Jump to content

Как да махна този вирус от Skype


Препоръчан пост

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
msconfig
safebootminimal
safebootnetwork
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp*.*
%windir%\system32\*. 
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\DBBK\*.* /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_MSIL\*.* /S /MD5
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
/md5start
smss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
explorer.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
hlp.dat
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

Link to comment
Сподели другаде

  • 3 weeks later...
  • Отговори 68
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

ТОП потребители в тази тема

Публикувани изображения

OTL logfile created on: 24.5.2012 12:16:04 - Run 3

OTL by OldTimer - Version 3.2.33.2 Folder = D:\Users\User\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy

 

3.91 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 48.29% Memory free

7.82 Gb Paging File | 5.76 Gb Available in Paging File | 73.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 65.66 Gb Total Space | 30.20 Gb Free Space | 46.00% Space Free | Partition Type: NTFS

Drive D: | 400.00 Gb Total Space | 359.77 Gb Free Space | 89.94% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012.05.24 12:15:45 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe

PRC - [2012.05.24 11:54:51 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Local\Temp\5724785.exe

PRC - [2012.05.23 18:27:27 | 000,066,048 | RHS- | M] () -- C:\Users\User\P-7-78-8964-9648-3874\winusm.exe

PRC - [2012.05.06 07:17:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012.04.27 14:12:47 | 000,773,624 | ---- | M] (bProtector) -- C:\ProgramData\bProtector\bProtect.exe

PRC - [2012.02.26 22:20:04 | 000,583,680 | ---- | M] (OldTimer Tools) -- D:\Users\User\Downloads\OTL.exe

PRC - [2012.01.27 13:02:27 | 000,737,656 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2012.01.19 13:30:04 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

PRC - [2011.12.14 14:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011.08.19 15:52:06 | 000,132,808 | ---- | M] (Intel® Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe

PRC - [2011.08.19 15:52:04 | 001,631,944 | ---- | M] (Intel® Corporation) -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe

PRC - [2011.08.19 15:47:50 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe

PRC - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2011.02.22 07:20:22 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011.02.22 07:20:18 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010.11.21 06:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe

PRC - [2010.11.08 18:40:10 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2010.08.10 22:44:14 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

PRC - [2010.08.10 22:43:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

PRC - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

PRC - [2007.04.21 09:30:54 | 000,270,336 | ---- | M] () -- C:\Windows snp325.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012.05.24 12:15:46 | 000,009,728 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\nst3979.tmp\System.dll

MOD - [2012.05.23 18:27:27 | 000,066,048 | RHS- | M] () -- C:\Users\User\P-7-78-8964-9648-3874\winusm.exe

MOD - [2012.05.06 07:17:18 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012.05.05 20:33:17 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

MOD - [2012.04.03 23:17:55 | 000,790,520 | ---- | M] () -- C:\Windows\SysWOW64\protector.dll

MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

MOD - [2010.10.20 16:45:26 | 008,801,120 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll

MOD - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe

MOD - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe

MOD - [2007.04.21 09:30:54 | 000,270,336 | ---- | M] () -- C:\Windows snp325.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.02.28 15:19:38 | 000,163,496 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)

SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.05.06 07:17:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.05 20:33:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.27 14:12:47 | 000,773,624 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtector\bProtect.exe -- (bProtector)

SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.12.14 14:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011.08.19 15:52:06 | 000,132,808 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe -- (IduService) Intel®

SRV - [2011.08.19 15:47:50 | 000,061,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe -- (Intel® Desktop Boards FSC Application Service) Intel®

SRV - [2011.02.24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®

SRV - [2011.02.22 07:20:22 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011.02.22 07:20:18 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010.11.17 21:43:06 | 000,428,912 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)

SRV - [2010.11.12 08:14:04 | 003,249,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2010.11.08 18:40:10 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2010.09.07 17:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)

SRV - [2010.08.10 22:43:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2010.08.10 22:43:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.12.05 21:02:49 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011.12.05 20:43:39 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.12.05 20:04:28 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®

DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.07.15 16:35:20 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)

DRV:64bit: - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.08 07:03:04 | 000,328,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®

DRV:64bit: - [2010.11.21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.11.21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers susbhub.sys -- (tsusbhub)

DRV:64bit: - [2010.11.21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010.11.21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers erminpt.sys -- (terminpt)

DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.12 08:14:04 | 000,053,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)

DRV:64bit: - [2010.10.19 11:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010.09.17 14:10:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)

DRV:64bit: - [2010.09.17 14:10:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010.09.17 14:10:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2010.08.16 18:39:38 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)

DRV:64bit: - [2009.12.31 13:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009.09.23 04:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009.09.23 04:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009.09.23 04:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.04.02 22:12:32 | 000,118,016 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qscnusb.sys -- (MobileAdapter)

DRV:64bit: - [2007.07.24 10:22:28 | 010,719,104 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)

DRV - [2012.05.16 11:00:00 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120523.036\EX64.SYS -- (NAVEX15)

DRV - [2012.05.16 11:00:00 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120523.036\ENG64.SYS -- (NAVENG)

DRV - [2012.02.13 12:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012.02.13 12:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011.12.05 20:04:36 | 000,015,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\cpuiox64.sys -- (cpuio)

DRV - [2010.09.17 14:10:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)

DRV - [2010.09.17 14:10:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)

DRV - [2010.09.17 14:10:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)

DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=110393&babsrc=HP_ss&mntrId=22b9f1f0000000000000386077568bf8

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 AE 97 B7 EA BF CC 01 [binary data]

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\..\URLSearchHook: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - No CLSID value found

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "search the web (babylon)"

FF - prefs.js..browser.search.order.1: "search the web (babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.selectedengine: "google"

FF - prefs.js..browser.startup.homepage: "http://search.softonic.com/MON00005/tb_v1?SearchSource=13&cc="

FF - prefs.js..keyword.url: "http://search.babylon.com/?af=110393&babsrc=adbartrp&mntrid=22b9f1f0000000000000386077568bf8&q="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Magic Video Studio\codec\real\browser\plugins\nppl3260.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Magic Video Studio\codec\real\browser\plugins\nprpjplug.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=1.0.4: C:\Program Files (x86)\TorrentStream\npts.dll (The Torrent Stream and VideoLAN and Delft University of Technology)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.06 07:17:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 10:08:25 | 000,000,000 | ---D | M]

 

[2012.04.30 23:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions

[2012.05.23 21:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\kjjj8ep8.default\extensions

[2012.04.15 21:59:18 | 000,000,000 | ---D | M] (Free Lunch Design TB Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\kjjj8ep8.default\extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}

[2012.04.25 16:43:36 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\kjjj8ep8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012.04.27 14:15:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\kjjj8ep8.default\extensions\ffxtlbr@babylon.com

[2012.05.16 15:18:49 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\kjjj8ep8.default\extensions\ffxtlbra@softonic.com

[2012.05.23 21:59:44 | 000,000,000 | ---D | M] ("TimeLineRemove.Com") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\kjjj8ep8.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack

[2011.12.13 17:03:14 | 000,000,925 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kjjj8ep8.default\searchplugins\conduit.xml

[2012.03.21 00:10:00 | 000,020,626 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kjjj8ep8.default\searchplugins\SearchTheWeb.xml

[2012.04.30 22:52:45 | 000,002,519 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kjjj8ep8.default\searchplugins\Search_Results.xml

[2012.04.09 20:24:18 | 000,002,060 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kjjj8ep8.default\searchplugins\softonic.xml

[2012.02.23 18:44:50 | 000,003,934 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kjjj8ep8.default\searchplugins\sweetim.xml

[2012.04.30 23:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.03.10 20:32:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.05.06 07:17:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJJJ8EP8.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI

() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJJJ8EP8.DEFAULT\EXTENSIONS\ABVNOTIFIER@NETINFO.BG.XPI

[2012.05.06 07:17:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.03.26 18:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2008.09.10 22:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2009.01.23 14:09:04 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2009.01.23 14:09:04 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2009.01.23 14:09:04 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2009.01.23 14:09:04 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2009.01.23 14:09:04 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2008.09.10 22:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2012.03.21 15:53:38 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml

[2012.04.27 14:12:56 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.03.21 15:53:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.03.21 15:53:38 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml

[2012.05.06 07:17:17 | 000,003,413 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2012.04.30 22:52:45 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012.03.21 15:53:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins witter.xml

[2012.03.21 15:53:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml

[2012.03.21 15:53:38 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Search the web (Softonic) (Enabled)

CHR - default_search_provider: search_url = http://search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=49&cc=

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nprpjplug.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin5.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Torrent Stream P2P Multimedia Plug-in (Enabled) = C:\Program Files (x86)\TorrentStream\npts.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: uTorrentBar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\

CHR - Extension: Facepad = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo\3.0_0\

CHR - Extension: Anna Sui = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\

CHR - Extension: Farm Frenzy 2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfpkddmnpgkibhaebjicfmgmmbdjmap\1.1_0\

CHR - Extension: Pixlr-o-matic = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj\1.2_0\

CHR - Extension: Bomb \u0422\u044F = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffcmdbjaleiijdlgfdloenebnhfjejff\1.0_0\

CHR - Extension: GEO+ = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidhlplliphaijlenolgdojklmgbonnf\1.2.48_0\

CHR - Extension: \u0427\u0430\u0441\u043E\u0432\u043D\u0438\u043A = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.9_0\

CHR - Extension: Slideshow for Facebook, Flickr, Google Images = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadoamiodbhegcgakpkgfcpangpcemgm\0.0.2_0\

CHR - Extension: Super Mario Bros = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbanmklbelbcamgokhjgcojkogbgkig\2.1_0\

CHR - Extension: Alarm Clock Radio = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi\1.6_0\

CHR - Extension: \u0427\u0430\u0441\u043E\u0432\u043D\u0438\u043A = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg\1.6_0\

CHR - Extension: Favorite Doodle = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.22_0\

CHR - Extension: Melanto Calculator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioffklpggjkmgpndbfklpnclpohpjid\2.0.0.5_0\

CHR - Extension: Facebook Notifications = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\

CHR - Extension: piZap photo editor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok\4.2.2_0\

CHR - Extension: Pomodoro.me = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdkkfpnoobbihpjbophkgcibemmmidhk\1.0.2_0\

CHR - Extension: Cut the Fruits = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnohjlogfpfnejepjlmogepeehoepfob\1.0_0\

 

O1 HOSTS File: ([2009.06.11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (BHO_TIMELINEREMOVE.Bho) - {e7b9b609-19ad-40a4-a288-b300a3087465} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O2 - BHO: (Помощник за връзки на Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (BHO_TIMELINEREMOVE.Bho) - {e7b9b609-19ad-40a4-a288-b300a3087465} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\..\Toolbar\WebBrowser: (no name) - {A5AE8924-4036-420F-B7F6-A47E4B8F692E} - No CLSID value found.

O3 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.

O3 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()

O4 - HKLM..\Run: [ipTray.exe] C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe (Intel® Corporation)

O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [tsnp325] C:\Windows snp325.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000..\Run: [LiveChristmasTree] D:\Users\User\Downloads\Desktop\LiveChristmasTree.exe File not found

O4 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000..\Run: [Microsoft Windows System] C:\Users\User\P-7-78-8964-9648-3874\winusm.exe ()

O4 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\S-1-5-21-3854363644-2056412137-422745305-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.10.240.2 217.10.240.242

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D50F0E-1B3B-4649-A3DB-FD842B367636}: DhcpNameServer = 217.10.240.2 217.10.240.242

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter ext/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter ext/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (protector.dll) - File not found

O20 - AppInit_DLLs: (protector.dll) - C:\Windows\SysWow64\protector.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative spkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64 spkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{54bff111-8656-11e1-9056-386077568bf8}\Shell - "" = AutoRun

O33 - MountPoints2\{54bff111-8656-11e1-9056-386077568bf8}\Shell\AutoRun\command - "" = G:\iStudio.exe

O33 - MountPoints2\{96cd7d6a-1f66-11e1-9487-386077568bf8}\Shell - "" = AutoRun

O33 - MountPoints2\{96cd7d6a-1f66-11e1-9487-386077568bf8}\Shell\AutoRun\command - "" = F:\Setup.exe

O33 - MountPoints2\{c664e10a-4c9a-11e1-a3db-386077568bf8}\Shell - "" = AutoRun

O33 - MountPoints2\{c664e10a-4c9a-11e1-a3db-386077568bf8}\Shell\AutoRun\command - "" = G:\PcOptions.exe

O33 - MountPoints2\{c664e10b-4c9a-11e1-a3db-386077568bf8}\Shell - "" = AutoRun

O33 - MountPoints2\{c664e10b-4c9a-11e1-a3db-386077568bf8}\Shell\AutoRun\command - "" = G:\PcOptions.exe

O33 - MountPoints2\{c664e13b-4c9a-11e1-a3db-386077568bf8}\Shell - "" = AutoRun

O33 - MountPoints2\{c664e13b-4c9a-11e1-a3db-386077568bf8}\Shell\AutoRun\command - "" = G:\PcOptions.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 90 Days ==========

 

[2012.05.24 12:16:16 | 000,000,000 | ---D | C] -- D:\Users\User\Documents\My Digital Editions

