Solved Win 7 'Antispyware' 2012 malware infection

[theolugs]

Hi guys,
Windows 7 user here, caught the win 7 antispyware malware infection ...
what i already did:
Chrome was open during attck, so i had acces to google for finding solutions;
step 1: typed in a generated registration key i found on how to geek website.
=> fake alerts ended, i couls open programs/apps as normal
after reading more about the infections the malware causes, I found that an automatic registry edit exe from bleepingcomputer, should (hopefully) reset the malware's damage to the reg ..
step 2 : after reading a post on bleepingcomputer, I resumed to running Rkill. whereafter I immediatly ran Malwarebytes (fullscan)
after restarting the comp, as malwarebytes requested after the scan, I found a window popping up 15mins after startup. .NET microsoft framework about jtb debugging , followed by pads to diffrent files. Alos saying these have no ending. didnt pop up ever again since, it disappeared by its own too.


after that, I found your site and malware removal thread.
i ran both scans and will post the logs under this text.

Thanks if you'd help me guys.

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware. Please stop surfing the internet for random approaches to fix your system. Remove the 'tools' you've previous used.

As for the 'generated registration key', I don't know what you used for this but please stick only to my instructions. At one hours after you started the thread, I don't see the logs you referred to.

If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

After I see the logs above and some of the results of what you've done, I will be able to give you more specific help.
=====================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[theolugs]

about the generated key:
when searching for solutions to the 'can't use anything , because .exe files redirect to malware', i came across the 3 or 4 codes that tell the malware that "I've filled in the personal info". They're posted in some other forum I came across first.
it made my de .exe files usable again.


attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/09/2011 21:22:07
System Uptime: 16/01/2012 9:31:44 (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | N/A | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 438,643 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Atheros AR3011 Bluetooth(R) Adapter
Device ID: USB\VID_0489&PID_E027\6&25E2E6F&0&5
Manufacturer: Atheros Communications
Name: Atheros AR3011 Bluetooth(R) Adapter
PNP Device ID: USB\VID_0489&PID_E027\6&25E2E6F&0&5
Service: BTHUSB
.
==== System Restore Points ===================
.
RP56: 23/12/2011 16:36:31 - Windows Update
RP57: 26/12/2011 23:17:06 - Windows Update
RP58: 30/12/2011 17:25:22 - Windows Update
RP59: 3/01/2012 20:54:30 - Windows Update
RP60: 7/01/2012 13:02:08 - Windows Update
RP61: 10/01/2012 23:14:47 - Windows Update
RP62: 12/01/2012 1:31:23 - Windows Update
RP63: 15/01/2012 14:24:45 - Windows Update
RP64: 15/01/2012 16:01:26 - Installed Fighters.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
????? Windows Live
?????? Windows Live
??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ??????????
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
???????????? Windows Live
7-Zip 9.20
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Adobe Widget Browser
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Bing Bar
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
D3DX10
DeepBurner v1.9.0.228
DivX Setup
Dropbox
eMindMaps
EPSON Scan
Facebook Video Calling 1.0.0.8953
Facemoods Toolbar
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Foxit Reader 5.1
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Google Chrome
High-Definition Video Playback
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
JDownloader 0.9
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
Mesh Runtime
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 7.0.1 (x86 nl)
Mozilla Thunderbird (7.0.1)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nero 11 Kwik Themes Basic
Nero Audio Pack 1
Nero Core Components 11
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Update
nero.prerequisites.msi
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
PDF Settings CS5
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Raccolta foto di Windows Live
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
S?????? f?t???af??? t?? Windows Live
SecondLifeViewer (remove only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SimCity™ Societies
Skype™ 5.1
SoulSeek 157 NS 13e
SSLx86
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
TmNationsForever
TrueCrypt
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Hero Screensaver - Summer 2011 Screensaver
VAIO Improvement
VAIO Manual
VAIO Quick Web Access
VAIO Sample Contents
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VC80CRTRedist - 8.0.50727.6195
VCCx86
VESx86
VIx86
VLC media player 1.1.11
VWSTx86
Warsow 0.61
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
9/01/2012 22:19:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/01/2012 11:01:27, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
16/01/2012 12:43:19, Error: Service Control Manager [7034] - The AV Engine Scanning Service service terminated unexpectedly. It has done this 1 time(s).
16/01/2012 0:40:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
16/01/2012 0:38:14, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
16/01/2012 0:36:37, Error: Service Control Manager [7034] - The Cron Service for Prey service terminated unexpectedly. It has done this 1 time(s).
15/01/2012 20:26:33, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
15/01/2012 16:57:06, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
15/01/2012 15:49:08, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
15/01/2012 12:56:35, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
14/01/2012 13:17:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
13/01/2012 20:15:21, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
13/01/2012 18:27:17, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
13/01/2012 12:23:12, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/01/2012 10:57:43, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/01/2012 13:15:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/01/2012 23:03:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/01/2012 16:11:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
10/01/2012 11:23:31, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
GMR Edit: No GMER log included here.

Edit: Duplicate Attach.txt log deleted by Bobbye

Malwarebytes
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Larz :: DOC [administrator]

Protection: Enabled

15/01/2012 22:18:58
mbam-log-2012-01-15 (22-18-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 418455
Time elapsed: 1 hour(s), 56 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|f37bab79 (Trojan.ExeShell.Gen) -> Data: C:\Users\Larz\AppData\Local\nxm.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Larz\AppData\Local\nxm.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
C:\Users\Larz\AppData\Local\Temp\crsxanwoem.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Larz\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Larz\AppData\Local\Temp\mxwcrosena.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)

Edit: Extra Malwarebyte logs deleted by Bobbye
Malwarebytes Anti-Malware (Trial) 1.60.0.1800

 

[theolugs]

