---- | M] () MD5=9A9827B4F896F40607DF8103B9C438C0 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
[2010/11/04 21:52:44 | 000,569,344 | ---- | M] () MD5=EA5213E7090668C917EEB947FDC3CD46 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
[2010/11/04 21:52:30 | 005,988,352 | ---- | M] () MD5=196D093057DE9D765FF8DDFA24215D3B -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
[2010/11/04 21:58:10 | 000,114,688 | ---- | M] () MD5=F68CAFF425A9F37E498193BDDC5CC652 -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
[2009/06/10 17:14:45 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
[2010/11/04 21:53:32 | 000,077,824 | ---- | M] () MD5=DE8831D65E92BC50304F37CC75EC31D5 -- C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
[2010/11/04 21:53:32 | 000,032,768 | ---- | M] () MD5=4A1EF32D7C394D8400870C73B40CA2A4 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
[2010/11/04 21:53:32 | 000,229,376 | ---- | M] () MD5=054F8B86C1258EDDB833A38B54155CF7 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
[2010/11/04 21:53:32 | 000,131,072 | ---- | M] () MD5=A282147F21B0DB24DB3B3566E828A8AE -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
[2010/11/04 21:53:33 | 000,139,264 | ---- | M] () MD5=A5722B31B8454EE1CC50753C93CFDB4E -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
[2010/11/04 21:53:33 | 000,335,872 | ---- | M] () MD5=C935E89C6F71F188282632F35A04D0C1 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
[2011/12/25 16:42:15 | 001,277,952 | ---- | M] () MD5=58AD1FECFBAEE633D6326377D8E0982E -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
[2010/11/04 21:58:11 | 000,835,584 | ---- | M] () MD5=18FDA35C607C486C0D5B91D7DD06CD17 -- C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
[2009/06/10 17:23:20 | 000,077,824 | ---- | M] () MD5=1CDB3B55F1330F85A674B0B5927399F4 -- C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
[2010/11/04 21:53:33 | 000,061,440 | ---- | M] () MD5=6D138BD2348457A5097F2772C78FE094 -- C:\Windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
[2010/11/04 21:58:12 | 000,839,680 | ---- | M] () MD5=8C0B098B41A27B08D58CAE7A61A3BA19 -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
[2011/03/29 18:33:52 | 005,025,792 | ---- | M] () MD5=2228FA05BCC728E116663A5E11ED6301 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
[2009/06/10 17:15:18 | 000,012,288 | ---- | M] () MD5=1CCEE8037C8EF9A08DD0ADB7E3E38D78 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
[2010/11/04 21:53:45 | 001,142,784 | ---- | M] () MD5=A422312AE61E44B166FAC615786296A1 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
[2010/11/04 21:53:46 | 001,630,208 | ---- | M] () MD5=BD0B0F768E7E74C5CD7A34B8B4BCC81D -- C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
[2010/11/04 21:53:46 | 000,540,672 | ---- | M] () MD5=32FF0E945F51F5147A8304026B5C19EA -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
[2010/11/04 21:52:45 | 000,507,904 | ---- | M] () MD5=CC3B424ED10A8E477B5D466188531F26 -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
[2010/11/04 21:53:34 | 000,139,264 | ---- | M] () MD5=EF6CEBC989FBDAEEB83E5662F1499FC0 -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
[2010/11/04 21:58:14 | 002,048,000 | ---- | M] () MD5=5B3FA17E1CD6FBBDF41AC34DAEECC256 -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
[2011/10/31 19:16:22 | 003,190,784 | ---- | M] () MD5=162AC985F452724D8CE7CCEFC842809F -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
[2009/11/06 15:24:23 | 000,006,656 | ---- | M] () MD5=9AA315F0EB92E005FEDB833766E8C8F9 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_en_31bf3856ad364e35\TaskScheduler.Resources.dll
[2009/07/13 22:12:46 | 000,007,168 | ---- | M] () MD5=ABBF43F681EF160CAAB7C41BC289DA06 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll
[2009/11/06 15:24:23 | 000,163,840 | ---- | M] () MD5=A3412B8CAE691416C7393E542F6C65E3 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
[2010/11/20 08:36:00 | 000,167,936 | ---- | M] () MD5=1D264989FFABEF36745304F5DD216DC7 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35\TaskScheduler.dll
[2009/06/10 17:14:45 | 000,172,032 | ---- | M] () MD5=3F47DB8D603A84FBF1154901AAC177CD -- C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
[2009/06/10 17:14:46 | 000,380,928 | ---- | M] () MD5=32D7B8CC805D2DA70D01DA89982DCE1D -- C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
[2009/06/10 17:14:46 | 000,040,960 | ---- | M] () MD5=0D2A84FF4383B4F41EDA8B4DE2D45D6C -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
[2009/06/10 17:14:46 | 000,098,304 | ---- | M] () MD5=62DF8C1D169752DF885E44D21309F7E6 -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
[2010/11/04 21:53:26 | 001,253,376 | ---- | M] () MD5=30E46D54FB2938CCF04BE99F1D4FBE3D -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
[2009/06/10 17:14:47 | 000,094,208 | ---- | M] () MD5=D9673C241B14E5526A81B3ABAD3FD3BA -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
[2010/11/04 21:52:42 | 000,149,328 | ---- | M] () MD5=8AB248DD85018CC3232D2F20E45A30E7 -- C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