[2012.05.24 12:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2012.05.23 18:27:27 | 000,000,000 | ---D | C] -- C:\Users\User\P-7-78-8964-9648-3874

[2012.05.19 21:03:39 | 010,719,104 | ---- | C] (Sonix Co. Ltd.) -- C:\Windows\SysNative\drivers\snp325.sys

[2012.05.19 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\snp325

[2012.05.19 20:52:02 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\amcap.exe

[2012.05.19 20:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CANYON USB PC Camera

[2012.05.19 20:51:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield

[2012.05.17 09:00:51 | 000,000,000 | ---D | C] -- D:\Users\User\Documents\Outlook Files

[2012.05.06 07:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.05.06 07:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.05.05 17:17:53 | 000,000,000 | ---D | C] -- D:\Users\User\Downloads\Desktop\Нова папка (2)

[2012.05.03 20:48:26 | 000,000,000 | ---D | C] -- D:\Users\User\Downloads\Desktop\Панагюрище2012

[2012.04.27 18:17:12 | 000,827,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll

[2012.04.27 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fruit Ninja HD

[2012.04.24 08:07:50 | 000,000,000 | ---D | C] -- C:\Users\User\DxReport

[2012.04.24 08:07:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LaunchPad

[2012.04.17 09:23:30 | 000,000,000 | R--D | C] -- C:\Users\User\Dropbox

[2012.04.17 09:19:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox

[2012.04.15 21:58:51 | 000,000,000 | ---D | C] -- C:\games

[2012.04.14 18:33:03 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.13 18:16:54 | 000,000,000 | ---D | C] -- D:\Users\User\Documents\Web Page Maker

[2012.04.13 18:16:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Web Page Maker

[2012.04.13 18:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Page Maker

[2012.04.13 08:14:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MonoGRAF

[2012.04.13 08:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonoGRAF

[2012.04.04 14:20:38 | 000,000,000 | ---D | C] -- D:\Users\User\Downloads\Desktop\noi

[2012.04.03 22:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLineRemove

[2012.04.03 21:53:27 | 000,000,000 | ---D | C] -- D:\Users\User\Downloads\Desktop\Нова папка

[2012.04.02 18:16:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Opera

[2012.04.02 18:16:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Opera

[2012.04.02 18:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2012.03.29 10:11:27 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.03.29 10:11:27 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.03.26 08:35:45 | 000,000,000 | ---D | C] -- C:\Windows emp

[2012.03.25 15:03:19 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

[2012.03.25 14:51:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\poigraem

[2012.03.25 14:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\poigraem

[2012.03.25 14:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games

[2012.03.25 14:11:46 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.007

[2012.03.25 14:11:45 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.006

[2012.03.25 12:51:12 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.005

[2012.03.25 12:51:11 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.004

[2012.03.25 09:32:30 | 000,000,000 | ---D | C] -- D:\Users\User\Documents\GTA San Andreas User Files

[2012.03.25 09:29:25 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.003

[2012.03.25 09:29:24 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.002

[2012.03.25 09:28:51 | 000,265,785 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysWow64\pixomatic.dll

[2012.03.25 09:28:50 | 001,500,160 | ---- | C] (Borland Corporation) -- C:\Windows\SysWow64\cc3260mt.dll

[2012.03.25 09:28:50 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp50.dll

[2012.03.25 09:28:50 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcp70.dll

[2012.03.25 09:28:50 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.001

[2012.03.25 09:28:50 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvcr70.dll

[2012.03.25 09:28:50 | 000,188,416 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\eax.dll

[2012.03.25 09:28:50 | 000,161,280 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Windows\SysWow64\fmod.dll

[2012.03.25 09:28:50 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvci70.dll

[2012.03.25 09:28:50 | 000,022,016 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\borlndmm.dll

[2012.03.25 09:28:49 | 000,442,368 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll

[2012.03.25 09:28:49 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64 emp.000

[2012.03.23 13:58:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vloader-bg

[2012.03.23 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vloader-bg

[2012.03.23 13:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vloader-bg

[2012.03.23 13:37:36 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll

[2012.03.23 13:37:36 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll

[2012.03.23 13:37:36 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll

[2012.03.23 13:37:36 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll

[2012.03.23 13:37:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Real

[2012.03.23 13:37:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Real

[2012.03.23 13:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2012.03.23 13:37:34 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll

[2012.03.23 13:37:32 | 000,090,112 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx

[2012.03.23 13:37:32 | 000,057,344 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

[2012.03.23 13:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012.03.18 23:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy-PizzaParty

[2012.03.18 23:16:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Pizza Party

[2012.03.11 16:39:26 | 000,000,000 | ---D | C] -- D:\Users\User\Documents\GTA3 User Files

[2012.03.11 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2012.03.11 10:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse

[2012.03.11 10:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia

[2012.03.11 10:21:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Muse

[2012.03.11 10:15:55 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop

[2012.03.11 09:56:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Big Fish Games

[2012.03.10 20:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.03.10 20:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.03.10 19:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo

[2012.03.10 19:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo

[2012.03.10 14:37:56 | 000,000,000 | -HSD | C] -- C:\found.000

[2012.03.09 20:13:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012.03.09 06:20:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012.03.08 18:41:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\eType

[2012.03.08 18:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtector

[2012.02.25 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes

[2012.02.25 20:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.25 20:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.25 20:57:15 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.02.25 20:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.02.25 14:38:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\skypePM

[2012.02.25 14:36:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2011.02.24 01:10:36 | 000,020,432 | ---- | C] (Intel Corporation) -- C:\Users\User\AppData\Roaming\JomCap.dll

[1 D:\Users\User\Downloads\Desktop\*.tmp files -> D:\Users\User\Downloads\Desktop\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2012.05.24 12:15:59 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk

[2012.05.24 12:00:22 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.24 12:00:22 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.24 11:55:23 | 000,000,266 | ---- | M] () -- C:\Windows asks\AutoKMS.job

[2012.05.24 11:54:16 | 000,000,990 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskMachineCore.job

[2012.05.24 11:53:02 | 3149,205,504 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.24 11:50:06 | 000,000,994 | ---- | M] () -- C:\Windows asks\GoogleUpdateTaskMachineUA.job

[2012.05.24 11:50:03 | 000,000,924 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-3854363644-2056412137-422745305-1000UA.job

[2012.05.24 11:33:03 | 000,000,830 | ---- | M] () -- C:\Windows asks\Adobe Flash Player Updater.job

[2012.05.23 20:58:03 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2012.05.23 20:46:10 | 000,961,343 | ---- | M] () -- D:\Users\User\Downloads\Desktop\Без заглавие.wma

[2012.05.23 18:33:29 | 000,262,978 | ---- | M] () -- D:\Users\User\Downloads\Desktop\IMG_23052012_183301.png

[2012.05.23 14:50:00 | 000,000,902 | ---- | M] () -- C:\Windows asks\FacebookUpdateTaskUserS-1-5-21-3854363644-2056412137-422745305-1000Core.job

[2012.05.22 07:51:19 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.05.22 07:51:19 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.05.22 07:51:19 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.05.21 14:09:04 | 000,113,840 | ---- | M] () -- D:\Users\User\Downloads\Desktop\liliq2.bmp

[2012.05.19 20:53:28 | 330,156,749 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.05.05 20:33:17 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.05.05 20:33:17 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.05.05 20:33:03 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.30 19:13:01 | 000,221,369 | ---- | M] () -- D:\Users\User\Downloads\Desktop\2011-11-21-D04-11-Prilojenie-DL.pdf

[2012.04.27 18:17:14 | 000,827,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll

[2012.04.27 14:13:01 | 000,001,359 | ---- | M] () -- C:\user.js

[2012.04.03 23:17:55 | 000,790,520 | ---- | M] () -- C:\Windows\SysWow64\protector.dll

[2012.03.20 14:38:21 | 003,597,717 | ---- | M] () -- D:\Users\User\Downloads\Desktop\Ивана - Остави ме.mp3

[2012.03.12 14:57:36 | 002,371,253 | ---- | M] () -- D:\Users\User\Downloads\Desktop\Peshterska_velikden_157x220.pdf

[2012.03.10 20:32:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.03.10 19:24:55 | 000,000,017 | ---- | M] () -- C:\Users\User\AppData\Local\resmon.resmoncfg

[2012.02.25 20:57:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.25 14:38:54 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

[1 D:\Users\User\Downloads\Desktop\*.tmp files -> D:\Users\User\Downloads\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012.05.24 12:15:59 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk

[2012.05.24 12:15:59 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk

[2012.05.23 20:46:10 | 000,961,343 | ---- | C] () -- D:\Users\User\Downloads\Desktop\Без заглавие.wma

[2012.05.23 18:33:29 | 000,262,978 | ---- | C] () -- D:\Users\User\Downloads\Desktop\IMG_23052012_183301.png

[2012.05.21 14:09:04 | 000,113,840 | ---- | C] () -- D:\Users\User\Downloads\Desktop\liliq2.bmp

[2012.05.21 14:08:31 | 000,921,624 | ---- | C] () -- C:\img2-001.raw

[2012.05.19 21:03:39 | 000,978,432 | ---- | C] ( ) -- C:\Windows\SysNative\vsnp325.dll

[2012.05.19 21:03:39 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpx32.dll

[2012.05.19 21:03:39 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysNative\csnp325.dll

[2012.05.19 20:52:02 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2012.05.19 20:52:01 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe

[2012.05.19 20:52:01 | 000,270,336 | ---- | C] () -- C:\Windows snp325.exe

[2012.05.19 20:52:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll

[2012.05.19 20:52:01 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini

[2012.05.19 20:52:01 | 000,013,023 | ---- | C] () -- C:\Windows\snp325.src

[2012.05.19 20:52:00 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll

[2012.05.19 20:52:00 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll

[2012.04.25 18:24:03 | 000,221,369 | ---- | C] () -- D:\Users\User\Downloads\Desktop\2011-11-21-D04-11-Prilojenie-DL.pdf

[2012.04.03 23:17:55 | 000,790,520 | ---- | C] () -- C:\Windows\SysWow64\protector.dll

[2012.03.29 10:11:28 | 000,000,830 | ---- | C] () -- C:\Windows asks\Adobe Flash Player Updater.job

[2012.03.20 14:38:20 | 003,597,717 | ---- | C] () -- D:\Users\User\Downloads\Desktop\Ивана - Остави ме.mp3

[2012.03.12 14:57:36 | 002,371,253 | ---- | C] () -- D:\Users\User\Downloads\Desktop\Peshterska_velikden_157x220.pdf

[2012.03.10 20:32:33 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.03.10 19:24:55 | 000,000,017 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg

[2012.03.09 20:13:47 | 330,156,749 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012.02.25 20:57:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.25 14:38:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2012.02.02 15:43:55 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{AAB8F5A5-B791-40CE-A582-EDF2312F9242}

[2011.12.29 12:54:59 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll

[2011.12.05 20:35:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011.12.05 20:35:31 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2011.12.05 20:35:31 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.12.05 20:35:31 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.12.05 20:35:31 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

[2011.12.05 20:35:30 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011.12.05 19:46:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.12.05 19:46:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

 

========== LOP Check ==========

 

[2011.12.05 20:32:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AIMP

[2011.12.07 11:32:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon

[2012.03.11 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Big Fish Games

[2012.03.11 11:08:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite

[2012.04.30 23:13:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox

[2012.04.27 15:05:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eType

[2011.12.05 20:41:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImgBurn

[2012.04.24 08:07:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LaunchPad

[2012.03.11 10:22:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Muse

[2012.02.23 18:39:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy

[2012.04.02 18:16:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera

[2012.05.24 12:14:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent

[2012.03.26 08:57:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vloader-bg

[2012.04.13 18:31:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Web Page Maker

[2012.05.24 11:55:23 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job

[2012.05.23 14:50:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3854363644-2056412137-422745305-1000Core.job

[2012.05.24 11:50:03 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3854363644-2056412137-422745305-1000UA.job

[2012.05.13 20:00:16 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2012.05.24 11:53:02 | 3149,205,504 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.23 20:58:03 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2012.05.24 11:53:28 | 4198,944,768 | -HS- | M] () -- C:\pagefile.sys

[2011.12.05 19:47:22 | 000,000,206 | ---- | M] () -- C:\Realtek.log

[2011.12.05 19:47:22 | 000,002,150 | ---- | M] () -- C:\RHDSetup.log

[2012.04.27 14:13:01 | 000,001,359 | ---- | M] () -- C:\user.js

 

< %USERPROFILE%\*.* >

[2012.05.24 12:18:00 | 003,670,016 | -HS- | M] () -- C:\Users\User\ntuser.dat

[2012.05.24 12:18:00 | 000,262,144 | -HS- | M] () -- C:\Users\User\ntuser.dat.LOG1

[2011.12.05 19:43:24 | 000,000,000 | -HS- | M] () -- C:\Users\User\ntuser.dat.LOG2

[2011.12.05 19:54:39 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2011.12.05 19:54:39 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2011.12.05 19:54:39 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2011.12.16 09:49:47 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{071f9de4-27b2-11e1-ad3d-386077568bf8}.TM.blf