DDOS


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Larz at 14:23:15 on 2012-01-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1033.18.4078.1917 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Prey\platform\windows\cronsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uDefault_Page_URL = hxxp://www.sony.eu/vaioportal
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 10.1.66.12:8080
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
uRun: [Google Update] "C:\Users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Facebook Update] "C:\Users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Larz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Larz\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Larz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E7D69E0-4CE0-4837-9B6C-D665CE114DD4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A98A6F3-CCE3-4108-B0D4-F4FAB4B1346B} : DhcpNameServer = 195.130.130.130 195.130.131.130
TCP: Interfaces\{9A98A6F3-CCE3-4108-B0D4-F4FAB4B1346B}\2424F6871373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9A98A6F3-CCE3-4108-B0D4-F4FAB4B1346B}\3545554454E44554E40294E4455425E454450284F4453505F4458253136392 : DhcpNameServer = 192.168.150.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Larz\AppData\Roaming\Mozilla\Firefox\Profiles\1q5lh36e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 10.1.66.12
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Larz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Larz\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Users\Larz\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Users\Larz\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-31 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-31 75936]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-26 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-26 2361344]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-15 652872]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-5-26 259192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-26 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-26 2656280]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-5-26 852160]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys --> C:\Windows\system32\drivers\btath_bus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-5-26 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-5-26 1021112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys --> C:\Windows\system32\drivers\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys --> C:\Windows\system32\drivers\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-18 546608]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-16 13:17:27 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24BC473D-F48D-46A0-A2FA-6A7D363FD433}\offreg.dll
2012-01-16 13:17:24 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24BC473D-F48D-46A0-A2FA-6A7D363FD433}\mpengine.dll
2012-01-15 21:17:49 -------- d-----w- C:\Users\Larz\AppData\Roaming\Malwarebytes
2012-01-15 21:17:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-15 21:17:39 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-15 21:17:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-15 15:45:45 -------- d-----w- C:\Users\Larz\AppData\Roaming\SUPERAntiSpyware.com
2012-01-15 15:45:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-15 15:03:42 -------- d-----w- C:\ProgramData\clp
2012-01-15 15:03:31 -------- d-----w- C:\Users\Larz\AppData\Roaming\Fighters
2012-01-15 15:02:00 -------- d-----w- C:\ProgramData\Common Toolkit Suite
2012-01-15 15:00:43 -------- d-----w- C:\ProgramData\Fighters
2012-01-15 14:44:41 -------- d-----w- C:\Users\Larz\AppData\Local\SanctionedMedia
2012-01-14 18:21:28 -------- d-----w- C:\Users\Larz\AppData\Local\{1C174D8F-8B58-4489-A10E-3B7C9F4974F9}
2012-01-14 18:21:26 -------- d-----w- C:\Users\Larz\AppData\Local\{24D35D92-0961-4679-B5B8-6DFB5D2A6D81}
2012-01-11 16:17:30 -------- d-----w- C:\Users\Larz\AppData\Local\{673A735D-B807-4066-AAC3-714651FB1C54}
2012-01-11 16:17:20 -------- d-----w- C:\Users\Larz\AppData\Local\{06A04FFF-4672-4298-B32D-8E4EEF1C903D}
2012-01-11 12:26:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 12:26:40 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 12:26:40 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 12:26:40 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 12:25:44 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 12:25:44 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 12:25:16 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 12:25:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 20:27:54 -------- d-----w- C:\Users\Larz\AppData\Local\{02809EEC-97B6-4409-A854-CB51CD6ABDAB}
2012-01-10 20:27:43 -------- d-----w- C:\Users\Larz\AppData\Local\{E40AE26E-BD01-44F9-963F-221C9BB9FB30}
2012-01-10 10:41:45 -------- d-----w- C:\Users\Larz\AppData\Local\{2667AE62-5415-497C-B5A7-704C0D288880}
2012-01-10 10:41:34 -------- d-----w- C:\Users\Larz\AppData\Local\{13097872-B555-4310-B8C8-A6F81469FE28}
2012-01-09 18:33:46 -------- d-----w- C:\Users\Larz\AppData\Local\{90A81D16-D83C-4AE8-9DA9-E16A7EABE14B}
2012-01-09 18:33:35 -------- d-----w- C:\Users\Larz\AppData\Local\{E4ED0933-F3D0-4775-BD25-52743840B7C7}
2012-01-09 12:54:37 -------- d-----w- C:\Users\Larz\AppData\Local\{B211E7D8-7EDC-486C-8589-52FFED7C4F13}
2012-01-09 12:54:26 -------- d-----w- C:\Users\Larz\AppData\Local\{0E120348-0228-488C-B8EC-A781A44A093A}
2012-01-08 20:20:57 -------- d-----w- C:\Users\Larz\AppData\Local\{D6C53E57-59E9-4AC4-8D75-9DE120CE9602}
2012-01-08 20:20:43 -------- d-----w- C:\Users\Larz\AppData\Local\{93999F47-0CB5-4748-8AD0-28C54D8AA8F0}
2012-01-08 16:04:39 -------- d-----w- C:\Users\Larz\AppData\Local\{DED662A0-C847-4114-B3F7-05BFCCFF9C97}
2012-01-08 16:04:38 -------- d-----w- C:\Users\Larz\AppData\Local\{E7198A6B-87AF-40FB-AB41-4A0246BA7F7E}
2012-01-08 11:32:35 -------- d-----w- C:\Users\Larz\AppData\Local\{D538C0FF-7A0F-4797-8925-3B9D61521FEA}
2012-01-08 11:32:35 -------- d-----w- C:\Users\Larz\AppData\Local\{38E781C8-88B6-4665-A7ED-085587302AB0}
2012-01-07 18:09:01 -------- d-----w- C:\Users\Larz\AppData\Local\{916D2356-F76D-4C1D-83FF-18470F9EACBA}
2012-01-07 18:08:57 -------- d-----w- C:\Users\Larz\AppData\Local\{56A54F7E-FEA3-4A0E-AFDA-D4E6226A3D07}
2012-01-07 16:46:15 -------- d-----w- C:\Users\Larz\AppData\Local\SecondLife
2012-01-07 16:44:34 -------- d-----w- C:\Program Files (x86)\SecondLifeViewer
2012-01-07 14:57:02 -------- d-----w- C:\Users\Larz\AppData\Local\{C62DB45D-E04A-4C24-98A2-977C8DFFBEBF}
2012-01-07 14:56:51 -------- d-----w- C:\Users\Larz\AppData\Local\{E2AEAF92-5424-45DB-91DC-9AF426D49D44}
2012-01-07 12:07:41 -------- d-----w- C:\Users\Larz\AppData\Local\{E681B2B4-9428-4F4E-B2EA-E446CAA53AEF}