< MD5 for: AFD.SYS >
[2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 04:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 22:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 23:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSC.SYS >
[2009/07/13 19:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) MD5=27C9490BDD0AE48911AB8CF1932591ED -- C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys
[2010/11/20 04:44:36 | 000,388,096 | ---- | M] (Microsoft Corporation) MD5=3C2177A897B4CA2788C6FB0C3FD81D4B -- C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys

< MD5 for: DISK.SYS >
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: I8042PRT.SYS >
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2007/09/30 00:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/12/11 04:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Drivers\storage\R173412\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/12/11 04:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/12/11 04:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_633476a5a8eb44de\iaStor.sys
[2007/12/11 04:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_5ae6e06622a9fcb0\iaStor.sys

< MD5 for: LSASS.EXE >
[2011/11/17 03:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\ERDNT\cache\lsass.exe
[2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\System32\lsass.exe
[2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/17 01:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2009/07/13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009/07/13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
[2011/11/17 01:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NETBT.SYS >
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: SERIAL.SYS >
[2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\drivers\serial.sys
[2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 00:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/21 01:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 12:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/25 00:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 08:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 12:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011/09/29 11:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 12:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/09/29 12:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\System32\drivers\tcpip.sys
[2011/09/29 12:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/25 02:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011/04/25 00:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011/06/21 01:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/14 02:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/14 02:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/21 01:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/21 02:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

And the Extras report:

OTL Extras logfile created on: 4/15/2012 6:49:41 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Anthony\Desktop\Security Programs\Bleeping Computer
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 42.89% Memory free
5.99 Gb Paging File | 4.08 Gb Available in Paging File | 68.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 46.94 Gb Free Space | 10.42% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.03 Gb Free Space | 66.87% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 16.17 Gb Free Space | 1.74% Space Free | Partition Type: FAT32

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{05227385-5073-46ED-9035-B1910E2613CC}" = DSmobileSCAN II
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = FileViewerUtility 1.0
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E6B0316-DE2E-A753-CAD6-0BA70B90B4E4}" = Catalyst Control Center InstallProxy
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1BDEB6E2-6706-4132-A5D3-99190C6BECD8}" = DSmobile 600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}" = Canon Camera WIA Driver
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}" = ArcSoft Camera Suite
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6DFC3130-21C9-D22C-E2CA-E2A0782EC232}" = YNAB 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = PhotoStitch
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = RemoteCapture 2.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{CFA679D8-5216-4E10-B7D3-BA4033A6991E}" = i80 Setup Utility
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E064390A-2F64-4195-9A55-30D4B20B865A}" = WDCSAM Driver
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E428B557-A5D7-4F38-ACD9-1BEFBBF3ABB3}" = Presto! PageManager 7.16.80
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Any Video Converter_is1" = Any Video Converter 2.7.8
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1" = YNAB 3
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 845 Series" = EPSON WorkForce 845 Series Printer Uninstall
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = Canon Utilities FileViewerUtility 1.0
"InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}" = Canon PowerShot S45 WIA Driver
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA Driver
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = Canon Utilities RemoteCapture 2.6
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"NIS" = Norton Internet Security
"PhotoRecord" = Canon PhotoRecord
"PROSet" = Intel® PRO Network Connections Drivers
"PROSetDX" = Intel® PRO Network Connections 12.1.12.4
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"Whale Communications' Client Components 3.1.0" = Whale Communications' Client Components v4.0.0
"Winmail Opener" = Winmail Opener 1.4
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2177584724-3349562556-1696289249-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Google Chrome" = Google Chrome
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Networks_Cache_Cleaner 6.0.0" = Juniper Networks Cache Cleaner 6.0.0
"Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Meebo Notifier" = Meebo Notifier
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


After executing each of the steps in your last post, I did perform a few searches in Google Chrome. During those searches, I was not redirected to other websites.

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:24 PM

Posted 15 April 2012 - 02:47 PM

Hi josh,



Did you tried to clean install MBAM?
Please try the following:

Please go ahead and uninstall MBAM from the Control Panel.

Download the MBAM Cleanup Utility from here.
Double-click on mbam-clean.exe to start the utility.
When the cleanup routine has finished, it will ask to reboot your computer. Please allow it to do so very important.