[2011.12.16 09:49:47 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{071f9de4-27b2-11e1-ad3d-386077568bf8}.TMContainer00000000000000000001.regtrans-ms

[2011.12.16 09:49:47 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{071f9de4-27b2-11e1-ad3d-386077568bf8}.TMContainer00000000000000000002.regtrans-ms

[2012.01.26 20:35:03 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{27c4248f-4843-11e1-9c19-386077568bf8}.TM.blf

[2012.01.26 20:35:03 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{27c4248f-4843-11e1-9c19-386077568bf8}.TMContainer00000000000000000001.regtrans-ms

[2012.01.26 20:35:03 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{27c4248f-4843-11e1-9c19-386077568bf8}.TMContainer00000000000000000002.regtrans-ms

[2012.04.22 00:44:55 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{565f5a81-8bfa-11e1-9791-386077568bf8}.TM.blf

[2012.04.22 00:44:55 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{565f5a81-8bfa-11e1-9791-386077568bf8}.TMContainer00000000000000000001.regtrans-ms

[2012.04.22 00:44:55 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{565f5a81-8bfa-11e1-9791-386077568bf8}.TMContainer00000000000000000002.regtrans-ms

[2012.05.09 01:15:01 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{672e010b-995a-11e1-8015-386077568bf8}.TM.blf

[2012.05.09 01:15:01 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{672e010b-995a-11e1-8015-386077568bf8}.TMContainer00000000000000000001.regtrans-ms

[2012.05.09 01:15:01 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{672e010b-995a-11e1-8015-386077568bf8}.TMContainer00000000000000000002.regtrans-ms

[2011.12.13 18:59:44 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{6bb8dde2-25a3-11e1-b6e6-386077568bf8}.TM.blf

[2011.12.13 18:59:44 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{6bb8dde2-25a3-11e1-b6e6-386077568bf8}.TMContainer00000000000000000001.regtrans-ms

[2011.12.13 18:59:45 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{6bb8dde2-25a3-11e1-b6e6-386077568bf8}.TMContainer00000000000000000002.regtrans-ms

[2011.12.13 19:21:51 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{817bd262-25a6-11e1-8666-386077568bf8}.TM.blf

[2011.12.13 19:21:51 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{817bd262-25a6-11e1-8666-386077568bf8}.TMContainer00000000000000000001.regtrans-ms

[2011.12.13 19:21:51 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{817bd262-25a6-11e1-8666-386077568bf8}.TMContainer00000000000000000002.regtrans-ms

[2012.02.22 17:22:02 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{c28b2275-5d5f-11e1-9cd1-386077568bf8}.TM.blf

[2012.02.22 17:22:02 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{c28b2275-5d5f-11e1-9cd1-386077568bf8}.TMContainer00000000000000000001.regtrans-ms

[2012.02.22 17:22:02 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{c28b2275-5d5f-11e1-9cd1-386077568bf8}.TMContainer00000000000000000002.regtrans-ms

[2011.12.05 19:43:24 | 000,000,020 | -HS- | M] () -- C:\Users\User\ntuser.ini

 

< %USERPROFILE%\AppData\Local\*.* >

[2011.12.06 11:42:44 | 000,110,048 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

[2012.05.24 11:51:29 | 004,974,429 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db

[2012.03.10 19:24:55 | 000,000,017 | ---- | M] () -- C:\Users\User\AppData\Local\resmon.resmoncfg

[2008.02.05 15:28:20 | 000,000,051 | ---- | M] () -- C:\Users\User\AppData\Local\setup.txt

[2012.02.02 15:43:55 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\{AAB8F5A5-B791-40CE-A582-EDF2312F9242}

 

< %USERPROFILE%\AppData\Roaming\*.* >

[2011.02.24 01:10:36 | 000,020,432 | ---- | M] (Intel Corporation) -- C:\Users\User\AppData\Roaming\JomCap.dll

[2012.05.24 11:54:41 | 000,000,000 | -H-- | M] () -- C:\Users\User\AppData\Roaming\msnsvconfig.txt

 

< %ProgramData%\*.* >

[2012.02.25 14:38:54 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

 

< %CommonProgramFiles%\*.* >

 

< %PROGRAMFILES%\*.* >

[2009.07.14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

 

< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >

 

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

 

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

 

< %windir% emp\*.* >

[2012.04.14 09:34:01 | 000,001,996 | ---- | M] () -- C:\Windows emp\chrome_installer.log

[2012.05.23 19:21:33 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile00.sqm

[2012.05.24 11:52:03 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile01.sqm

[2012.05.24 11:56:50 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile02.sqm

[2012.05.18 15:10:06 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile03.sqm

[2012.05.18 18:44:24 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile04.sqm

[2012.05.18 20:17:34 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile05.sqm

[2012.05.19 21:05:45 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile06.sqm

[2012.05.19 21:11:05 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile07.sqm

[2012.05.19 23:50:29 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile08.sqm

[2012.05.20 09:08:47 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile09.sqm

[2012.05.20 18:44:07 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile10.sqm

[2012.05.20 20:07:38 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile11.sqm

[2012.05.21 20:37:28 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile12.sqm

[2012.05.22 11:14:42 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile13.sqm

[2012.05.22 14:48:56 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile14.sqm

[2012.05.22 15:58:09 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile15.sqm

[2012.05.22 16:59:50 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile16.sqm

[2012.05.22 17:31:38 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile17.sqm

[2012.05.23 04:15:17 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile18.sqm

[2012.05.23 18:37:44 | 000,000,608 | ---- | M] () -- C:\Windows emp\fwtsqmfile19.sqm

[2 C:\Windows emp\*.tmp files -> C:\Windows emp\*.tmp -> ]

 

< %systemroot%\system32\*.dll /lockedfiles >

[2011.12.05 20:54:23 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2011.12.05 20:54:23 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2011.09.01 05:33:10 | 009,704,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

[2011.12.05 20:54:23 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

[2012.04.03 23:17:55 | 000,790,520 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\protector.dll

 

< %systemroot%\syswow64\*.dll /lockedfiles >

[2011.12.05 20:54:23 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\syswow64\iepeers.dll

[2012.04.03 23:17:55 | 000,790,520 | ---- | M] () Unable to obtain MD5 -- C:\Windows\syswow64\protector.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /90 >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\syswow64\drivers\*.sys /90 >

 

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\assembly emp\*.* /S /MD5 >

 

< %systemroot%\assembly mp\*.* /S /MD5 >

 

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2009.07.14 04:19:59 | 000,004,608 | ---- | M] () MD5=2CBEAFED3233C20DF11B88DF909CD74F -- C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll

[2010.11.21 06:25:07 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010.11.21 06:24:01 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2009.07.14 04:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe

[2009.07.14 00:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config

[2010.11.21 06:24:26 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010.11.21 06:25:07 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2011.04.12 11:23:52 | 000,090,112 | ---- | M] () MD5=7643FE2D5D8DC339868BD4D952E0F385 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2010.11.21 06:25:06 | 000,189,952 | ---- | M] () MD5=38D88B9F15909C5EB12543B9ADD60665 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll

[2010.11.21 06:25:06 | 000,145,920 | ---- | M] () MD5=7473DCFFD01F73BA2B2621555B02E09A -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll

[2009.07.14 04:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009.07.14 04:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2009.07.14 04:23:55 | 000,008,192 | ---- | M] () MD5=79D7E7A3CB56C91FE9030C5EFE2DC13C -- C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll

[2010.11.21 06:25:11 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2011.12.05 20:16:47 | 000,370,608 | ---- | M] () MD5=99D8B5B9A5D631608242BAA23249B2E1 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

[2009.07.14 04:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2009.06.11 00:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009.06.11 00:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009.06.11 00:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009.06.11 00:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009.06.11 00:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2011.07.09 01:33:43 | 004,550,656 | ---- | M] () MD5=67A80B7ABA247E0B6D8FE0E85A58F001 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009.06.11 00:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009.06.11 00:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009.06.11 00:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009.06.11 00:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009.06.11 00:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009.06.11 00:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009.06.11 00:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009.06.11 00:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009.06.11 00:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009.06.11 00:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010.11.21 06:24:32 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010.11.21 06:23:48 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009.07.14 01:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config

[2009.07.14 04:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll

[2009.06.11 00:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009.07.14 04:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009.06.11 00:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009.07.14 04:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009.07.14 01:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config

[2009.07.14 04:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll

[2009.07.14 01:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009.07.14 04:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2010.11.21 06:24:56 | 004,218,880 | ---- | M] () MD5=8A68B7F6F17377EFC0E7B12ABE54A8A4 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009.06.11 00:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2010.11.21 06:24:56 | 001,736,536 | ---- | M] () MD5=189EF45EB56724A888159C084588155D -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010.11.21 06:24:15 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010.11.21 06:24:08 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010.11.21 06:24:07 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010.11.21 06:24:07 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2010.11.21 06:24:55 | 000,372,736 | ---- | M] () MD5=D5DB261885C0FEBF106DD3921C764F1E -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009.06.11 00:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2010.11.21 06:24:26 | 005,251,072 | ---- | M] () MD5=03A5313EEC92FB067B774C220761BD7B -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >

[2009.07.14 04:46:07 | 000,004,608 | ---- | M] () MD5=72A9C3F3B78CA92C93E78A46B3D73A7B -- C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll

[2010.11.21 06:24:42 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010.11.21 06:23:56 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2010.11.21 06:24:22 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010.11.21 06:24:42 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2010.11.21 06:24:42 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe

[2010.11.21 06:24:42 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll

[2011.04.12 11:23:52 | 000,090,112 | ---- | M] () MD5=36FC4413674DEE77D586535E7075ACB4 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2010.11.21 06:24:41 | 000,196,096 | ---- | M] () MD5=6E1F814CEEFC54E14DDBA66415823CFE -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll

[2010.11.21 06:24:41 | 000,151,040 | ---- | M] () MD5=63A87E4AEF8F906BABEF2612C2A00586 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll

[2009.07.14 04:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009.07.14 04:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2011.08.17 08:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

[2010.11.21 06:24:42 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll

[2010.11.21 06:24:42 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll

[2010.11.21 06:24:42 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll

[2010.11.21 06:24:42 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll

[2011.12.05 20:17:00 | 000,163,248 | ---- | M] () MD5=595C46715D74E357B7B2E43CE732CE89 -- C:\Windows\assembly\GAC_64\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Access.BusinessDataCatalog.DLL

[2011.12.05 20:26:44 | 000,960,384 | ---- | M] () MD5=919C1186F979FA70F48DE67980AE9BF9 -- C:\Windows\assembly\GAC_64\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll

[2011.12.05 20:17:06 | 000,140,200 | ---- | M] () MD5=07C649EDCCEB97CBAF976053D2392CC8 -- C:\Windows\assembly\GAC_64\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

[2009.07.14 04:48:19 | 000,008,192 | ---- | M] () MD5=0B61293239545BDB5CF2EF7208F225DA -- C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll

[2011.12.05 20:26:44 | 000,513,920 | ---- | M] () MD5=4F859A9734823C46F419969568B3959E -- C:\Windows\assembly\GAC_64\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll

[2010.11.21 06:24:53 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2011.12.05 20:16:47 | 000,453,040 | ---- | M] () MD5=12AA1A71A9A44F4230611CC38E85CC22 -- C:\Windows\assembly\GAC_64\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

[2009.07.14 04:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2010.11.21 06:24:49 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll

[2010.11.21 06:24:59 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009.06.10 23:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009.06.10 23:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009.06.10 23:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009.06.10 23:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2011.07.09 01:31:14 | 004,567,040 | ---- | M] () MD5=86AC5ED8B664B0929ACCAF500E8A3E49 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009.06.10 23:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009.06.10 23:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009.06.10 23:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009.06.10 23:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009.06.10 23:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009.06.10 23:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009.06.10 23:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009.06.10 23:40:02 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009.06.10 23:40:02 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009.06.10 23:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010.11.21 06:24:16 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010.11.21 06:24:24 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009.06.10 23:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009.07.14 04:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009.06.10 23:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009.07.14 04:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009.07.14 00:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009.07.14 04:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2010.11.21 06:24:53 | 003,997,696 | ---- | M] () MD5=B3B14A927ECE4440D58052E0B5679B8C -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009.06.10 23:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2010.11.21 06:24:53 | 002,255,192 | ---- | M] () MD5=04A7A2D3B9AC06609AA93834785F0C92 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010.11.21 06:24:09 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010.11.21 06:24:02 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010.11.21 06:24:01 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010.11.21 06:24:01 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2010.11.21 06:24:53 | 000,358,912 | ---- | M] () MD5=183FCB53541A77FCCF22CAAC19DD2BA0 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009.06.10 23:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2010.11.21 06:24:23 | 005,259,264 | ---- | M] () MD5=508E39B48592FD3BDE914054DDE31CCF -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5 >

[2009.06.11 00:22:40 | 000,010,752 | ---- | M] () MD5=7E8C840853FB6EBD5CC16D3C10C7C127 -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

[2010.11.21 06:24:53 | 000,165,720 | ---- | M] () MD5=501E961FEEBBDE040FB836CB5DE122C2 -- C:\Windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe

[2009.06.11 00:22:50 | 000,013,312 | ---- | M] () MD5=AAD128271C76C6596E69CFA81D765C2C -- C:\Windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

[2009.06.11 00:22:50 | 000,005,120 | ---- | M] () MD5=BA86FDE9C3B5BD2FF5EA7A99BF648E82 -- C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe

[2010.11.21 06:24:42 | 000,094,208 | ---- | M] () MD5=3AC3967EB34A432332FF4E2D971397E8 -- C:\Windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll

[2010.11.21 06:24:42 | 000,143,360 | ---- | M] () MD5=7F404ED2BAD3365F1A6452DBE40024FD -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe

[2009.07.14 00:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe.config

[2009.07.14 04:46:13 | 000,015,872 | ---- | M] () MD5=CC471B699BEF83A45837119601B70B78 -- C:\Windows\assembly\GAC_MSIL\ehiActivScp\6.1.0.0__31bf3856ad364e35\ehiActivScp.dll

[2009.07.14 04:46:13 | 000,011,776 | ---- | M] () MD5=357EB8AECD2A0F8BD6DB22485DDDE5B9 -- C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\6.1.0.0__31bf3856ad364e35\ehiBmlDataCarousel.dll

[2009.07.14 04:20:15 | 000,077,824 | ---- | M] () MD5=598383C42098DF7D0FFD61F459B6CBAF -- C:\Windows\assembly\GAC_MSIL\ehiExtens\6.1.0.0__31bf3856ad364e35\ehiExtens.dll

[2009.07.14 04:46:06 | 000,040,960 | ---- | M] () MD5=7CDDCF15C57641475340FEDEE86D69DE -- C:\Windows\assembly\GAC_MSIL\ehiiTV\6.1.0.0__31bf3856ad364e35\ehiiTV.dll

[2010.11.21 06:24:42 | 000,172,032 | ---- | M] () MD5=3B813FB741DF5CD45EB4EA36AE0F83B3 -- C:\Windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll

[2009.07.14 04:46:06 | 000,086,016 | ---- | M] () MD5=712FF5DB0DAC5697ABCA9AC6472EAC8B -- C:\Windows\assembly\GAC_MSIL\ehiTVMSMusic\6.1.0.0__31bf3856ad364e35\ehiTVMSMusic.dll

[2009.07.14 04:46:06 | 000,006,144 | ---- | M] () MD5=7F93BA47D13A831EBC7AE6EA6B7C7EFF -- C:\Windows\assembly\GAC_MSIL\ehiUPnP\6.1.0.0__31bf3856ad364e35\ehiUPnP.dll

[2009.07.14 04:20:38 | 000,032,768 | ---- | M] () MD5=62F20E48B43B44D9C6E9B4CF08FB120D -- C:\Windows\assembly\GAC_MSIL\ehiUserXp\6.1.0.0__31bf3856ad364e35\ehiUserXp.dll

[2009.07.14 04:20:51 | 000,335,872 | ---- | M] () MD5=DB2189BF0B4D192F70605F50EC30037B -- C:\Windows\assembly\GAC_MSIL\ehiVidCtl\6.1.0.0__31bf3856ad364e35\ehiVidCtl.dll

[2009.07.14 04:21:00 | 000,143,360 | ---- | M] () MD5=391EF4FF1EF376B4408C0DEFE2041DBF -- C:\Windows\assembly\GAC_MSIL\ehiwmp\6.1.0.0__31bf3856ad364e35\ehiwmp.dll

[2009.07.14 04:22:59 | 000,086,016 | ---- | M] () MD5=82A5798BD1A2FE8678A51CC9CE493F7F -- C:\Windows\assembly\GAC_MSIL\ehiWUapi\6.1.0.0__31bf3856ad364e35\ehiWUapi.dll

[2010.11.21 06:24:42 | 000,196,608 | ---- | M] () MD5=641443B48D34539ED0F58C1FC3A379F0 -- C:\Windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll

[2010.11.21 06:24:42 | 006,307,840 | ---- | M] () MD5=89AFF2261ECF21647B126E596675E302 -- C:\Windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll

[2011.04.12 11:23:38 | 000,008,192 | ---- | M] () MD5=D7081D68005C975549685E8BF129794E -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.1.0.0_en_31bf3856ad364e35\EventViewer.resources.dll

[2010.11.21 06:23:48 | 000,368,640 | ---- | M] () MD5=F046EB4BBFC631D178C6DF20819C1DE5 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.1.0.0__31bf3856ad364e35\EventViewer.dll

[2009.06.11 00:22:54 | 000,008,192 | ---- | M] () MD5=96D9E7E468D537443DE037A7E15CB804 -- C:\Windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

[2009.06.11 00:22:55 | 000,077,824 | ---- | M] () MD5=AF29AA7F2F613951A9E913B4290B2ECE -- C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

[2009.06.11 00:22:55 | 000,006,656 | ---- | M] () MD5=D051642D0ED61E2886FD8917E8B6FAFD -- C:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

[2011.12.05 20:17:06 | 000,030,608 | ---- | M] () MD5=F9260C73E50DF7670237024883F0AF55 -- C:\Windows\assembly\GAC_MSIL\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL

[2009.07.14 04:50:20 | 000,106,496 | ---- | M] () MD5=F76D606A61706863C800159442F3E9DA -- C:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe

[2010.11.21 06:24:42 | 000,741,376 | ---- | M] () MD5=F3A7B22F00F8E2F9383338BF4FF4F786 -- C:\Windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll

[2009.07.14 04:47:33 | 000,053,248 | ---- | M] () MD5=49F7D995FB172163A378CFAD66296694 -- C:\Windows\assembly\GAC_MSIL\MCESidebarCtrl\6.1.0.0__31bf3856ad364e35\MCESidebarCtrl.dll

[2009.07.14 04:47:44 | 000,118,784 | ---- | M] () MD5=32169C979FCC2937779F1299C26FFE0A -- C:\Windows\assembly\GAC_MSIL\mcglidhostobj\6.1.0.0__31bf3856ad364e35\mcglidhostobj.dll

[2010.11.21 06:24:42 | 000,207,872 | ---- | M] () MD5=C97FCB65C600CBE7A78C409DC10736FE -- C:\Windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll

[2010.11.21 06:24:42 | 000,638,976 | ---- | M] () MD5=F338EC894AA0CE005156B4AB2FF77CCC -- C:\Windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll

[2011.04.12 11:23:52 | 000,012,800 | ---- | M] () MD5=FB004F165A205E4B26EB1D71B4F22A95 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.ApplicationId.Framework.Resources.dll

[2010.11.21 06:24:41 | 000,126,976 | ---- | M] () MD5=2BBAE1D2218F1AC0C0EE39157AEE76CB -- C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework\6.1.0.0__31bf3856ad364e35\Microsoft.ApplicationId.Framework.dll

[2011.04.12 11:23:52 | 000,221,184 | ---- | M] () MD5=8A438D4F460EE93811608C3E4E885FBF -- C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.RuleWizard.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.ApplicationId.RuleWizard.Resources.dll

[2010.11.21 06:24:41 | 000,339,968 | ---- | M] () MD5=8BB311B520120F33EEAF54018C493650 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ApplicationId.RuleWizard\6.1.0.0__31bf3856ad364e35\Microsoft.ApplicationId.RuleWizard.dll

[2011.04.12 11:23:48 | 000,007,168 | ---- | M] () MD5=EE0FEDAA1ECF70EC7C201BC6FB7D256A -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll

[2009.07.14 04:46:31 | 000,057,344 | ---- | M] () MD5=6F07957980012E2C639A1469CC82BE68 -- C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll

[2009.06.11 00:14:36 | 000,106,496 | ---- | M] () MD5=550E75434C424A17A1E06669D8335C26 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

[2011.12.05 20:16:46 | 000,106,496 | ---- | M] () MD5=04F122B616D584FC58D1D108C1E30C5F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Conversion\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.dll

[2010.11.21 06:24:26 | 000,348,160 | ---- | M] () MD5=24FDCD95121E59D39DCB1585EC8C5901 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2010.11.21 06:25:00 | 000,733,184 | ---- | M] () MD5=DC6476726F4A15BF5BC8CF2C235B17C6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

[2010.11.21 06:24:00 | 000,036,864 | ---- | M] () MD5=4B177641BEBC8965220EC474D65981A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2009.06.11 00:14:40 | 000,036,864 | ---- | M] () MD5=80F89EC03B39E5A6700C9CA5A5545230 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

[2010.11.21 06:25:00 | 000,802,816 | ---- | M] () MD5=9EBE67131D1776B86410B56FFC95A5BF -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

[2010.11.21 06:24:01 | 000,655,360 | ---- | M] () MD5=5B5AEB3CEB1FC6D77E57821E6A42DE72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

[2010.11.21 06:24:59 | 000,094,208 | ---- | M] () MD5=B6EF0B4C1898D03FC7814B890FCE9B72 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

[2010.11.21 06:24:03 | 000,077,824 | ---- | M] () MD5=D7A537839EAB83BAD8F3C053098198E8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

[2011.12.05 20:26:42 | 000,116,632 | ---- | M] () MD5=907E11BDBB8943AF39BECAA6042CE80D -- C:\Windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll

[2011.04.12 11:23:52 | 000,471,040 | ---- | M] () MD5=C00F50A3A8D15F2F050A0A9838D99E97 -- C:\Windows\assembly\GAC_MSIL\Microsoft.GroupPolicy.Reporting.Resources\2.0.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.Reporting.Resources.dll

[2010.11.21 06:24:41 | 001,851,392 | ---- | M] () MD5=C21EB170F553EAD23D02B519A338F03B -- C:\Windows\assembly\GAC_MSIL\Microsoft.GroupPolicy.Reporting\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Reporting.dll

[2011.04.12 11:23:48 | 000,036,864 | ---- | M] () MD5=00BAFAF60E0E5EFCB34BF360FF65FA0F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Ink.Resources.dll

[2009.06.11 00:23:03 | 000,749,568 | ---- | M] () MD5=3CF65928E67E362D5B25424EBCC27B12 -- C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

[2011.04.12 11:23:42 | 000,016,384 | ---- | M] () MD5=4D9D34F0204D5DF8EF1DBBD704735EEB -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_en_31bf3856ad364e35\Microsoft.ManagementConsole.Resources.dll

[2009.07.14 04:21:42 | 000,188,416 | ---- | M] () MD5=F8B72BFD1D8C36E1A2C98E25C9CF2504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll

[2009.07.14 04:52:03 | 001,159,168 | ---- | M] () MD5=4184F48A2A7F0E8349BFC82734313D73 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Bml\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Bml.dll

[2009.07.14 04:51:58 | 000,024,576 | ---- | M] () MD5=675B4FDF8010FB917CC3810D4CBF7F7D -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTv.Hosting\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTv.Hosting.dll

[2009.07.14 04:51:44 | 000,086,016 | ---- | M] () MD5=CA7C89AEAC56920195226101750DBCD9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.iTV\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.dll

[2009.07.14 04:52:21 | 000,045,056 | ---- | M] () MD5=7BCAA93888177CF3C58EA93EFB648E54 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.ITVVM\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.ITVVM.dll

[2010.11.21 06:24:42 | 001,572,864 | ---- | M] () MD5=0CFCDCFB9D28CE7AFC3F1823250ABE71 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll

[2010.11.21 06:24:42 | 000,241,664 | ---- | M] () MD5=3E1A7D201A38D73F14FFE90909B38A86 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll

[2010.11.21 06:24:42 | 002,596,864 | ---- | M] () MD5=732807787D6FA99791370D934360AE4C -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll

[2010.11.21 06:24:42 | 000,385,024 | ---- | M] () MD5=2F4797433A371756FE937CE802C2F313 -- C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll

[2011.12.05 20:16:46 | 000,069,632 | ---- | M] () MD5=10C19F7F60984E70F771B833E0543B1D -- C:\Windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll

[2011.12.05 20:17:11 | 000,096,128 | ---- | M] () MD5=DEC87A5053CE125612D0ECD22CE8A7CC -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll

[2011.12.05 20:16:52 | 000,018,304 | ---- | M] () MD5=3E473BF3BBA2B5A7EE19D47BD7E1BC80 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.Intl.dll

[2011.12.05 20:26:43 | 000,567,168 | ---- | M] () MD5=D68DD876EA0DE201095499AB3B4A1DC2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll

[2011.12.05 20:16:54 | 000,079,744 | ---- | M] () MD5=F883843E31FAE60536A76DE8908DA097 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.Intl.dll

[2011.12.05 20:17:13 | 000,665,472 | ---- | M] () MD5=4BD743C646EE2F47DDFEEAC9393E7033 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.dll

[2011.12.05 20:16:54 | 000,051,072 | ---- | M] () MD5=7133E8677E11DC09D12DAB476C068DE1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.Intl.dll

[2011.12.05 20:26:43 | 001,689,472 | ---- | M] () MD5=E47BBE96323350665A90709686461EB5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll

[2011.12.05 20:16:52 | 000,051,072 | ---- | M] () MD5=E60068937F2F8DFDAD8474C2058A28C7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.AutoGen\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.AutoGen.dll

[2011.12.05 20:26:43 | 000,169,856 | ---- | M] () MD5=196F29BD6A1504F57FC4AF0C366A8459 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll

[2011.12.05 20:26:43 | 000,427,904 | ---- | M] () MD5=D71FA1C48EF02AE35F1D6AAACA5B453E -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll

[2011.12.05 20:17:11 | 000,206,720 | ---- | M] () MD5=E1C01B2AF154DE8C5FBF322C22929D5B -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.intl.dll

[2011.12.05 20:16:48 | 000,546,704 | ---- | M] () MD5=46B44E2EC2A58FD51278CAE5CE1AF801 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll

[2011.12.05 20:17:06 | 000,042,880 | ---- | M] () MD5=CF202A917D36E48FAD6F57115D643536 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\14.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll

[2011.12.05 20:16:48 | 000,014,224 | ---- | M] () MD5=E86AE27B4D35D9E7E9AA276BD84019AB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Permission\14.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll

[2011.12.05 20:16:50 | 000,034,680 | ---- | M] () MD5=F4BC7DCB4BBA0919BFF710D929F7BD14 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\14.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll

[2011.12.05 20:16:48 | 000,059,248 | ---- | M] () MD5=D45565A49811DD248532076D4374BD43 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll

[2011.12.05 20:17:00 | 000,079,744 | ---- | M] () MD5=DC036E7CE4F62CF27D915C3FF3F7DF52 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

[2011.12.05 20:26:42 | 001,857,400 | ---- | M] () MD5=7731B02D636F983056D6D880D5DF9711 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

[2011.12.05 20:17:02 | 001,550,200 | ---- | M] () MD5=E8F52D3DB6ED411C4274FBB93EB2C8B6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

[2011.12.05 20:16:47 | 000,149,368 | ---- | M] () MD5=83018ECFFD3DB34BF89C0CA0D40A214C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

[2011.12.05 20:17:06 | 000,407,440 | ---- | M] () MD5=BEEF1231C4AF6BDB0E26497970EE6DDE -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll

[2011.12.05 20:16:50 | 000,087,936 | ---- | M] () MD5=171E5A171FADDCA58EF97EBD26837863 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

[2011.12.05 20:16:48 | 000,161,656 | ---- | M] () MD5=042463EB8E2A6FADFFCE9AD2D0046BF9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

[2011.12.05 20:17:15 | 000,016,248 | ---- | M] () MD5=8C100E1FFC01FAFD93838D5024A47EDB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll

[2011.12.05 20:16:56 | 000,046,968 | ---- | M] () MD5=475A31C143A723A68B3CBDDB91142650 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OneNote\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll

[2011.12.05 20:17:16 | 000,972,664 | ---- | M] () MD5=D50EA922CCA0943744AB75E016BDE25E -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

[2011.12.05 20:16:56 | 000,025,480 | ---- | M] () MD5=95ADBFBDC616027379E0F9DCC8E35370 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

[2011.12.05 20:17:16 | 000,386,944 | ---- | M] () MD5=2FC5B525EA23A3E1B26B5F4996894A6B -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

[2011.12.05 20:17:16 | 000,247,680 | ---- | M] () MD5=DFC7276D34F4B66518A32F9AF48BA3F9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

[2011.12.05 20:16:55 | 000,019,320 | ---- | M] () MD5=2320EAD15BF728EC8FF5C9075B4A7B1F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

[2011.12.05 20:17:20 | 000,907,120 | ---- | M] () MD5=271D2874EE8021B10D6DF89307F9D463 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

[2011.12.05 20:17:02 | 000,356,352 | ---- | M] () MD5=0A8FCA67378EC92E2F304E6750DD9FD1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.v9.0.dll

[2011.12.05 20:17:02 | 000,438,272 | ---- | M] () MD5=409B1D3ED9ECAAB3D7DA66A83E1161A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.v9.0.dll

[2011.12.05 20:16:46 | 000,077,824 | ---- | M] () MD5=41D096C3E61378485D7B8AAFF00C245D -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.v9.0.dll

[2011.12.05 20:17:14 | 000,094,208 | ---- | M] () MD5=CF53CB86A8D49F5CCA58D8FF8AE246A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v9.0.dll

[2011.12.05 20:16:46 | 000,299,008 | ---- | M] () MD5=8447FB78623AACCCFC609F01D1723935 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.v9.0.dll

[2011.04.12 11:23:49 | 000,010,752 | ---- | M] () MD5=379089FDE4608B9401EC95B274542576 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll

[2010.11.21 06:24:51 | 000,102,400 | ---- | M] () MD5=6EAAC822D547374E6262AFBA30401E5F -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll

[2011.04.12 11:23:48 | 000,036,864 | ---- | M] () MD5=FFA7D0C210B6E1B47E15525053B725D4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll

[2010.11.21 06:24:51 | 000,290,816 | ---- | M] () MD5=801F0D419E2B3602218348BFB45C230D -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll

[2011.04.12 11:23:48 | 000,049,152 | ---- | M] () MD5=B32152DF054633A28F4D5E2AEDDF5F19 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll

[2010.11.21 06:24:51 | 000,667,648 | ---- | M] () MD5=2B291883E64693401A7DD55A5F35B249 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll

[2011.04.12 11:23:48 | 000,040,960 | ---- | M] () MD5=951B942088F27F3895B8B3A08E8530A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll

[2009.07.14 04:46:58 | 000,200,704 | ---- | M] () MD5=4A096A4B77AE0C49D3628CE164EEC3C2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll

[2011.04.12 11:23:47 | 000,069,632 | ---- | M] () MD5=2CF04D9D956AF6FC9381271E55AEAA91 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll

[2010.11.21 06:24:48 | 000,991,232 | ---- | M] () MD5=B4D0FCD1E5681E61534CD0DE182BB88A -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll

[2011.04.12 11:23:48 | 000,040,960 | ---- | M] () MD5=E2D60DEED2AA1F403CC63739AEF5E4A3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll

[2009.07.14 04:47:40 | 000,651,264 | ---- | M] () MD5=031F6012ED32D35DCE00CCAB160C75CF -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll

[2011.04.12 11:23:49 | 000,016,896 | ---- | M] () MD5=C197070E1F609DD5F6D0D903D8ADE915 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll

[2009.07.14 04:47:11 | 000,278,528 | ---- | M] () MD5=D05827F60C018DA99938BFAF3659C9DB -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll

[2011.04.12 11:23:48 | 000,009,216 | ---- | M] () MD5=C4A74FA93F0FDAE5E72E4AE147FE242B -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll

[2010.11.21 06:24:51 | 000,077,824 | ---- | M] () MD5=EAB08B2E94E52E818B1892C64607AB58 -- C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll

[2011.04.12 11:23:52 | 000,082,011 | ---- | M] () MD5=AF07B8B898E6D6E01EC6ECAD383C5CD0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll-Help.xml

[2011.04.12 11:23:52 | 000,005,632 | ---- | M] () MD5=78EFCB3A6DCA2C5171C7C3300C10711F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.Resources.dll

[2009.06.10 23:50:30 | 000,000,652 | ---- | M] () MD5=2B16AAD4E01313F505F21AF056730BFE -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\AppLocker.psd1

[2009.07.14 04:48:20 | 000,040,960 | ---- | M] () MD5=7AC6429FAE66CCDC81AEDC31BC8D488B -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll

[2011.04.12 11:23:52 | 000,006,656 | ---- | M] () MD5=39226D30A9F696F658F7BFB4928FE217 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.Resources.dll

[2009.07.14 04:48:29 | 000,045,056 | ---- | M] () MD5=287CB942929FB8E9268D8EA9F9B05390 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll

[2011.04.12 11:23:52 | 000,006,656 | ---- | M] () MD5=4EE82A35CC556EEDB20A06868A09BE68 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.Resources.dll

[2009.07.14 04:48:10 | 000,061,440 | ---- | M] () MD5=DDB5C74320B6C49006CC96FF07766B56 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll

[2009.07.14 04:48:16 | 000,012,800 | ---- | M] () MD5=1BE953940BFFF10AC6D90410E05EE274 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll

[2011.04.12 11:23:52 | 000,159,744 | ---- | M] () MD5=AB1789BD3E34FC06B60B9E048D411763 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.resources.dll

[2010.11.21 06:24:41 | 000,679,936 | ---- | M] () MD5=7BF39A90FD550D68E7704ADE65924D51 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.Wizards.AutomaticRuleGenerationWizard.dll

[2011.12.05 20:16:52 | 000,206,720 | ---- | M] () MD5=D42F1D676FE013CB02087394B57EAA16 -- C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.Intl.dll

[2011.12.05 20:16:47 | 000,115,744 | ---- | M] () MD5=DA5EE020BEF41DC95C3532CBAA1EA8F4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.Server\1.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.Server.dll

[2011.12.05 20:17:03 | 000,095,312 | ---- | M] () MD5=CDB528E57C8B2F62B773E6224CB811DE -- C:\Windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.SqlServerCe.dll

[2011.12.05 20:17:03 | 000,115,744 | ---- | M] () MD5=01B68622F7B4A699D52F9A0B5EA5E4EC -- C:\Windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data\1.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.dll

[2011.04.12 11:23:43 | 000,073,728 | ---- | M] () MD5=AD97A4CA111C67B9CC070DD073776B3B -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_en_31bf3856ad364e35\microsoft.tpm.resources.dll

[2009.07.14 04:48:24 | 000,192,512 | ---- | M] () MD5=05DD252C92F92A1CFCFF84903D0225B6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm\6.1.0.0__31bf3856ad364e35\Microsoft.Tpm.dll

[2009.06.11 00:14:03 | 000,397,312 | ---- | M] () MD5=130FF58B6245F78097E7619EFB61CDD2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

[2011.12.05 20:16:47 | 000,374,640 | ---- | M] () MD5=E8255378F97236BA85BCB8348B22BC74 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

[2011.12.05 20:17:00 | 000,063,336 | ---- | M] () MD5=A8873670CF41B61641920860E49EE328 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

[2009.06.11 00:23:03 | 000,110,592 | ---- | M] () MD5=A070FD9509392CEB84A3ED8F8A42A504 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

[2010.11.21 06:24:01 | 000,372,736 | ---- | M] () MD5=B424A0AF636B1D3DAE3A664285EF9795 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

[2009.06.11 00:23:04 | 000,028,672 | ---- | M] () MD5=A5B5F03020C0A01276801CF2C807FF8C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

[2010.11.21 06:24:23 | 000,610,304 | ---- | M] () MD5=DF1F3AFE18D254F759BB1A000B811C15 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

[2009.06.11 00:14:40 | 000,041,984 | ---- | M] () MD5=DD26812B72AF01116F7A1DDD4FA21E49 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

[2009.06.11 00:23:04 | 000,005,632 | ---- | M] () MD5=BBAEF0C6E310A25D3BCCAA2ADC538F82 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

[2011.12.05 20:17:02 | 000,753,664 | ---- | M] () MD5=D00A6A0220471CCB9EBA1E8EE7ECAB05 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll

[2011.12.05 20:16:46 | 000,106,496 | ---- | M] () MD5=4C36C9085957F292022E36F584EA0E1C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll

[2011.12.05 20:14:14 | 000,049,152 | ---- | M] () MD5=8FFD16D76145B82509C9D75D22515FF2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll

[2011.12.05 20:17:02 | 000,417,792 | ---- | M] () MD5=DA8D16D3A99FD45F1A37DF2DDD3FC0CC -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll

[2011.12.05 20:16:47 | 001,867,776 | ---- | M] () MD5=F43DB127C871957457660088CBFFF0DD -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll

[2011.12.05 20:17:02 | 000,024,576 | ---- | M] () MD5=2403C8D7CBFA18B0BE60DCAB36242BCC -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll

[2011.12.05 20:17:02 | 000,049,152 | ---- | M] () MD5=2EE6D1883E2D22FB49B37101D71E081E -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll

[2011.12.05 20:17:02 | 000,032,768 | ---- | M] () MD5=7EC416CB86F38CBA8B0DF9F8FAD2A1FB -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll

[2011.12.05 20:16:47 | 000,344,064 | ---- | M] () MD5=CF32AFE885C8C8C95B507FC76729F37E -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll

[2011.12.05 20:16:47 | 000,004,096 | ---- | M] () MD5=211A8C944BA151D7D672F50B5281200F -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll

[2011.12.05 20:16:47 | 000,806,912 | ---- | M] () MD5=C06A0DB8EB432218BCE6D5ABF2794813 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Publish\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.dll

[2011.12.05 20:16:47 | 000,241,664 | ---- | M] () MD5=93D6B1BE2BC860BFB0F2E11A1430CC9F -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll

[2011.12.05 20:17:02 | 000,368,640 | ---- | M] () MD5=9929C10F1EB8F8BA87A09C2B0738FEE8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll

[2011.12.05 20:16:47 | 000,015,872 | ---- | M] () MD5=159B4F6C0FDB1EDB217087E5B743A38C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll

[2011.12.05 20:16:47 | 000,286,720 | ---- | M] () MD5=F0DA890A63403E2010788FDBC1801FA7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll

[2011.12.05 20:16:47 | 000,210,848 | ---- | M] () MD5=2E57C4C703D80B484CDDE2C13BA27BF1 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll

[2011.12.05 20:26:43 | 000,041,408 | ---- | M] () MD5=01740C30C6063A7E942EA6330E88DAC6 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll

[2011.12.05 20:16:54 | 000,045,056 | ---- | M] () MD5=8510E5F664F1C9136E73A13B0C8E5357 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll

[2011.12.05 20:17:02 | 000,104,368 | ---- | M] () MD5=9C7403906909E432EA6A2511D1B3CDF2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll

[2011.12.05 20:16:47 | 000,329,632 | ---- | M] () MD5=5DDDB6F96BF41B9FE9C4AB0920A0E445 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll

[2011.12.05 20:16:47 | 000,038,832 | ---- | M] () MD5=CC5ECB09FFDD2A7915E3E98A15DF262E -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll

[2011.12.05 20:26:42 | 000,024,496 | ---- | M] () MD5=ABE26CE56EAA14ABF51E6BA779A3984E -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll

[2011.12.05 20:16:46 | 000,022,016 | ---- | M] () MD5=6581FE75715D9D6FF9BFD2264F825FB0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll

[2011.12.05 20:17:02 | 000,038,808 | ---- | M] () MD5=907114FE32F4DFB0C5EDA360BE0740C7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll

[2011.12.05 20:17:02 | 000,071,592 | ---- | M] () MD5=5949DF7B1BF7951C55A31803CD4DC6E2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll

[2011.12.05 20:26:43 | 000,035,256 | ---- | M] () MD5=9BF071EFED4CEBB1B03FDE7942E0BE80 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll

[2011.12.05 20:26:43 | 000,153,008 | ---- | M] () MD5=8EDF67A0526AC03E4EAFDB062AC273B8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll

[2011.12.05 20:17:02 | 000,143,360 | ---- | M] () MD5=BF1B6B22209E8126A184BFA2C4FB49BE -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll

[2011.12.05 20:26:43 | 000,032,688 | ---- | M] () MD5=46E3223333A8DD1684B7639F42D9584D -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll

[2011.12.05 20:16:54 | 000,077,824 | ---- | M] () MD5=DC553264A749613C331C8B989A1A9B2A -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll

[2011.12.05 20:26:42 | 000,193,472 | ---- | M] () MD5=066BB2ABAA5C8E45ED37E691355B5185 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll

[2011.12.05 20:17:14 | 000,110,592 | ---- | M] () MD5=3A717D3B1B2F5921871B0561E71DD4D8 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll

[2011.12.05 20:17:13 | 000,081,920 | ---- | M] () MD5=A7278626DFE2AAFDDBA6B8B82AA94CEF -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll

[2011.12.05 20:17:03 | 000,131,072 | ---- | M] () MD5=B169C95A3BEFA21EBA58D21992EB6A9C -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll

[2011.12.05 20:26:43 | 000,062,392 | ---- | M] () MD5=022AFCC5C5CE34EA13C706AE0A296AD4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll

[2011.12.05 20:26:43 | 000,023,976 | ---- | M] () MD5=CD8C6E27F96A8A8A894F78B1512C188A -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll

[2011.12.05 20:17:02 | 000,049,152 | ---- | M] () MD5=77249A017C234EC21BC60DABB8515896 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll

[2011.12.05 20:17:13 | 000,036,864 | ---- | M] () MD5=AD54FE98130FA82E5A75A1906F7F14A9 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll

[2011.12.05 20:17:13 | 000,053,248 | ---- | M] () MD5=07E7E7818586A3B3F1EC50E5E2511FC0 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll

[2011.12.05 20:26:43 | 000,077,752 | ---- | M] () MD5=F8EA342008DD949F1706FCAAC0E07FE7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll

[2011.12.05 20:26:43 | 000,063,408 | ---- | M] () MD5=DDD9726B8F5801145DDCE84FA40916C3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll

[2011.12.05 20:26:43 | 000,041,408 | ---- | M] () MD5=3ADC112241D4D0F55EF7EF2EDEAEDC2F -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll

[2011.12.05 20:26:43 | 000,363,936 | ---- | M] () MD5=F17156AE7E7696601B3221090AB9D20F -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll

[2011.12.05 20:16:54 | 000,036,864 | ---- | M] () MD5=0C5700ED83D92BBB5E6F70AB89C26F04 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll

[2011.12.05 20:16:54 | 000,065,536 | ---- | M] () MD5=4167FAFE231BE780D7158B0A7E5D337D -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll

[2011.12.05 20:26:43 | 000,083,896 | ---- | M] () MD5=145C93E147C9C5F809E2E1D398C4C5E4 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll

[2011.12.05 20:16:47 | 000,016,384 | ---- | M] () MD5=32595B8E2D63AFDB32845B094F039AB5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll

[2011.12.05 20:17:02 | 000,352,256 | ---- | M] () MD5=B7A2D9985997D0527AC2891E757CB17D -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll

[2011.12.05 20:17:20 | 000,073,728 | ---- | M] () MD5=763356614649448DCFB951B6341178FE -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll

[2011.12.05 20:14:14 | 000,061,440 | ---- | M] () MD5=A0501C542BB7028EFD6CE64EB460E5FF -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll

[2011.12.05 20:16:46 | 000,286,720 | ---- | M] () MD5=03FD2567D8C8AD890B41873A6F3BF489 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll

[2009.06.11 00:23:04 | 000,012,800 | ---- | M] () MD5=71C2F1A0F8FFD6D017F039AC023DE81C -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

[2009.06.11 00:23:04 | 000,032,768 | ---- | M] () MD5=45F2E4914DDCDA6F468D99FAA91911F2 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

[2011.12.05 20:17:02 | 004,202,496 | ---- | M] () MD5=FB243F67BA7C999718F9807C0392CA37 -- C:\Windows\assembly\GAC_MSIL\Microsoft.VSDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll

[2011.04.12 11:23:48 | 000,004,096 | ---- | M] () MD5=E935C47D0C44352C7D6525A1325ABED3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll

[2009.07.14 04:51:58 | 000,009,728 | ---- | M] () MD5=4D851ACFD99800153B512F98DE8EE53F -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll

[2011.04.12 11:23:48 | 000,004,096 | ---- | M] () MD5=3CC03A1C2E1969B4EF4659D07A955BD5 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll

[2009.07.14 04:49:05 | 000,010,752 | ---- | M] () MD5=22C1F179C2141626AF5AA4EE3B466F70 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll

[2011.04.12 11:23:47 | 000,004,096 | ---- | M] () MD5=83CB16FC8537B2D0A47A0D7728074CF7 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll

[2009.07.14 04:49:19 | 000,009,216 | ---- | M] () MD5=3E54B66D932C3B9ACF9A85DCBCB9012A -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll

[2011.04.12 11:23:48 | 000,004,096 | ---- | M] () MD5=C7B89E6373CAA6563CC190AF83AB8189 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll

[2009.07.14 04:49:36 | 000,008,192 | ---- | M] () MD5=46F52892AE2A9F422A992E67109C26B3 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll

[2011.04.12 11:23:49 | 000,004,096 | ---- | M] () MD5=4F99E7FCEBE740F038392F993D910CAE -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.resources.dll

[2009.07.14 04:49:35 | 000,024,576 | ---- | M] () MD5=D63EFE70138DD63ED305547E154185DB -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDHost.dll

[2011.04.12 11:23:48 | 000,006,656 | ---- | M] () MD5=332AB4925318F2B2CA3E6D31D69BBA74 -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll

[2009.07.14 04:49:35 | 000,049,152 | ---- | M] () MD5=C7266BF807067847FE533B5130F3476E -- C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll

[2011.04.12 11:23:47 | 000,013,824 | ---- | M] () MD5=DD6902F80F16E9EBDC289FFB376F921A -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll

[2010.11.21 06:24:51 | 000,286,720 | ---- | M] () MD5=045923382F35E9C922AC8693F1240645 -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll

[2009.07.14 04:49:51 | 000,007,168 | ---- | M] () MD5=FD9DC207646A40F715B2E3FA12FF8B2F -- C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll

[2009.06.11 00:23:04 | 000,007,168 | ---- | M] () MD5=E5640EF09DA87B03E78F18F850CFF728 -- C:\Windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

[2011.04.12 11:23:43 | 001,552,384 | ---- | M] () MD5=5D85FA66189E6832466C8DEE97CA8C3F -- C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_en_31bf3856ad364e35\MIGUIControls.resources.dll

[2010.11.21 06:24:15 | 003,416,064 | ---- | M] () MD5=CD35B1936F50990D1FCEAE31E2D1553F -- C:\Windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll

[2011.04.12 11:23:40 | 000,036,864 | ---- | M] () MD5=E5956455F8A07B174CF146247EC6315E -- C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_en_31bf3856ad364e35\MMCEx.Resources.dll

[2009.07.14 04:26:50 | 000,421,888 | ---- | M] () MD5=A9D4275CE5EA165C267AE05A6821CB54 -- C:\Windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll

[2011.04.12 11:23:43 | 000,004,096 | ---- | M] () MD5=930887F063E075C31E38E435F9C3D94C -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\MMCFxCommon.Resources.dll

[2009.07.14 04:26:07 | 000,110,592 | ---- | M] () MD5=E72BF459A519312B4FF7F3FA8A85BA13 -- C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll

[2011.04.12 11:23:39 | 000,049,152 | ---- | M] () MD5=341507487E1AD54BE8079C7637810C9E -- C:\Windows\assembly\GAC_MSIL\napinit.resources\6.1.0.0_en_31bf3856ad364e35\napinit.Resources.dll

[2009.07.14 04:50:10 | 000,073,728 | ---- | M] () MD5=2E112025F72F2BF1302D8D5AA9014977 -- C:\Windows\assembly\GAC_MSIL\napinit\6.1.0.0__31bf3856ad364e35\NAPINIT.DLL

[2011.04.12 11:23:39 | 000,233,472 | ---- | M] () MD5=6B24C82334B7A52A1349E6E5BB162D88 -- C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_en_31bf3856ad364e35\napsnap.resources.dll

[2009.07.14 04:50:24 | 000,454,656 | ---- | M] () MD5=6F6170493DADDBAE1AFF0A2E2FABAE34 -- C:\Windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL

[2010.11.21 06:24:16 | 001,077,248 | ---- | M] () MD5=AFA10DB13B9A0537297AEEF2CD66352F -- C:\Windows\assembly\GAC_MSIL\Narrator\6.1.0.0__31bf3856ad364e35\Narrator.exe

[2011.12.05 20:17:15 | 000,448,360 | ---- | M] () MD5=2D53B9BDBB63C6D7003A1717C9AE7346 -- C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\OFFICE.DLL

[2011.12.05 20:26:42 | 000,000,900 | ---- | M] () MD5=3B7B0D23927E9331354BFD0DFA09910F -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.config

[2011.12.05 20:26:42 | 000,011,656 | ---- | M] () MD5=A89739DC19202E0AF2319F3E5DD49FD9 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll

[2011.12.05 20:17:02 | 000,000,898 | ---- | M] () MD5=E3C1C0D2C327FEC85FB9857E3F899785 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.config

[2011.12.05 20:16:46 | 000,011,656 | ---- | M] () MD5=879AA1B9EB9923C303737F9A9684E654 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll

[2011.12.05 20:16:47 | 000,000,898 | ---- | M] () MD5=10615D207C75102FC721755BB0B3CD8E -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.config

[2011.12.05 20:17:03 | 000,011,656 | ---- | M] () MD5=272324C3519292E26C20BCA9ADD43864 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll

[2011.12.05 20:17:08 | 000,000,912 | ---- | M] () MD5=E3EFA5C36AB83B5E678ED1CADE23B412 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.config

[2011.12.05 20:16:52 | 000,011,664 | ---- | M] () MD5=EA39607C138BBADB76883FBCBD264AC4 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll

[2011.12.05 20:16:50 | 000,000,904 | ---- | M] () MD5=DCADD75D7AF7337A635A78D7C7F20D9A -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.config

[2011.12.05 20:17:08 | 000,011,664 | ---- | M] () MD5=B53912ED4735CF05D504D4AEA025FFE7 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll

[2011.12.05 20:17:16 | 000,000,902 | ---- | M] () MD5=6294F9D1634C5110426C7DAFE2F685A0 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.config

[2011.12.05 20:16:56 | 000,011,656 | ---- | M] () MD5=812A8B0FE904EEF755646C5196A858C6 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll

[2011.12.05 20:16:56 | 000,000,916 | ---- | M] () MD5=333236C30617B03AE650230780E21EAA -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.config

[2011.12.05 20:17:15 | 000,011,672 | ---- | M] () MD5=6B9BC53BC0A44CABB1F7FED4B0208D58 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll

[2011.12.05 20:17:16 | 000,000,908 | ---- | M] () MD5=EC791B712B81C85372E03A0617D24BF7 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.config