2012-01-07 12:07:35 -------- d-----w- C:\Users\Larz\AppData\Local\{A5C7F252-13CD-4426-9EE4-3E6CE06077B6}
2012-01-06 14:12:04 -------- d-----w- C:\Users\Larz\AppData\Local\{D9934EAA-5EF2-4B53-92C8-6550CF95050C}
2012-01-06 14:11:53 -------- d-----w- C:\Users\Larz\AppData\Local\{1B8F2B6C-724E-411F-93DE-B1A475C4935F}
2012-01-05 15:19:15 -------- d-----w- C:\Users\Larz\AppData\Local\{F9977411-E8D7-4A88-99C2-F3A5D5E81899}
2012-01-05 15:19:04 -------- d-----w- C:\Users\Larz\AppData\Local\{268F4BF4-79C9-47A9-ABB3-D534EB4E00CC}
2012-01-05 14:52:29 -------- d-----w- C:\Users\Larz\AppData\Local\Unity
2012-01-05 14:52:27 -------- d-----w- C:\Program Files (x86)\Unity
2012-01-05 14:16:17 -------- d-----w- C:\Users\Larz\AppData\Local\{E0C9EDEC-7ECE-4704-B487-C91416FAD665}
2012-01-05 14:16:06 -------- d-----w- C:\Users\Larz\AppData\Local\{29E3B32A-4360-4010-B51B-3F99BF4EA55E}
2012-01-05 12:52:37 -------- d-----w- C:\Users\Larz\AppData\Local\{6637A357-F0DC-4130-ABD1-BF5D41E3811F}
2012-01-05 12:52:26 -------- d-----w- C:\Users\Larz\AppData\Local\{E82BA9AE-5877-454E-BD1E-203A481FA69D}
2012-01-04 16:16:40 -------- d-----w- C:\Users\Larz\AppData\Local\{705B8847-E5BA-4866-BFEC-7AEB664EB098}
2012-01-04 16:16:29 -------- d-----w- C:\Users\Larz\AppData\Local\{3E6621D1-2C48-46A9-9E40-20231E553BE7}
2012-01-04 13:14:21 -------- d-----w- C:\Users\Larz\AppData\Local\{077F03CF-0E42-4A8C-862A-810FFE8104BA}
2012-01-04 13:14:10 -------- d-----w- C:\Users\Larz\AppData\Local\{C4A8F07A-C973-4528-BF16-CDF44CA44968}
2012-01-04 10:39:37 -------- d-----w- C:\Users\Larz\AppData\Local\{F985ED38-F0AD-4B91-9720-25B38EC2BA16}
2012-01-04 10:39:26 -------- d-----w- C:\Users\Larz\AppData\Local\{A9390786-7D3D-4C2A-94F7-11EA4CB5682E}
2012-01-04 10:16:27 -------- d-----w- C:\Users\Larz\AppData\Local\{4B638AF6-AF75-4F9C-905D-A32A9F5B21C4}
2012-01-04 10:16:15 -------- d-----w- C:\Users\Larz\AppData\Local\{71DE9516-AD52-4489-B4B6-5F7E1764F162}
2012-01-03 12:11:41 -------- d-----w- C:\Users\Larz\AppData\Local\{57CB7575-32B2-4B59-8BF7-1ED99DAAF9AA}
2012-01-03 12:11:30 -------- d-----w- C:\Users\Larz\AppData\Local\{42DFBDED-140B-4773-81FA-567E16AB4521}
2012-01-02 19:57:41 -------- d-----w- C:\Users\Larz\AppData\Local\{497E4B99-E3DF-4D04-A186-60B2F0C5CF16}
2012-01-02 19:57:30 -------- d-----w- C:\Users\Larz\AppData\Local\{EA2CF27C-1130-4917-B218-2413839D537B}
2012-01-02 16:23:05 -------- d-----w- C:\Users\Larz\AppData\Local\{19351AC8-BF9B-4215-A8B9-F9FE9D88B023}
2012-01-02 16:23:02 -------- d-----w- C:\Users\Larz\AppData\Local\{3CFEB02E-AC11-4FF2-AE2B-72D7A7B20610}
2012-01-02 15:29:29 -------- d-----w- C:\Users\Larz\AppData\Local\{96237D46-B0E5-4362-9896-90347969E8DC}
2012-01-02 15:29:16 -------- d-----w- C:\Users\Larz\AppData\Local\{64E86A74-A72F-40C0-BDCC-74212A70E5E0}
2012-01-02 14:09:39 -------- d-----w- C:\Users\Larz\AppData\Local\{A95A447E-2220-41D0-B8DD-A27DA2C80739}
2012-01-02 14:09:38 -------- d-----w- C:\Users\Larz\AppData\Local\{FFB0EF2D-8E0C-4A74-B76B-E52E99FB5C49}
2012-01-02 12:27:19 -------- d-----w- C:\Users\Larz\AppData\Local\{E039C4B7-0DD6-4D97-BB20-75599A8DF8C2}
2012-01-02 12:27:18 -------- d-----w- C:\Users\Larz\AppData\Local\{1DA34EAF-9B22-4E8F-A882-A9EA18C62B33}
2012-01-01 13:18:53 -------- d-----w- C:\Users\Larz\AppData\Local\{EFA4576B-D36D-407B-B451-AD5D54A4F39F}
2012-01-01 13:18:40 -------- d-----w- C:\Users\Larz\AppData\Local\{3569C0F6-5103-4915-BE4C-CD7797EA43B8}
2011-12-30 08:09:26 -------- d-----w- C:\Users\Larz\AppData\Local\{CC16D4E4-4D6B-4085-AEFE-99F5032BFA31}
2011-12-30 08:09:15 -------- d-----w- C:\Users\Larz\AppData\Local\{8B65B27B-9854-427F-9E6E-CF657ABD9F55}
2011-12-29 17:27:07 -------- d-----w- C:\Users\Larz\AppData\Local\{A9485B2B-F805-4940-990D-C01977498D92}
2011-12-29 17:26:56 -------- d-----w- C:\Users\Larz\AppData\Local\{FC0BCB32-1931-4634-8AA3-16472AB4E52E}
2011-12-28 19:21:25 -------- d-----w- C:\Users\Larz\AppData\Local\{A9E6B319-8857-4C68-9DBE-33B4F4C3AA84}
2011-12-28 19:21:13 -------- d-----w- C:\Users\Larz\AppData\Local\{196B1B5D-9F3F-47E5-B674-A8F1E4FCB142}
2011-12-27 18:47:58 -------- d-----w- C:\Users\Larz\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-12-27 18:47:57 -------- d-----w- C:\Users\Larz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-12-26 18:58:18 -------- d-----w- C:\Users\Larz\AppData\Local\{09C39488-25AF-473C-A7EB-5CEEAC5AB3EB}
2011-12-26 18:58:07 -------- d-----w- C:\Users\Larz\AppData\Local\{E1A6DC58-AB73-458F-8BE8-38FD681556A3}
2011-12-25 20:33:10 -------- d-----w- C:\Users\Larz\AppData\Local\{0D966940-98B8-4F58-9F47-A75450024CDA}
2011-12-25 20:32:58 -------- d-----w- C:\Users\Larz\AppData\Local\{6B3DD5F0-0AE6-4591-A4EE-6CEED2B384CC}
2011-12-22 14:11:45 -------- d-----w- C:\Users\Larz\AppData\Local\{DBDABD4C-5241-4319-A50C-AA62FD52356D}
2011-12-22 14:11:34 -------- d-----w- C:\Users\Larz\AppData\Local\{40078533-CC92-4724-B267-33729761456B}
2011-12-21 22:01:22 -------- d-----w- C:\Program Files (x86)\Astonsoft
2011-12-21 21:52:43 -------- d-----w- C:\Users\Larz\AppData\Local\Nero_AG
2011-12-21 21:52:13 -------- d-----w- C:\Users\Larz\AppData\Local\Nero
2011-12-21 21:49:38 -------- d-----w- C:\Program Files (x86)\Nero
2011-12-21 21:49:03 -------- d-----w- C:\ProgramData\Nero
2011-12-21 21:42:20 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-12-21 21:17:50 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-12-21 21:17:32 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll
2011-12-21 13:27:33 -------- d-----w- C:\Users\Larz\AppData\Local\{1F597678-EFC6-43ED-AA94-741F3901E9E4}
2011-12-21 13:27:22 -------- d-----w- C:\Users\Larz\AppData\Local\{41BEEF7E-8B5F-4C05-A8CE-EA04A1E15F4D}
2011-12-20 10:38:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-18 21:33:00 -------- d-----w- C:\Users\Larz\AppData\Local\{CF35BE15-99E7-40FA-9F1B-8943D38EFFCD}
2011-12-18 21:32:48 -------- d-----w- C:\Users\Larz\AppData\Local\{F25CDF0E-DCCF-47EF-B5D9-81F59B59C5E3}
2011-12-18 16:25:11 -------- d-----w- C:\Users\Larz\AppData\Local\{9B6227A8-38C6-41EF-86E5-9E5E1A6C37F0}
2011-12-18 16:25:09 -------- d-----w- C:\Users\Larz\AppData\Local\{1E75AE34-B226-4BF0-B965-865728F9AD0B}
2011-12-17 14:24:52 -------- d-----w- C:\Users\Larz\AppData\Local\{6970A894-D6C0-4A80-B3A1-7238DB07507A}
2011-12-17 14:24:40 -------- d-----w- C:\Users\Larz\AppData\Local\{90978AC3-7D5D-446D-AB2E-89B85A67EDFE}
2011-12-17 13:37:18 -------- d-----w- C:\Users\Larz\AppData\Local\{293B1C01-F3A1-44E4-832A-8D4A015B5332}
2011-12-17 13:37:17 -------- d-----w- C:\Users\Larz\AppData\Local\{8632D2A2-44E6-41B9-BCDC-21336A436A9A}
.
==================== Find3M ====================
.
2012-01-16 13:16:20 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-20 23:26:22 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 14:23:33,62 ===============