After the computer restarts, please download Malwarebytes Anti-Malware 1.61.0.1400 Final and save it to your desktop.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



If the problem still persist please do this:



Please go ahead and open C:\Windows\Minidump\, copy the *.dmp files to your Desktop, zip them (right-click > Send to > compressed folder) and attach the zip file to your post or upload it here => http://www.filedropper.com/ and post the download link in your next reply. I want to send the files to the developer so he can fix that in the next version.



Is it possible that this problem is due to some kind of incompatibility with other security software installed on your system. I noticed some leftovers from AVAST, AVG etc.


Also I contacted the MBAM development team to take a look at the issue.


The logs looks good. There are only a few orphans left.



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=0Rh1wddCCIy8e8l0Y_0OGqwvqCY?q={searchTerms}
    IE - HKU\S-1-5-21-2177584724-3349562556-1696289249-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    [2012/03/29 07:23:39 | 000,000,679 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.


Regards,
Georgi

cXfZ4wS.png


#9 josh131

josh131
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 15 April 2012 - 08:27 PM

Per your instructions, I did a clean install of MBAM and the full scan completed sucessfully. The log file is below:



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anthony :: ANTHONY-PC [administrator]

Protection: Enabled

4/15/2012 4:28:43 PM
mbam-log-2012-04-15 (16-28-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 482240
Time elapsed: 2 hour(s), 35 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here is the log file for the OTL execution:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2177584724-3349562556-1696289249-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anthony
->Temp folder emptied: 65209766 bytes
->Temporary Internet Files folder emptied: 223617164 bytes
->Java cache emptied: 23893084 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 346749363 bytes
->Apple Safari cache emptied: 3740672 bytes
->Flash cache emptied: 5884175 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1584102 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 640.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04152012_211556

Files\Folders moved on Reboot...
C:\Users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1PMYIUJ\topic449873[2].htm moved successfully.
File\Folder C:\Windows\temp\JET424.tmp not found!

Registry entries deleted on Reboot...

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:24 PM

Posted 16 April 2012 - 03:58 AM

Hi josh,



Great work! One final check:


I'd like us to scan your machine with ESET OnlineScan


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Regards,
Georgi

cXfZ4wS.png


#11 josh131

josh131
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 17 April 2012 - 06:00 AM

After completing the ESET scan, the program stated No Threats Were Found. There was no option to download a log/txt file.

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:24 PM

Posted 17 April 2012 - 06:06 AM

Hi josh,


That's great.
I am at work right now and I'll give you my final recommendation a bit later.


Regards,
Georgi

cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:24 PM

Posted 17 April 2012 - 03:12 PM

Hi josh131,



Nicely done !
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.





STEP 1 UPDATING TASKS





It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.

Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.

You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose:

Patch My PC 2.0.2 Final

Posted Image





Visit Microsoft's Windows Update Site Frequently



It is important that you visit Windows Update regularly.

This will ensure your computer has always the latest security updates available installed on your computer.

If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.





STEP 2 CLEANUP



1. Uninstall Combofix - The following will implement some cleanup procedures as well as reset System Restore points:


  • Right-click on the Windows "Start" button.
  • Click "Properties."
  • Click "Customize" on the "Taskbar and Start Menu Properties" screen.
  • Place a check mark next to "Run" command on the list of options.
  • Click "OK."
  • Click the Windows logo to open the Start menu. The "Run" command is now present and can be clicked to open a "Run" dialog.
  • Click Start > Run and copy/paste the following bolded text into the Run box and click OK => ComboFix /Uninstall and hit Enter
.



2. To remove all of the tools we used and the files and folders they created, please do the following:



Please reopen Posted Image on your desktop.

In the upper right click CleanUp

Posted Image

This will delete OTL and will clean up after it.


Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


You can uninstall now - ESET Online Scanner v3.





STEP 3 SECURITY ADVICES



Keep your antivirus software turned on and up-to-date


  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.




Install an AntiSpyware Program



An effective scanner that you already have is Malwarebytes Anti-Malware.

Other highly recommended AntiSpyware program is SuperAntiSpyware.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection.

You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Be sure to check for and download any definition updates prior to performing a scan.





Practice Safe Internet



One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:


  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.




Create an image of your system



It is always a good idea to do a backup of all important files just in case something happens it.

Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.

The download link is here => http://www.macrium.com/reflectfree.asp

The tutorials can be found here => http://kb.macrium.com/KnowledgebaseArticle50074.aspx

Be sure to read the tutorial first.



Follow this list and your potential for being infected again will reduce dramatically.



Safe Surfing ! ;)



Regards,
Georgi

Edited by B-boy/StyLe/, 17 April 2012 - 03:26 PM.

cXfZ4wS.png


#14 josh131

josh131
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 17 April 2012 - 06:47 PM

Thanks for all your help! I really appreciate your time and effort in assisting me.

#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:24 PM

Posted 17 April 2012 - 07:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users