[2011.12.05 20:16:56 | 000,011,664 | ---- | M] () MD5=761343B53E834E3587E7517D37FE9D56 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll

[2011.12.05 20:17:16 | 000,000,906 | ---- | M] () MD5=449F5367C27EBC6CB917460F0DE2B0CB -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.config

[2011.12.05 20:16:56 | 000,011,664 | ---- | M] () MD5=AA8582B922BF6A110AD1422B40950720 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll

[2011.12.05 20:16:55 | 000,000,904 | ---- | M] () MD5=4F7AB727B60621BB36E47B682F4BFE23 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.config

[2011.12.05 20:17:14 | 000,011,664 | ---- | M] () MD5=4E0D9A85155F91CF8B9B66991C273301 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll

[2011.12.05 20:17:20 | 000,000,896 | ---- | M] () MD5=C018AC4E3EFFBFF5ABB8E5D9608A8762 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.config

[2011.12.05 20:17:00 | 000,011,656 | ---- | M] () MD5=0C560FE70843B466E8364DD2BC878F97 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll

[2011.12.05 20:17:00 | 000,000,880 | ---- | M] () MD5=6CF29BFDC5FA7B2FE06AE04FA0DDB1B2 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.config

[2011.12.05 20:17:20 | 000,011,640 | ---- | M] () MD5=375B11B5290424A3C92221235346CF3D -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll

[2011.12.05 20:17:15 | 000,000,850 | ---- | M] () MD5=8E5E41526B4BF8D28A10C54D04D04866 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.office\14.0.0.0__71e9bce111e9429c\Policy.11.0.office.config

[2011.12.05 20:16:55 | 000,011,104 | ---- | M] () MD5=FC885793EAC0A87C43C8F5D6EF5B45B2 -- C:\Windows\assembly\GAC_MSIL\Policy.11.0.office\14.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll

[2011.12.05 20:17:06 | 000,000,930 | ---- | M] () MD5=F3BFE3718EC61BEB4EEF7180EC9E2F66 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host.config

[2011.12.05 20:16:48 | 000,011,664 | ---- | M] () MD5=B2E5D2F672B638CC9FEE5EFDFB09B70C -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host.dll

[2011.12.05 20:17:06 | 000,000,912 | ---- | M] () MD5=8178E3FB89E1EE2F91F678D5E13367BF -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.FormControl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.FormControl.config

[2011.12.05 20:16:48 | 000,011,664 | ---- | M] () MD5=0826CD2CA41B5ACD3DA5164FEEA7022D -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.FormControl\14.0.0.0__71e9bce111e9429c\policy.12.0.Microsoft.Office.InfoPath.FormControl.dll

[2011.12.05 20:17:08 | 000,000,910 | ---- | M] () MD5=1D48EED186B3272682634155C17AAB1E -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Permission\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Permission.config

[2011.12.05 20:16:50 | 000,011,664 | ---- | M] () MD5=D6971FC530C07B6B7DFD3AC9DF8695EE -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Permission\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Permission.dll

[2011.12.05 20:16:50 | 000,000,888 | ---- | M] () MD5=66DFFED0DCD33FFAA9295DA912CC237C -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.config

[2011.12.05 20:17:08 | 000,011,664 | ---- | M] () MD5=869F08DA5E80C461F698BBB4528310F1 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.dll

[2011.12.05 20:17:00 | 000,000,908 | ---- | M] () MD5=8A9FDA784C76AEBFCC8266727C31A77D -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.config

[2011.12.05 20:16:45 | 000,011,664 | ---- | M] () MD5=84C6457AF1FD3600FCEF8531A9CD325D -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll

[2011.12.05 20:26:42 | 000,000,900 | ---- | M] () MD5=6E5E053BA637800ECBBCCDBB3C046104 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.config

[2011.12.05 20:26:42 | 000,011,656 | ---- | M] () MD5=69D1A96679BCC7A6239082D63F79945F -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.dll

[2011.12.05 20:17:20 | 000,000,898 | ---- | M] () MD5=E0CE8837AA281AE2C19739274386F0C1 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Excel.config

[2011.12.05 20:17:00 | 000,011,656 | ---- | M] () MD5=A0925184CB51086A5A8F28D6B7597EDF -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Excel.dll

[2011.12.05 20:16:47 | 000,000,898 | ---- | M] () MD5=3D00C53C80C2B84B5D948F41D1A58469 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Graph.config

[2011.12.05 20:17:03 | 000,011,656 | ---- | M] () MD5=71D8A3D576F2E236B91D30608B887853 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Graph.dll

[2011.12.05 20:17:08 | 000,000,912 | ---- | M] () MD5=A581EAC28DAEEB75339122F5C9015AD6 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml.config

[2011.12.05 20:16:52 | 000,011,664 | ---- | M] () MD5=B4285A86FC714CC0574B9070FB0E511F -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml.dll

[2011.12.05 20:16:50 | 000,000,904 | ---- | M] () MD5=544EA0940AABB6C6C918CDF6563783CF -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.InfoPath.config

[2011.12.05 20:17:08 | 000,011,664 | ---- | M] () MD5=01DC8872B977B52FCF94C6B37E2E3EAB -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\policy.12.0.Microsoft.Office.Interop.InfoPath.dll

[2011.12.05 20:17:16 | 000,000,902 | ---- | M] () MD5=44193BB603AD240A860033F7EFC2E7E8 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.config

[2011.12.05 20:16:56 | 000,011,656 | ---- | M] () MD5=F09CDD3138E5EFC8662CC948636F53A5 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.dll

[2011.12.05 20:16:55 | 000,000,916 | ---- | M] () MD5=30336C1CC94EDD19CDFB724E3A5AF015 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.config

[2011.12.05 20:17:15 | 000,011,672 | ---- | M] () MD5=45EC3053444CA47BB540E7036F50C0BA -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll

[2011.12.05 20:17:16 | 000,000,908 | ---- | M] () MD5=8199AE1C79C0443071D0352D70CE4DAA -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.PowerPoint.config

[2011.12.05 20:16:56 | 000,011,664 | ---- | M] () MD5=31237BBFA5730B335B37A15D71623022 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.PowerPoint.dll

[2011.12.05 20:17:16 | 000,000,906 | ---- | M] () MD5=8C6C64A729444CD2E32FC753D71DB76C -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Publisher.config

[2011.12.05 20:16:56 | 000,011,664 | ---- | M] () MD5=89C5F582D77DDDAA775DC7629C35C592 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Publisher.dll

[2011.12.05 20:16:55 | 000,000,904 | ---- | M] () MD5=0AFCE67890E647DCADD27A5C0DA495C3 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.SmartTag.config

[2011.12.05 20:17:14 | 000,011,664 | ---- | M] () MD5=F94B126921F404EC30FACED9C5D6B890 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll

[2011.12.05 20:17:20 | 000,000,896 | ---- | M] () MD5=F3D871161A09684A2930117D6BDAAF91 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Word.config

[2011.12.05 20:17:00 | 000,011,656 | ---- | M] () MD5=A34037B99EBD76FA30D73E6C8503E8BA -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Word.dll

[2011.12.05 20:17:00 | 000,000,880 | ---- | M] () MD5=C96C6F48979A5F9F131AA9FCB228B0D1 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.config

[2011.12.05 20:17:20 | 000,011,640 | ---- | M] () MD5=7063FF7154582442F6F533F12B3F0F20 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.dll

[2011.12.05 20:17:15 | 000,000,850 | ---- | M] () MD5=E387AFF00A5E533338760D8E78ED8AFB -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.office\14.0.0.0__71e9bce111e9429c\Policy.12.0.office.config

[2011.12.05 20:16:55 | 000,011,104 | ---- | M] () MD5=BF675629E050915C92D6D66F72B2AEB6 -- C:\Windows\assembly\GAC_MSIL\Policy.12.0.office\14.0.0.0__71e9bce111e9429c\Policy.12.0.Office.dll

[2011.12.05 19:35:35 | 000,000,815 | ---- | M] () MD5=0A33273323603FCBD8DDD74758163161 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.config

[2011.12.05 19:35:35 | 000,005,632 | ---- | M] () MD5=841736FAB112AC493646E4399E684D38 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll

[2011.12.05 19:35:35 | 000,000,831 | ---- | M] () MD5=A9C1035129544B3867E06A8F02874FE4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.config

[2011.12.05 19:35:35 | 000,005,632 | ---- | M] () MD5=1A49D09BD80C023A771214DA826FF6B6 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll

[2011.12.05 19:35:35 | 000,000,828 | ---- | M] () MD5=52B88C0916FAFF34E0174CD718980AC4 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.config

[2011.12.05 19:35:35 | 000,005,632 | ---- | M] () MD5=0C8F794B0C057EB421569A4E5B8E98C5 -- C:\Windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll

[2010.11.21 06:24:53 | 000,598,016 | ---- | M] () MD5=AEFD96A1A087027A7EDC21F83F1B4727 -- C:\Windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

[2009.06.11 00:14:50 | 000,032,768 | ---- | M] () MD5=24F02A6A94DC8AE6F2ACDA7950CBEEB3 -- C:\Windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

[2009.06.11 00:14:51 | 000,042,856 | ---- | M] () MD5=E56F39F6B7FDA0AC77A79B0FD3DE1A2F -- C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

[2009.06.11 00:14:43 | 000,196,608 | ---- | M] () MD5=C9DF30B6F5D99C8147C528528B9CC498 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

[2009.06.11 00:14:44 | 000,139,264 | ---- | M] () MD5=98F2493B40E00061B4A4369E63790293 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

[2010.11.21 06:24:53 | 000,397,312 | ---- | M] () MD5=4E9FDA223530F931AC1F03ABB58E4DA5 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

[2009.06.11 00:14:44 | 000,163,840 | ---- | M] () MD5=13E8EC241CA1402C923DF3A1DA9CAF70 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

[2010.11.21 06:24:53 | 005,279,744 | ---- | M] () MD5=1D362AE9606BF7D4E3342EB7F7671CD0 -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

[2009.06.11 00:14:52 | 000,864,256 | ---- | M] () MD5=0F8242348EBA698FF93193A6BDC55362 -- C:\Windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

[2010.11.21 06:24:53 | 000,532,480 | ---- | M] () MD5=270045542C06E099B22F8EF6577B8C09 -- C:\Windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

[2011.04.12 11:23:52 | 000,011,776 | ---- | M] () MD5=563E82907227A5BD275FA0CA79922780 -- C:\Windows\assembly\GAC_MSIL\SecurityAuditPoliciesSnapIn.resources\6.1.0.0_en_31bf3856ad364e35\SecurityAuditPoliciesSnapIn.resources.dll

[2010.11.21 06:24:41 | 000,167,936 | ---- | M] () MD5=855B4DFFC8F42403FBE247B9D7A85714 -- C:\Windows\assembly\GAC_MSIL\SecurityAuditPoliciesSnapIn\6.1.0.0__31bf3856ad364e35\SecurityAuditPoliciesSnapIn.dll

[2009.06.11 00:15:18 | 000,005,632 | ---- | M] () MD5=AA7004ABA8C37DDCA200E16F1570EF62 -- C:\Windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

[2010.11.21 06:24:53 | 000,110,592 | ---- | M] () MD5=6F145DEF09821EB6614C501430CB838C -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

[2010.11.21 06:24:53 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe

[2009.07.14 04:48:50 | 000,086,016 | ---- | M] () MD5=6B16E2A529A703956915122B895DA5F6 -- C:\Windows\assembly\GAC_MSIL\SonicMCEBurnEngine\6.1.0.0__31bf3856ad364e35\SonicMCEBurnEngine.dll

[2011.04.12 11:23:52 | 000,200,704 | ---- | M] () MD5=78052FFCCC12E3ED35F809A3BB6F5CD3 -- C:\Windows\assembly\GAC_MSIL\SrpUxSnapIn.resources\6.1.0.0_en_31bf3856ad364e35\SrpUxSnapIn.resources.dll

[2010.11.21 06:24:41 | 001,048,576 | ---- | M] () MD5=8199754E88A0F37965D468C8E280ACF6 -- C:\Windows\assembly\GAC_MSIL\SrpUxSnapIn\6.1.0.0__31bf3856ad364e35\SrpUxSnapIn.dll

[2009.06.11 00:23:17 | 000,110,592 | ---- | M] () MD5=3C8AF820562CC8E3A1CF82650518F66C -- C:\Windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

[2010.11.21 06:24:59 | 000,045,056 | ---- | M] () MD5=6D593E9AE74E39A62F8184515B27DF28 -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

[2011.12.05 20:16:47 | 000,038,744 | ---- | M] () MD5=7137B00CD3C6AD6AAAC4D7EE614137D5 -- C:\Windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll

[2010.11.21 06:25:04 | 000,163,840 | ---- | M] () MD5=949408949F9C8FF4FDB82A8EB14792EE -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

[2010.11.21 06:25:05 | 000,057,344 | ---- | M] () MD5=27E76A55FA5C3586297C2D42986304AC -- C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

[2010.11.21 06:23:55 | 000,081,920 | ---- | M] () MD5=ED2D3B032733BFC7A68FCE05BC7F93B4 -- C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