 

[theolugs]

I'm new to this community, didnt find my thread activated yet , so i went to the store ..
sorry for the delay on the logs ..

 

[theolugs]

about the reg key i told you

Edit: Link to site to change registration key has been deleted by Bobbye

this forums' step 2 of deleting the malware.

 

[theolugs]

GMR


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-16 14:16:14
Windows 6.1.7601 Service Pack 1
Running: p1xyi1nw.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ebe07de
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78b5ca6e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ebe07de (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78b5ca6e (not active ControlSet)

---- EOF - GMER 1.0.15 ----

 

[Bobbye]

Okay, we need to get together on this. You gave me 4 logs from Malwarebytes. I only wanted the first log.

The system if full of Windows Live and Live Mesh in what appears to be Dutch. There are also other entries that are not English. You're going to have to give me information in English. I cannot verify an entry I can't read.

????? Windows Live
?????? Windows Live
??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ??????????
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
???????????? Windows Live
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live

I've remove the link to change registration key. Not a good or safe thing to do. Obviously it doesn't work!
==============================
If you can get English logs, please do the following: But I caution you> if those non-English entries are still on the system, the scanners will not be able to read them.
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
====================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

 

[theolugs]

????? Windows Live
?????? Windows Live
??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ??????????
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
???????????? Windows Live
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Contrôle ActiveX Windows Live Mesh pour connexions à distance
long distance connections

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live

about this list of non english files/apps, most of them arent my language either, i was suprised to see them on my system ... when I'm working with these (like 'Galerie foto Windows Live' ) it displays everything in english for me .. never seen the names of above list in my system till i ran that scan that revealed them .. same thing with the ????????? in front and after windows live ..
Maybe 1 app installed itself in all languages , i dont know and can't read some of it ..

after this post, i'll start running CB and ESET




Thanks for the help !

 

[theolugs]

ComboFix 12-01-16.05 - Larz 17/01/2012 13:51:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1033.18.4078.2611 [GMT 1:00]
Gestart vanuit: c:\users\Larz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( (other deteted files) Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\windows\system32\java.exe
.
.
(((((((((((((((((((( (files made from )Bestanden Gemaakt van 2011-12-17 to 2012-01-17 ))))))))))))))))))))))))))))))
.
.
2012-01-17 12:58 . 2012-01-17 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 12:21 . 2012-01-17 12:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEA44C0D-B56D-4686-8ABF-51F7B25D2F4E}\offreg.dll
2012-01-16 19:14 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CEA44C0D-B56D-4686-8ABF-51F7B25D2F4E}\mpengine.dll
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\users\Larz\AppData\Roaming\Malwarebytes
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-15 21:17 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\users\Larz\AppData\Roaming\SUPERAntiSpyware.com
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-15 15:03 . 2012-01-15 15:34 -------- d-----w- c:\programdata\clp
2012-01-15 15:03 . 2012-01-15 23:24 -------- d-----w- c:\users\Larz\AppData\Roaming\Fighters
2012-01-15 15:02 . 2012-01-15 15:02 -------- d-----w- c:\programdata\Common Toolkit Suite
2012-01-15 15:00 . 2012-01-16 11:43 -------- d-----w- c:\programdata\Fighters
2012-01-15 14:44 . 2012-01-15 14:44 -------- d-----w- c:\users\Larz\AppData\Local\SanctionedMedia
2012-01-11 12:26 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:26 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 12:25 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:25 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 12:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 16:46 . 2012-01-07 16:47 -------- d-----w- c:\users\Larz\AppData\Roaming\SecondLife
2012-01-07 16:46 . 2012-01-12 22:10 -------- d-----w- c:\users\Larz\AppData\Local\SecondLife
2012-01-07 16:44 . 2012-01-07 16:47 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\users\Larz\AppData\Local\Unity
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\program files (x86)\Unity
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-12-21 22:02 . 2011-12-21 22:05 -------- d-----w- c:\users\Larz\AppData\Roaming\DeepBurner
2011-12-21 22:01 . 2011-12-21 22:01 -------- d-----w- c:\program files (x86)\Astonsoft
2011-12-21 21:52 . 2011-12-21 21:52 -------- d-----w- c:\users\Larz\AppData\Roaming\Nero
2011-12-21 21:52 . 2011-12-21 21:57 -------- d-----w- c:\users\Larz\AppData\Local\Nero
2011-12-21 21:49 . 2011-12-21 21:51 -------- d-----w- c:\program files (x86)\Nero
2011-12-21 21:49 . 2011-12-21 21:49 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-12-21 21:49 . 2011-12-21 21:52 -------- d-----w- c:\programdata\Nero
2011-12-21 21:42 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-12-21 21:17 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-12-21 21:17 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2011-12-20 10:38 . 2011-12-21 21:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport (report) ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 12:41 . 2011-09-24 11:11 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-11-24 04:52 . 2011-12-15 12:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-10-07 08:52 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-05 05:41 . 2011-12-15 12:53 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-15 12:52 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-15 12:53 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-15 12:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-15 12:53 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten (starting points) )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Larz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Larz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-31 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- (additional) Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 10.1.66.12:8080
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Larz\AppData\Roaming\Mozilla\Firefox\Profiles\1q5lh36e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 10.1.66.12
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS VERWIJDERD (deleted) - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
---------------------(locked register keys) VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-01-17 13:59:50
ComboFix-quarantined-files.txt 2012-01-17 12:59
.
Pre-Run: 493.033.787.392 bytes free
Post-Run: 500.935.090.176 bytes free
.
- - End Of File - - FC4F882330D3A8678D34DACA9156829C

ESET

C:\Users\Larz\Downloads\installer_nero_burning_rom.exe Win32/Toggle application
C:\Users\Larz\Downloads\trojankiller2116-setup.exe a variant of Win32/1AntiVirus application

--------

I did not remove /edit/find files named in non-eng language, ran CB while no internet/no active AV's

both completed succesfully.

 

[Bobbye]

Okay, I think we've found the bad guys- Combofix removed much of it and the rest is below: First, please Reset your browser proxies

• For Firefox:
  o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
  o Click on the "Network" tab, and then on the "Settings" button.
  o Please make sure that the "No Proxy" option is selected.
• For Internet Explorer:
  o Open Internet Explorer.
  o Click on "Tools" and then select "Internet Options".
  o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
  o Uncheck "Use a Proxy server for your LAN".
  o Click Ok to close the Local Area Network (LAN) Settings window.
  o Click Ok to close the Internet Options window.

======================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

KillAll::
File::
Folder::
c:\users\Larz\AppData\Local\SanctionedMedia
DDS::
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uInternet Settings,ProxyServer = 10.1.66.12:8080 >>>> disable proxy
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please update Java: The version you have, v6u20 is 10 updates old. This is a vulnerability to the system. Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
======================
There is one registry entry that appears to be a Sony or VAIO process, but I'm not sure what it's collecting samples for or that it needs to run at all:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.

Sony pre-loads a lot of processes on a system. Some may get used. Those that don't can be uninstalled. One of these that I would take issue with is the SonyVAIO Care. The entry above is from this process and there are multiple other processes for it running:

C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe

There is also another group of pre-loaded processes. I suggest you check out each of these and determine if you use them and/or if they are needed at all:

C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe

All of these are executable files and are most likely all on the Startup Menu. Do you ant all these using the system resources>
===========================================
The main offender remaining was Facemoods.com Toolbar. which installs a toolbar in the Internet Explorer and in the Mozilla Firefox, changes the start page of both browsers and changes the default searchbar in the browser. Additionally it displays advertisement and offers the possibility to add fun icons to mails. If the user installs Toolbar.Facemood he has to agree that CPU and bandwidth can be used by Toolbar.Facemood and personal information like used browsers, language, operating system and IP-Address get stored.
----------------------------------
Another source of ads was the Adware:MSIL/SanctionedMedia- also known as SMAD- a program that delivers pop-up advertisements on a number of different web browsers.distributed bundled with screensavers. It collects and sends the following information to their server:

• URL entered into the web browser
• User ID -- a 16 digit random number to identify the user
• Personal identification information
• Adware version details
• Operating system details
• And it updates itself once an hour

So think twice before you get those screen savers or Smileys or Cursors or Wallpaper for the desktop. Most come bundled with a lot of 'stuff' you don't want on the system.
========================================
I'd like you to run HijackThis to make sure we got all the bad entries
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
New Combofix log and HijackThis log in next reply please. Just a couple more steps and you should be clean. We will look into keeping you that way!

 

[theolugs]