[2010.11.21 06:24:32 | 000,425,984 | ---- | M] () MD5=5A7A33F7F9DFC0C0A8B8E000F4D9D898 -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

[2010.11.21 06:25:01 | 000,667,648 | ---- | M] () MD5=FC114C6C8AB34F1A357069AD3E4477F8 -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

[2010.11.21 06:25:01 | 000,053,248 | ---- | M] () MD5=82D34DEB3105E63981A0306B03C10A07 -- C:\Windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

[2010.11.21 06:24:59 | 000,229,376 | ---- | M] () MD5=02B81AAEB463E966372AF6A1C0B6038E -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

[2010.11.21 06:25:01 | 002,879,488 | ---- | M] () MD5=EEDCBC7607D2852BBF74409B49A8D1C1 -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

[2010.11.21 06:25:04 | 000,684,032 | ---- | M] () MD5=8AB40EB71BB5D5F4641AA5895712B981 -- C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

[2010.11.21 06:25:04 | 000,462,848 | ---- | M] () MD5=606ACF1553423BFDD3CABEBA3DF264B9 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

[2010.11.21 06:24:59 | 000,163,840 | ---- | M] () MD5=0ACA904F87E674CF3CB6746D9D3AB321 -- C:\Windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

[2010.11.21 06:25:04 | 000,692,224 | ---- | M] () MD5=4BA482E447D6096E8D4348AAE306CE1B -- C:\Windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

[2011.12.05 20:17:03 | 000,230,480 | ---- | M] () MD5=915B2E2620D09B0EE7C10DCEB765916C -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe.Entity\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.Entity.dll

[2011.12.05 20:16:47 | 000,271,440 | ---- | M] () MD5=EE63BE840C77AA9DDDD5BF66BCF98F87 -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll

[2010.11.21 06:24:03 | 000,745,472 | ---- | M] () MD5=800484A3335EACDAA9600120385CCBDC -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

[2010.11.21 06:24:32 | 000,970,752 | ---- | M] () MD5=418EC83A2FC441A3D40F3FDCDA851392 -- C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

[2010.11.21 06:24:24 | 004,927,488 | ---- | M] () MD5=2D7D124DCC4E7643F2B8AB4592150950 -- C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

[2010.11.21 06:24:59 | 000,290,816 | ---- | M] () MD5=CD86BDCB5E115635E6AB7DFE77FC1D11 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

[2009.06.11 00:23:18 | 000,188,416 | ---- | M] () MD5=EE1DCDAA3EA8F53DA56116875CD01653 -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

[2010.11.21 06:24:32 | 000,401,408 | ---- | M] () MD5=AF1F47FBADABB9134002359970F5FD1C -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

[2009.06.11 00:23:18 | 000,081,920 | ---- | M] () MD5=D195A195E3D16A867FD4382D786313B8 -- C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

[2010.11.21 06:24:16 | 000,626,688 | ---- | M] () MD5=34B28F4AD92F4A75D739F7B0E06858EF -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

[2010.11.21 06:24:53 | 000,126,976 | ---- | M] () MD5=DF7FEE2563BF2D59926B786FBF636510 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

[2010.11.21 06:24:53 | 000,442,368 | ---- | M] () MD5=9638C20A92962CAFC45E8F48AE6238F5 -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

[2009.06.11 00:13:54 | 000,131,072 | ---- | M] () MD5=AC45DB17E166ECEBD320D4FA2820C1B6 -- C:\Windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

[2011.04.12 11:23:48 | 000,253,952 | ---- | M] () MD5=49D669DD9F8F3D4D8600D94EFB46EDF8 -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll

[2010.11.21 06:24:51 | 003,010,560 | ---- | M] () MD5=54ECF49D6A42B61AA582216AAEB9657D -- C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll

[2010.11.21 06:25:05 | 000,143,360 | ---- | M] () MD5=BCD4761D6E2290B490498126C67A35D0 -- C:\Windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

[2010.11.21 06:24:25 | 000,385,024 | ---- | M] () MD5=52C875E8F96E4F9E69914A538C129C6E -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

[2010.11.21 06:24:28 | 000,258,048 | ---- | M] () MD5=3035497DE3B9208633BC7F3604D781FB -- C:\Windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

[2010.11.21 06:24:59 | 000,237,568 | ---- | M] () MD5=74446FB0C54CB43A279E735F9C335752 -- C:\Windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

[2010.11.21 06:23:48 | 000,303,104 | ---- | M] () MD5=1D4DA021B0AD837B35AFB772CC7C636D -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

[2009.06.11 00:23:19 | 000,131,072 | ---- | M] () MD5=C9781DA4EE6A5BBAE271CC0AC4B25D7C -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2010.11.21 06:24:53 | 000,970,752 | ---- | M] () MD5=01D4E1005C901889517EED7F438DB501 -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2010.11.21 06:24:09 | 000,258,048 | ---- | M] () MD5=A15491BE2D672FCDBFEB250E9594D7ED -- C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

[2010.11.21 06:24:53 | 000,073,728 | ---- | M] () MD5=4E0883AF9D5B4F2AAFD19F6663CBAF5F -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

[2010.11.21 06:24:53 | 000,032,768 | ---- | M] () MD5=9A9827B4F896F40607DF8103B9C438C0 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

[2010.11.21 06:24:52 | 000,569,344 | ---- | M] () MD5=EA5213E7090668C917EEB947FDC3CD46 -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

[2010.11.21 06:24:53 | 005,988,352 | ---- | M] () MD5=196D093057DE9D765FF8DDFA24215D3B -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

[2010.11.21 06:23:56 | 000,114,688 | ---- | M] () MD5=F68CAFF425A9F37E498193BDDC5CC652 -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

[2009.06.11 00:14:45 | 000,688,128 | ---- | M] () MD5=31588B867657A7DF046AC1908550D73C -- C:\Windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

[2010.11.21 06:24:57 | 000,077,824 | ---- | M] () MD5=DE8831D65E92BC50304F37CC75EC31D5 -- C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

[2010.11.21 06:25:04 | 000,032,768 | ---- | M] () MD5=4A1EF32D7C394D8400870C73B40CA2A4 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

[2010.11.21 06:25:04 | 000,229,376 | ---- | M] () MD5=054F8B86C1258EDDB833A38B54155CF7 -- C:\Windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

[2010.11.21 06:24:58 | 000,131,072 | ---- | M] () MD5=A282147F21B0DB24DB3B3566E828A8AE -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

[2010.11.21 06:24:58 | 000,139,264 | ---- | M] () MD5=A5722B31B8454EE1CC50753C93CFDB4E -- C:\Windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

[2010.11.21 06:25:00 | 000,335,872 | ---- | M] () MD5=C935E89C6F71F188282632F35A04D0C1 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

[2010.11.21 06:25:05 | 001,277,952 | ---- | M] () MD5=27607F0C3749F975F7835BE71BD85345 -- C:\Windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

[2010.11.21 06:24:09 | 000,835,584 | ---- | M] () MD5=18FDA35C607C486C0D5B91D7DD06CD17 -- C:\Windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

[2009.06.11 00:23:20 | 000,077,824 | ---- | M] () MD5=1CDB3B55F1330F85A674B0B5927399F4 -- C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

[2010.11.21 06:24:58 | 000,061,440 | ---- | M] () MD5=6D138BD2348457A5097F2772C78FE094 -- C:\Windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

[2010.11.21 06:24:08 | 000,839,680 | ---- | M] () MD5=8C0B098B41A27B08D58CAE7A61A3BA19 -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

[2011.03.30 01:33:52 | 005,025,792 | ---- | M] () MD5=2228FA05BCC728E116663A5E11ED6301 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

[2009.06.11 00:15:18 | 000,012,288 | ---- | M] () MD5=1CCEE8037C8EF9A08DD0ADB7E3E38D78 -- C:\Windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

[2010.11.21 06:24:52 | 001,142,784 | ---- | M] () MD5=A422312AE61E44B166FAC615786296A1 -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

[2010.11.21 06:24:52 | 001,630,208 | ---- | M] () MD5=BD0B0F768E7E74C5CD7A34B8B4BCC81D -- C:\Windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

[2010.11.21 06:24:52 | 000,540,672 | ---- | M] () MD5=32FF0E945F51F5147A8304026B5C19EA -- C:\Windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

[2010.11.21 06:24:52 | 000,507,904 | ---- | M] () MD5=CC3B424ED10A8E477B5D466188531F26 -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

[2010.11.21 06:24:58 | 000,139,264 | ---- | M] () MD5=EF6CEBC989FBDAEEB83E5662F1499FC0 -- C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

[2010.11.21 06:23:48 | 002,048,000 | ---- | M] () MD5=5B3FA17E1CD6FBBDF41AC34DAEECC256 -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

[2011.05.05 01:32:40 | 003,190,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

[2011.04.12 11:23:45 | 000,007,168 | ---- | M] () MD5=ABBF43F681EF160CAAB7C41BC289DA06 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_en_31bf3856ad364e35\TaskScheduler.resources.dll

[2010.11.21 06:24:15 | 000,167,936 | ---- | M] () MD5=1D264989FFABEF36745304F5DD216DC7 -- C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35\TaskScheduler.dll

[2009.06.11 00:14:45 | 000,172,032 | ---- | M] () MD5=3F47DB8D603A84FBF1154901AAC177CD -- C:\Windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

[2009.06.11 00:14:46 | 000,380,928 | ---- | M] () MD5=32D7B8CC805D2DA70D01DA89982DCE1D -- C:\Windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

[2009.06.11 00:14:46 | 000,040,960 | ---- | M] () MD5=0D2A84FF4383B4F41EDA8B4DE2D45D6C -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

[2009.06.11 00:14:46 | 000,098,304 | ---- | M] () MD5=62DF8C1D169752DF885E44D21309F7E6 -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

[2011.12.05 20:17:03 | 000,012,128 | ---- | M] () MD5=2F85D4BB210633434D7D931DDA7E40B5 -- C:\Windows\assembly\GAC_MSIL\VSTADTEProvider.Interop\8.0.0.0__b03f5f7f11d50a3a\VSTADTEProvider.Interop.dll

[2010.11.21 06:24:53 | 001,253,376 | ---- | M] () MD5=30E46D54FB2938CCF04BE99F1D4FBE3D -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

[2009.06.11 00:14:47 | 000,094,208 | ---- | M] () MD5=D9673C241B14E5526A81B3ABAD3FD3BA -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

[2010.11.21 06:24:53 | 000,149,328 | ---- | M] () MD5=8AB248DD85018CC3232D2F20E45A30E7 -- C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

 

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >

"Debug" =

"" = mnmsrvc

"Kmode" = \SystemRoot\System32\win32k.sys

"Optional" = Posix [binary data]

"Posix" = %SystemRoot%\system32\psxss.exe

"Required" = DebugWindows [binary data]

"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 

 

< MD5 for: AFD.SYS >

[2010.11.21 06:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys

[2011.04.25 05:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys

[2011.04.25 05:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys

[2011.04.25 06:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

 

< MD5 for: ATAPI.SYS >

[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 

< MD5 for: DISK.SYS >

[2009.07.14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys

[2009.07.14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys

[2009.07.14 04:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

 

< MD5 for: EXPLORER.EXE >

[2011.02.26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011.02.25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.21 06:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010.11.21 06:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

 

< MD5 for: I8042PRT.SYS >

[2009.07.14 02:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys

[2009.07.14 02:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys

[2009.07.14 02:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys

[2009.07.14 02:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys

[2009.07.14 02:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

 

< MD5 for: LSASS.EXE >

[2009.07.14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe

[2009.07.14 04:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe

 

< MD5 for: NETBT.SYS >

[2010.11.21 06:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys

[2010.11.21 06:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

 

< MD5 for: SERIAL.SYS >

[2009.07.14 03:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys

[2009.07.14 03:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys

[2009.07.14 03:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys

 

< MD5 for: SVCHOST.EXE >

[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009.07.14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009.07.14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

 

< MD5 for: TCPIP.SYS >

[2011.09.29 20:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c cpip.sys

[2010.11.21 06:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37 cpip.sys

[2011.04.25 08:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316 cpip.sys

[2011.04.25 09:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a cpip.sys

[2011.09.29 19:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\SysNative\drivers cpip.sys

[2011.09.29 19:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb cpip.sys

 

< MD5 for: USERINIT.EXE >

[2010.11.21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 

< MD5 for: VOLSNAP.SYS >

[2010.11.21 06:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys

[2010.11.21 06:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys

[2010.11.21 06:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

 

< MD5 for: WININIT.EXE >

[2009.07.14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2010.11.21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 

< End of report >

Link to comment
Сподели другаде

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
msconfig
safebootminimal
safebootnetwork
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%	emp\*.*
%windir%\system32\*.
%windir%\sysnative\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\DBBK\*.* /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /90
%systemroot%\syswow64\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly	mp\*.* /S /MD5
%systemroot%\assembly	emp\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes /s
HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
/md5start
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

Link to comment
Сподели другаде

  • 5 months later...
  • 2 months later...
  • 7 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...

×
×
  • Създай ново...