ComboFix 12-01-16.05 - Larz 19/01/2012 14:21:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1033.18.4078.2670 [GMT 1:00]
Gestart vanuit: c:\users\Larz\Desktop\cleaning\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Larz\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Larz\AppData\Local\SanctionedMedia
c:\users\Larz\AppData\Local\SanctionedMedia\Smad\NDde.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-19 to 2012-01-19 ))))))))))))))))))))))))))))))
.
.
2012-01-19 13:59 . 2012-01-19 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-19 00:16 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFC943D2-1F20-4B13-948A-7AA7C93C7A88}\mpengine.dll
2012-01-18 08:53 . 2012-01-18 08:53 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-01-18 08:52 . 2012-01-18 08:52 -------- d-----w- c:\windows\PCHEALTH
2012-01-18 08:52 . 2012-01-18 08:52 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-01-18 08:50 . 2012-01-18 08:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-01-18 08:49 . 2012-01-18 08:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-01-18 08:47 . 2012-01-18 08:47 -------- d-----r- C:\MSOCache
2012-01-18 08:20 . 2012-01-18 08:20 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-18 08:20 . 2012-01-18 08:20 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-18 08:19 . 2012-01-18 08:23 -------- d-----w- c:\users\Larz\AppData\Roaming\DAEMON Tools Lite
2012-01-18 08:18 . 2012-01-18 08:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-01-17 13:09 . 2012-01-17 13:09 -------- d-----w- c:\program files (x86)\ESET
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\users\Larz\AppData\Roaming\Malwarebytes
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-15 21:17 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\users\Larz\AppData\Roaming\SUPERAntiSpyware.com
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-15 15:03 . 2012-01-15 15:34 -------- d-----w- c:\programdata\clp
2012-01-15 15:03 . 2012-01-15 23:24 -------- d-----w- c:\users\Larz\AppData\Roaming\Fighters
2012-01-15 15:02 . 2012-01-15 15:02 -------- d-----w- c:\programdata\Common Toolkit Suite
2012-01-15 15:00 . 2012-01-16 11:43 -------- d-----w- c:\programdata\Fighters
2012-01-11 12:26 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:26 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 12:25 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:25 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 12:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 16:46 . 2012-01-07 16:47 -------- d-----w- c:\users\Larz\AppData\Roaming\SecondLife
2012-01-07 16:46 . 2012-01-12 22:10 -------- d-----w- c:\users\Larz\AppData\Local\SecondLife
2012-01-07 16:44 . 2012-01-07 16:47 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\users\Larz\AppData\Local\Unity
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\program files (x86)\Unity
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-12-21 22:02 . 2011-12-21 22:05 -------- d-----w- c:\users\Larz\AppData\Roaming\DeepBurner
2011-12-21 22:01 . 2011-12-21 22:01 -------- d-----w- c:\program files (x86)\Astonsoft
2011-12-21 21:52 . 2011-12-21 21:52 -------- d-----w- c:\users\Larz\AppData\Roaming\Nero
2011-12-21 21:52 . 2011-12-21 21:57 -------- d-----w- c:\users\Larz\AppData\Local\Nero
2011-12-21 21:49 . 2011-12-21 21:51 -------- d-----w- c:\program files (x86)\Nero
2011-12-21 21:49 . 2011-12-21 21:49 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-12-21 21:49 . 2011-12-21 21:52 -------- d-----w- c:\programdata\Nero
2011-12-21 21:42 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-12-21 21:17 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-12-21 21:17 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 14:01 . 2011-09-24 11:11 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-12-21 21:44 . 2011-12-20 10:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-15 12:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-10-07 08:52 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-05 05:41 . 2011-12-15 12:53 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-15 12:52 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-15 12:53 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-15 12:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-15 12:53 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-17_12.58.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 20:42 . 2010-02-17 20:42 51584 c:\windows\SysWOW64\VBAME.DLL
+ 2010-03-20 19:20 . 2010-03-20 19:20 36224 c:\windows\SysWOW64\FM20NLD.DLL
+ 2010-02-20 16:20 . 2010-02-20 16:20 31616 c:\windows\SysWOW64\FM20ENU.DLL
+ 2009-07-14 04:54 . 2012-01-19 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-17 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-19 14:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 12:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-19 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-01-19 14:02 53440 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-19 14:02 37238 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-22 10:42 . 2012-01-19 14:02 13458 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3153752710-2568903584-3459727460-1000_UserData.bin
+ 2012-01-18 08:28 . 2010-03-29 19:30 60288 c:\windows\system32\spool\drivers\x64\SendToOneNoteUI.dll
+ 2012-01-18 08:28 . 2010-03-29 19:30 60288 c:\windows\system32\spool\drivers\x64\3\SendToOneNoteUI.dll
- 2009-07-14 05:30 . 2011-10-05 13:17 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-01-18 08:20 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-09-21 19:15 . 2012-01-19 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-21 19:15 . 2012-01-15 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-21 19:15 . 2012-01-15 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-21 19:15 . 2012-01-19 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-19 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-15 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-22 10:42 . 2012-01-17 12:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-22 10:42 . 2012-01-19 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-18 12:28 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-22 10:42 . 2012-01-19 12:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-22 10:42 . 2012-01-17 12:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-22 10:42 . 2012-01-17 12:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-22 10:42 . 2012-01-19 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 19:55 . 2012-01-17 12:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:55 . 2012-01-19 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:55 . 2012-01-19 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 19:55 . 2012-01-17 12:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-21 11:43 . 2011-07-21 11:43 27648 c:\windows\Installer\29b093f.msp
+ 2011-01-24 16:16 . 2011-01-24 16:16 14336 c:\windows\Installer\29b0769.msp
+ 2012-01-18 08:55 . 2012-01-19 00:34 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-20 14:43 . 2010-10-20 14:43 42880 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SPWADDDS.DLL
+ 2010-10-20 14:43 . 2010-10-20 14:43 46976 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SPWADDDA.DLL
+ 2010-03-25 09:23 . 2010-03-25 09:23 31648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 40296 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\RECALL.DLL
+ 2010-02-28 01:22 . 2010-02-28 01:22 48504 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PUBTRAP.DLL
+ 2010-03-23 09:57 . 2010-03-23 09:57 43352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLRPC.DLL
+ 2010-03-23 09:57 . 2010-03-23 09:57 30560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLACCT.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OSETUPPS.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 20864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MLSHEXT.DLL
+ 2010-10-20 14:43 . 2010-10-20 14:43 18816 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INTMAPI.DLL
+ 2010-10-20 14:43 . 2010-10-20 14:43 11648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INTGMAT.DLL
+ 2010-03-22 20:29 . 2010-03-22 20:29 87408 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\DLGSETP.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004109001031400000000000F01FEC\14.0.4763\OSETUPPS.DLL
+ 2012-01-19 00:34 . 2012-01-19 00:34 44544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d8217604e5a1d2a7f04b9651fa5cfd01\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b80380a48eb3ad7d7eed45e53e9dfe81\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 71680 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b7affd3de0eb5567baa0ea01dcbbde31\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 87040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b6073392930f143f0a81a6418866e990\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 44544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a65abdb45e7629bf17fb07673042f0e9\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 89088 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9d3db0afc74e40df52c369d1ff16781e\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\4cf5e5131e0c339f60008680623b6883\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 84480 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\3aaa8fb6c8a5cfbea84df9ce5ef36ec0\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\09b6b3da8ea1971557be6499bb904291\Microsoft.Office.InfoPath.Permission.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\ipdmctrl\c8339f217ee1f2df87b30b2af85084ad\ipdmctrl.ni.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 38744 c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 13392 c:\windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\policy.3.5.System.Data.SqlServerCe.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 13392 c:\windows\assembly\GAC_MSIL\policy.3.5.System.Data.SqlServerCe.Entity\3.5.0.0__89845dcd8080cc91\policy.3.5.System.Data.SqlServerCe.Entity.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11104 c:\windows\assembly\GAC_MSIL\Policy.12.0.office\14.0.0.0__71e9bce111e9429c\Policy.12.0.Office.dll
+ 2012-01-18 08:55 . 2012-01-18 08:55 11640 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Vbe.Interop.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Word.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Publisher.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11672 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Outlook.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\policy.12.0.Microsoft.Office.Interop.InfoPath.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Graph.dll
+ 2012-01-18 08:55 . 2012-01-18 08:55 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Excel.dll
+ 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.dll
+ 2012-01-18 08:52 . 2012-01-18 08:52 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.Dao.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Permission\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Permission.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.FormControl\14.0.0.0__71e9bce111e9429c\policy.12.0.Microsoft.Office.InfoPath.FormControl.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11664 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.InfoPath.Client.Internal.Host.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11104 c:\windows\assembly\GAC_MSIL\Policy.11.0.office\14.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2012-01-18 08:55 . 2012-01-18 08:55 11640 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11664 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11664 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11664 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11672 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 11664 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11664 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 86016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 65536 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 45056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 86016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 53248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 65536 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.resources.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 81920 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.resources.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.resources.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 77824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.resources.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 45056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 15360 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.resources.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 40960 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 71592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 38808 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 22016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 38832 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 45056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 45056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 63336 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 95312 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.SqlServerCe.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v9.0.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.v9.0.resources.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.v9.0.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.v9.0.resources.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 19320 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.SmartTag\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 25480 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 46968 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OneNote\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 16248 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 87936 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath.Xml\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access.Dao\14.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 59248 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 34680 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\14.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 14224 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Permission\14.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 42880 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\14.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.AutoGen\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.AutoGen.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 51072 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.Intl.dll
+ 2012-01-18 09:01 . 2012-01-18 09:01 55176 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.syncservices.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.Intl.Resources.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 79744 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.Intl.dll
+ 2012-01-18 09:01 . 2012-01-18 09:01 46984 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.runtimeui.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.intl.resources.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 18304 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.Intl.dll
+ 2012-01-18 09:01 . 2012-01-18 09:01 20360 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.runtime.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.intl.resources.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 96128 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\14.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 30608 c:\windows\assembly\GAC_MSIL\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2011-09-24 16:29 . 2011-09-24 16:29 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2011-09-24 16:29 . 2011-09-24 16:29 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2012-01-19 14:01 . 2012-01-19 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-17 12:21 . 2012-01-17 12:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-19 14:01 . 2012-01-19 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-17 12:21 . 2012-01-17 12:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-13 00:01 . 2010-03-13 00:01 9592 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XLCALL32.DLL
+ 2012-01-18 09:00 . 2012-01-18 09:00 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.resources.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 4608 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.resources.dll
+ 2012-01-18 09:02 . 2012-01-18 09:02 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.resources.dll
+ 2012-01-18 09:02 . 2012-01-18 09:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.resources.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.resources.dll
+ 2012-01-18 09:02 . 2012-01-18 09:02 4608 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.resources\8.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.resources.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 8192 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.v9.0.resources.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 3584 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.v9.0.resources.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 7168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0.resources\9.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.v9.0.resources.dll
- 2011-09-24 16:29 . 2011-09-24 16:29 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
- 2011-09-24 16:29 . 2011-09-24 16:29 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2011-09-22 10:41 . 2012-01-18 12:27 120520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2011-09-21 19:42 . 2012-01-18 22:32 262734 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-01-18 08:28 . 2010-11-21 03:23 762368 c:\windows\system32\spool\drivers\x64\unires.dll
+ 2012-01-18 08:28 . 2010-11-21 03:23 884224 c:\windows\system32\spool\drivers\x64\unidrvui.dll
+ 2012-01-18 08:28 . 2010-11-21 03:23 479232 c:\windows\system32\spool\drivers\x64\unidrv.dll
+ 2012-01-18 08:28 . 2010-03-29 19:30 114568 c:\windows\system32\spool\drivers\x64\SendToOneNoteFilter.dll
+ 2012-01-18 08:28 . 2010-11-21 03:23 715776 c:\windows\system32\spool\drivers\x64\mxdwdrv.dll
+ 2012-01-18 08:28 . 2010-03-29 19:30 114568 c:\windows\system32\spool\drivers\x64\3\SendToOneNoteFilter.dll
- 2009-07-14 02:36 . 2012-01-15 16:00 654276 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-18 08:21 654276 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-18 08:21 122108 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-15 16:00 122108 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-01-18 08:20 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-05 13:17 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-01-18 08:20 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-10-05 13:17 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-01-18 08:20 . 2012-01-18 08:20 254528 c:\windows\system32\DriverStore\FileRepository\dtsoftbus01.inf_amd64_neutral_7f47c01f621fb83b\dtsoftbus01.sys
+ 2009-07-14 05:01 . 2012-01-19 14:00 510760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-18 09:01 . 2012-01-18 09:01 892416 c:\windows\Installer\366fb.msi
+ 2012-01-18 09:01 . 2012-01-18 09:01 651776 c:\windows\Installer\366ef.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 651776 c:\windows\Installer\366d3.msi
+ 2012-01-18 09:01 . 2012-01-18 09:01 663040 c:\windows\Installer\366c8.msi
+ 2012-01-18 09:01 . 2012-01-18 09:01 654848 c:\windows\Installer\366c3.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 670720 c:\windows\Installer\366b4.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 650240 c:\windows\Installer\36662.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 650240 c:\windows\Installer\3664d.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 656896 c:\windows\Installer\36648.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 667648 c:\windows\Installer\36643.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 663040 c:\windows\Installer\3663e.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 650240 c:\windows\Installer\36639.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 653824 c:\windows\Installer\36634.msi
+ 2012-01-18 08:47 . 2012-01-18 08:47 650240 c:\windows\Installer\3661b.msi
+ 2011-06-19 22:33 . 2011-06-19 22:33 407552 c:\windows\Installer\29b08df.msp
+ 2011-03-17 17:19 . 2011-03-17 17:19 304128 c:\windows\Installer\29b08c9.msp
+ 2010-07-22 01:43 . 2010-07-22 01:43 257024 c:\windows\Installer\29b0863.msp
+ 2010-07-22 17:28 . 2010-07-22 17:28 287232 c:\windows\Installer\29b082c.msp
+ 2011-04-28 22:13 . 2011-04-28 22:13 608256 c:\windows\Installer\29b07e1.msp
+ 2011-10-26 22:23 . 2011-10-26 22:23 925696 c:\windows\Installer\29b07b4.msp
+ 2011-10-26 21:46 . 2011-10-26 21:46 794112 c:\windows\Installer\29b077f.msp
+ 2011-10-26 21:50 . 2011-10-26 21:50 596992 c:\windows\Installer\29b0762.msp
+ 2011-10-26 21:51 . 2011-10-26 21:51 592896 c:\windows\Installer\29b075b.msp
+ 2011-08-21 22:18 . 2011-08-21 22:18 133120 c:\windows\Installer\29b06af.msp
+ 2011-08-21 22:19 . 2011-08-21 22:19 133120 c:\windows\Installer\29b06a8.msp
+ 2012-01-19 00:32 . 2012-01-19 00:32 571232 c:\windows\Installer\{90140000-006E-0413-0000-0000000FF1CE}\misc.exe
+ 2012-01-19 00:32 . 2012-01-19 00:32 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-02-28 02:13 . 2010-02-28 02:13 579968 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VPREVIEW.EXE
+ 2010-02-28 01:18 . 2010-02-28 01:18 105344 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\TRANSMGR.DLL
+ 2010-03-22 20:29 . 2010-03-22 20:29 340400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SCNPST64.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 329640 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SCNPST32.DLL
+ 2010-03-23 09:57 . 2010-03-23 09:57 415088 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\RTFHTML.DLL
+ 2010-03-01 03:56 . 2010-03-01 03:56 604024 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PUBCONV.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 308584

 

[theolugs]

c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PSTPRX32.DLL
+ 2010-03-23 09:57 . 2010-03-23 09:57 329104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLPH.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 523656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLMIME.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 122720 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLCTL.DLL
+ 2010-02-28 03:41 . 2010-02-28 03:41 615800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONWORDADDIN.DLL
+ 2010-02-28 03:41 . 2010-02-28 03:41 560512 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONPPTADDIN.DLL
+ 2010-03-29 19:26 . 2010-03-29 19:26 140144 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTEMANAGED.DLL
+ 2010-03-29 19:26 . 2010-03-29 19:26 227712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTEM.EXE
+ 2010-02-28 03:41 . 2010-02-28 03:41 533368 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNWD.DLL
+ 2010-02-28 03:41 . 2010-02-28 03:41 533376 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNPPT.DLL
+ 2010-03-01 04:19 . 2010-03-01 04:19 697728 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONBTTNOL.DLL
+ 2010-03-01 03:53 . 2010-03-01 03:53 234384 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMSXP32.DLL
+ 2010-03-01 03:53 . 2010-03-01 03:53 724352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMSMAIN.DLL
+ 2010-03-10 23:44 . 2010-03-10 23:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ODEPLOY.EXE
+ 2010-01-09 20:23 . 2010-01-09 20:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARPMANY.EXE
+ 2010-03-16 01:58 . 2010-03-16 01:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOUC.EXE
+ 2010-03-16 01:58 . 2010-03-16 01:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
+ 2009-09-04 08:02 . 2009-09-04 08:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSLID.DLL
+ 2010-01-09 20:50 . 2010-01-09 20:50 119160 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSCONV97.DLL
+ 2010-03-01 03:56 . 2010-03-01 03:56 457104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MORPH9.DLL
+ 2010-03-22 20:29 . 2010-03-22 20:29 358240 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MIMEDIR.DLL
+ 2010-03-22 20:29 . 2010-03-22 20:29 272800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MAPIPH.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 135016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IMPMAIL.DLL
+ 2010-02-28 03:41 . 2010-02-28 03:41 578472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE
+ 2010-03-22 20:30 . 2010-03-22 20:30 155008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ENVELOPE.DLL
+ 2010-03-23 09:57 . 2010-03-23 09:57 135032 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CONTAB32.DLL
+ 2010-02-28 01:19 . 2010-02-28 01:19 211320 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CLVIEW.EXE
+ 2010-03-10 23:44 . 2010-03-10 23:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004109001031400000000000F01FEC\14.0.4763\ODEPLOY.EXE
+ 2010-01-09 20:23 . 2010-01-09 20:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004109001031400000000000F01FEC\14.0.4763\OARPMANY.EXE
+ 2012-01-19 00:34 . 2012-01-19 00:34 226816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f0b0e414992b5c0c8278516109eb6fa0\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\e0729110bf400df40981ebe9fe3b20b9\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 209920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b5c4f756288fb4b299bb3011a8d6306e\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 277504 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a5d60466a887586063f81ce8af66abd8\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\8dafaf6a50a4aebdd517e95ea87c147c\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\4fb043a331811dac464185fc22c930b0\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 202752 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\052a41123acde026c3d4ce65a0797dc2\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2012-01-19 00:34 . 2012-01-19 00:34 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\6729dcbf687e4382d5ff58ceb7040c57\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\fd88fa62163855518e97d29b47b9fe00\Microsoft.Office.InfoPath.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 375808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\8b53cf727eddfa39113b13175377eb4b\Microsoft.Office.Interop.InfoPath.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 206848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\0d07d4b6a8e3c56d21ccf58834fff096\Microsoft.Office.InfoPath.Client.Internal.Host.Interop.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\466bddaa24ee20b72b303e97a6bbb170\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 343552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessD#\9a33be24e7f90e78f38cc058b4db4b29\Microsoft.BusinessData.ni.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 271440 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 271440 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.0.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 230480 c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe.Entity\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.Entity.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 448360 c:\windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2012-01-18 08:54 . 2012-01-18 08:54 385024 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2012-01-18 09:00 . 2012-01-18 09:00 147456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.resources.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 131072 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 212992 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 143360 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 176128 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 329632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 104368 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 210848 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 286720 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 374640 c:\windows\assembly\GAC_MSIL\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 115744 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data\1.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 115744 c:\windows\assembly\GAC_MSIL\Microsoft.Synchronization.Data.Server\1.0.0.0__89845dcd8080cc91\Microsoft.Synchronization.Data.Server.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 206720 c:\windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.Intl.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 299008 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 438272 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.v9.0.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 356352 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.v9.0.dll
+ 2012-01-18 08:55 . 2012-01-18 08:55 907120 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-01-18 08:55 . 2012-01-18 08:55 247680 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Publisher\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2012-01-18 08:55 . 2012-01-18 08:55 386944 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.PowerPoint\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 972664 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 161656 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 407440 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 149368 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Graph\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 546704 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 206720 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.intl.dll
+ 2012-01-18 09:01 . 2012-01-18 09:01 214920 c:\windows\assembly\GAC_MSIL\microsoft.office.businessdata.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessData.Intl.Resources.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
+ 2012-01-18 09:01 . 2012-01-18 09:01 178040 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.tools.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.intl.resources.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 665472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.RuntimeUi\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.RuntimeUi.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 116632 c:\windows\assembly\GAC_MSIL\Microsoft.BusinessData\14.0.0.0__71e9bce111e9429c\Microsoft.BusinessData.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 370608 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 120744 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 960384 c:\windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 136624 c:\windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Access.BusinessDataCatalog.DLL
- 2011-09-24 16:29 . 2011-09-24 16:29 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
- 2011-09-24 16:29 . 2011-09-24 16:29 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2012-01-18 08:52 . 2012-01-18 08:52 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2010-02-20 16:20 . 2010-02-20 16:20 1207144 c:\windows\SysWOW64\FM20.DLL
+ 2012-01-18 08:28 . 2010-11-21 03:23 1576448 c:\windows\system32\spool\drivers\x64\XpsSvcs.dll
+ 2009-07-14 04:45 . 2012-01-18 09:22 5014216 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-01-12 10:02 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-18 09:23 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-18 09:01 . 2012-01-18 09:01 1822720 c:\windows\Installer\366f5.msi
+ 2012-01-18 09:01 . 2012-01-18 09:01 1813504 c:\windows\Installer\366ea.msi
+ 2012-01-18 09:01 . 2012-01-18 09:01 2418688 c:\windows\Installer\366e4.msi
+ 2012-01-18 09:01 . 2012-01-18 09:01 1802240 c:\windows\Installer\366df.msi
+ 2012-01-18 09:01 . 2012-01-18 09:01 1817088 c:\windows\Installer\366da.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 2118656 c:\windows\Installer\366be.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 1806336 c:\windows\Installer\366af.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 1805312 c:\windows\Installer\366aa.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 1803264 c:\windows\Installer\3669d.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 1840640 c:\windows\Installer\36696.msi
+ 2012-01-18 09:00 . 2012-01-18 09:00 3064320 c:\windows\Installer\36690.msi
+ 2010-04-27 04:09 . 2010-04-27 04:09 5511680 c:\windows\Installer\3667c.msp
+ 2012-01-18 08:48 . 2012-01-18 08:48 3025408 c:\windows\Installer\36672.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 1819648 c:\windows\Installer\3666c.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 1810944 c:\windows\Installer\36667.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 1813504 c:\windows\Installer\3665d.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 2413568 c:\windows\Installer\36657.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 1800704 c:\windows\Installer\36652.msi
+ 2012-01-18 08:48 . 2012-01-18 08:48 2115584 c:\windows\Installer\3662f.msi
+ 2012-01-18 08:47 . 2012-01-18 08:47 1804800 c:\windows\Installer\3662a.msi
+ 2012-01-18 08:47 . 2012-01-18 08:47 1802240 c:\windows\Installer\36625.msi
+ 2012-01-18 08:47 . 2012-01-18 08:47 1800704 c:\windows\Installer\36620.msi
+ 2012-01-18 08:47 . 2012-01-18 08:47 2863104 c:\windows\Installer\36616.msi
+ 2011-12-12 15:13 . 2011-12-12 15:13 3461120 c:\windows\Installer\29b092a.msp
+ 2011-03-17 18:20 . 2011-03-17 18:20 1961984 c:\windows\Installer\29b090d.msp
+ 2011-10-16 13:45 . 2011-10-16 13:45 4966912 c:\windows\Installer\29b08f7.msp
+ 2011-07-21 11:34 . 2011-07-21 11:34 3456000 c:\windows\Installer\29b0891.msp
+ 2011-10-16 13:28 . 2011-10-16 13:28 1138688 c:\windows\Installer\29b0879.msp
+ 2011-10-26 21:45 . 2011-10-26 21:45 9177600 c:\windows\Installer\29b0845.msp
+ 2011-07-21 11:45 . 2011-07-21 11:45 3809792 c:\windows\Installer\29b07f7.msp
+ 2011-04-28 21:02 . 2011-04-28 21:02 3106304 c:\windows\Installer\29b07db.msp
+ 2011-10-26 22:21 . 2011-10-26 22:21 1020928 c:\windows\Installer\29b07d2.msp
+ 2011-10-26 22:23 . 2011-10-26 22:23 8821760 c:\windows\Installer\29b07ca.msp
+ 2011-07-21 11:41 . 2011-07-21 11:41 8413696 c:\windows\Installer\29b0795.msp
+ 2011-10-26 21:46 . 2011-10-26 21:46 1833472 c:\windows\Installer\29b072d.msp
+ 2011-10-26 21:47 . 2011-10-26 21:47 5275136 c:\windows\Installer\29b0717.msp
+ 2011-08-21 22:18 . 2011-08-21 22:18 1585152 c:\windows\Installer\29b06a1.msp
+ 2012-01-06 06:04 . 2012-01-06 06:04 3878912 c:\windows\Installer\27c2b68.msi
+ 2012-01-18 08:55 . 2012-01-19 00:34 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-01-18 08:55 . 2012-01-19 00:34 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-03-24 19:28 . 2010-03-24 19:28 1479520 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XLICONS.EXE
+ 2010-03-27 07:45 . 2010-03-27 07:45 5460312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WRD12CNV.DLL
+ 2010-03-24 19:28 . 2010-03-24 19:28 1858400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WORDICON.EXE
+ 2010-03-27 07:38 . 2010-03-27 07:38 1422168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WINWORD.EXE
+ 2010-02-25 10:07 . 2010-02-25 10:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VBE7.DLL
+ 2010-03-25 09:23 . 2010-03-25 09:23 1707904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL
+ 2010-03-10 23:44 . 2010-03-10 23:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SETUP.EXE
+ 2010-03-24 19:28 . 2010-03-24 19:28 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PPTICO.EXE
+ 2010-03-09 08:57 . 2010-03-09 08:57 9696616 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PPCORE.DLL
+ 2010-03-09 08:57 . 2010-03-09 08:57 2162024 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\POWERPNT.EXE
+ 2009-07-23 09:01 . 2009-07-23 09:01 3670016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLFLTR.DAT
+ 2010-03-10 23:44 . 2010-03-10 23:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OSETUP.DLL
+ 2010-03-30 07:29 . 2010-03-30 07:29 9182056 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONMAIN.DLL
+ 2010-03-30 07:29 . 2010-03-30 07:29 1676128 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONENOTE.EXE
+ 2010-03-23 09:57 . 2010-03-23 09:57 3189120 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OLMAPI32.DLL
+ 2010-03-01 04:20 . 2010-03-01 04:20 2323840 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKWORD.DLL
+ 2010-03-01 04:20 . 2010-03-01 04:20 2102656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKPOWERPOINT.DLL
+ 2010-03-01 04:20 . 2010-03-01 04:20 3355008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GKEXCEL.DLL
+ 2010-03-10 23:44 . 2010-03-10 23:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004109001031400000000000F01FEC\14.0.4763\SETUP.EXE
+ 2010-03-10 23:44 . 2010-03-10 23:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004109001031400000000000F01FEC\14.0.4763\OSETUP.DLL
+ 2012-01-18 08:56 . 2012-01-18 08:56 1787904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\923513ec3d09d629b0bdb91d7f373ce9\Microsoft.Office.InfoPath.Client.Internal.Host.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\1be00f174e7f0f17aeb6f8a8d8aa2097\Microsoft.Office.Interop.InfoPath.SemiTrust.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 3237376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\90d79cd55e515b5b527753f7d3c17f85\Microsoft.Office.BusinessData.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 4751872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\51515eca5b61e15a138a79f33374e9d2\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 1563136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\34490cdf6239b2a5aa0e7bab4dfcdab6\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2012-01-18 08:56 . 2012-01-18 08:56 2091520 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\1946cf6fd295cb23a4bf923311d66587\Microsoft.Office.BusinessApplications.RuntimeUi.ni.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 1550200 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-01-18 08:54 . 2012-01-18 08:54 1857400 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
- 2011-09-24 16:29 . 2011-09-24 16:29 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2012-01-18 08:53 . 2012-01-18 08:53 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2011-09-21 22:35 . 2012-01-19 00:35 16881920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3153752710-2568903584-3459727460-1000-8192.dat
+ 2012-01-18 08:48 . 2012-01-18 08:48 24809472 c:\windows\Installer\3667b.msi
+ 2011-10-26 21:45 . 2011-10-26 21:45 66426368 c:\windows\Installer\29b0956.msp
+ 2010-08-13 13:08 . 2010-08-13 13:08 41272320 c:\windows\Installer\29b08c2.msp
+ 2011-07-21 11:36 . 2011-07-21 11:36 66808320 c:\windows\Installer\29b08a9.msp
+ 2011-06-19 22:28 . 2011-06-19 22:28 18457088 c:\windows\Installer\29b080f.msp
+ 2010-11-11 11:52 . 2010-11-11 11:52 13486592 c:\windows\Installer\29b07ac.msp
+ 2011-10-26 21:51 . 2011-10-26 21:51 16885760 c:\windows\Installer\29b074d.msp
+ 2011-10-26 21:47 . 2011-10-26 21:47 10328064 c:\windows\Installer\29b070a.msp
+ 2011-10-26 21:49 . 2011-10-26 21:49 16245760 c:\windows\Installer\29b06f9.msp
+ 2011-10-26 21:50 . 2011-10-26 21:50 14504448 c:\windows\Installer\29b06e7.msp
+ 2011-10-26 21:49 . 2011-10-26 21:49 10427392 c:\windows\Installer\29b06d6.msp
+ 2011-10-26 21:46 . 2011-10-26 21:46 11580928 c:\windows\Installer\29b06c5.msp
+ 2011-10-22 14:21 . 2011-10-22 14:21 21515264 c:\windows\Installer\29b068a.msp
+ 2010-03-12 23:50 . 2010-03-12 23:50 17800544 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\XL12CNV.EXE
+ 2010-03-27 07:38 . 2010-03-27 07:38 19370840 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WWLIB.DLL
+ 2010-03-23 09:57 . 2010-03-23 09:57 15889248 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OUTLOOK.EXE
+ 2010-03-12 23:05 . 2010-03-12 23:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARTCONV.DLL
+ 2010-03-13 14:08 . 2010-03-13 14:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-01 03:56 . 2010-03-01 03:56 10272104 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSPUB.EXE
+ 2010-03-22 19:36 . 2010-03-22 19:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSORES.DLL
+ 2010-03-25 09:25 . 2010-03-25 09:25 30969208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GROOVE.EXE
+ 2010-03-13 13:53 . 2010-03-13 13:53 20753760 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXCEL.EXE
+ 2011-10-16 13:38 . 2011-10-16 13:38 100966912 c:\windows\Installer\29b065a.msp
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 137536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Larz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Larz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-31 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Larz\AppData\Roaming\Mozilla\Firefox\Profiles\1q5lh36e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 10.1.66.12
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Voltooingstijd: 2012-01-19 15:06:00 - machine werd herstart
ComboFix-quarantined-files.txt 2012-01-19 14:06
ComboFix2.txt 2012-01-17 12:59
.
Pre-Run: 500.742.676.480 bytes free
Post-Run: 499.983.499.264 bytes free
.
- - End Of File - - 051851A898561A1A01FBF3A110D501B5


after I ran CF, none of my apps/programs wanted to start. an alert appeared with every dubble clicksaying illegal operation attempted on object marked for deletion .. Can I fix this and how ? it's slowng everything down and confusing me .. I knew I risked it by running CF though.
the Vaio processes were programs already installed on the pc, never really paid attention te them, as i found them to be useless.

 

[theolugs]

about the VAIO processes; vaio care was a pre-installed app on my pc. it's task is to collect data about the pc's performance.
i never really used it, it just asks me if I want to start using it every few weeks. don't think i really need it, but deleting it just seemed not that good idea to me

Java: cant do anything, it won't let me .. see previous post for the alert.

 

[theolugs]

HIJACKTHIS log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:51:54, on 19/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = Larz\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Activation Service (McAWFwk) - Unknown owner - c:\PROGRA~1\mcafee\msc\mcawfwk.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14820 bytes


startup menu does not show any VAIOcare programs listed.
java not yet uninstalled, still coping with 'illegal attempt' alert.


Thank you for the help, sir!

 

[theolugs]

issues with 'illegal attempt ..' alert resolved after reboot
restarted the pc and now have full acces to every app/prog.
will continue removing outdated java software and replace with new version.

Thanks !

 

[Bobbye]

after I ran CF, none of my apps/programs wanted to start. an alert appeared with every dubble clicksaying illegal operation attempted on object marked for deletion .. Can I fix this and how ? it's slowng everything down and confusing me .

Per Cobofix directions:

Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.

==================================
Finish up any remaining instructions and I'll check them tomorrow. I'm tired and am shutting down. I have spent the last 2 hours repeating instructions.

 

[theolugs]

instructions complete, java installed , pc restarted and 'illegal attempt ... '-alert doesn't appear anymore.
you've defenitly earned some rest then, don't let work get u down ..
thx for the help!

 

[Bobbye]

I'm not real happy about the Damon Lite activity on 1/18.

DeFogger CD Emulation

To disable CD Emulation programs using DeFogger please perform these steps:

1. . Please download DeFogger to your desktop.
   Link: http://download.bleepingcomputer.com/jpshortstuff/Defogger.exe
2. . Once downloaded, double-click on the DeFogger icon to start the tool.
3. . The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
4. . When it prompts you whether or not you want to continue, please click on the Yes button to continue
5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
6. . If CD Emulation programs are present and have been disabled,

DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
---------------------------
When we've finished:
To enable CD Emulation programs using DeFogger please perform these steps:

1. . Please download DeFogger to your desktop.
2. . Once downloaded, double-click on the DeFogger icon to start the tool.
3. . The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
4. . When it prompts you whether or not you want to continue, please click on the Yes button to continue
5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
6. . If CD Emulation programs are present and have been enabled,

DeFogger will now ask you to reboot the machine. Please allow it to do so
by clicking on the OK button.
======================================
This was resolved, correct?

after I ran CF, none of my apps/programs wanted to start. an alert appeared with every dubble clicksaying illegal operation attempted on object marked for deletion .. Can I fix this and how ? it's slowng everything down and confusing me .. I knew I risked it by running CF though.

What do you suppose Sony is doing with all those samples it collects from your system? Doesn't that even make you wonder? I know about the preloads- keep them all if you want. Just don't come back in 6 months and tell me the system is slow! ALL of those preloads and sample collections are using the system resources.
=====================================
Please update and run Combofix again after you removed the emulators.

Then run this: To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==================================
I'll check the logs and if clean will finish you up.

 

[theolugs]

What do you suppose Sony is doing with all those samples it collects from your system? Doesn't that even make you wonder? I know about the preloads- keep them all if you want. Just don't come back in 6 months and tell me the system is slow! ALL of those preloads and sample collections are using the system resources.

ok, i just didn't want to remove any preinstalled programs because i didn't trust it .. I'll see if i can delete them.
I'll put the logs in the next post when i've finished the instructions.

 

[theolugs]

ComboFix 12-01-26.01 - Larz 26/01/2012 15:22:21.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1033.18.4078.2709 [GMT 1:00]
Gestart vanuit: c:\users\Larz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 ))))))))))))))))))))))))))))))
.
.
2012-01-26 14:30 . 2012-01-26 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 14:15 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE602464-6CF3-4A2D-90D4-9BAB2BA4CDCB}\mpengine.dll
2012-01-21 19:16 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-21 19:16 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-21 19:16 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-21 19:16 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-21 19:15 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-21 19:15 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-21 19:15 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-21 19:15 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 19:15 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-21 19:15 . 2011-11-17 06:35 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-21 19:15 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-21 19:15 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-21 19:15 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-21 19:15 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-19 17:25 . 2012-01-19 17:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-19 17:24 . 2012-01-19 17:24 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-01-19 17:24 . 2012-01-19 17:24 -------- d-----w- c:\program files (x86)\Java
2012-01-19 14:48 . 2012-01-19 14:51 -------- d-----w- C:\HijackThis
2012-01-18 08:53 . 2012-01-18 08:53 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-01-18 08:52 . 2012-01-18 08:52 -------- d-----w- c:\windows\PCHEALTH
2012-01-18 08:52 . 2012-01-18 08:52 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-01-18 08:50 . 2012-01-18 08:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-01-18 08:49 . 2012-01-18 08:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-01-18 08:47 . 2012-01-18 08:47 -------- d-----r- C:\MSOCache
2012-01-18 08:20 . 2012-01-18 08:20 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-18 08:20 . 2012-01-18 08:20 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-18 08:19 . 2012-01-18 08:23 -------- d-----w- c:\users\Larz\AppData\Roaming\DAEMON Tools Lite
2012-01-18 08:18 . 2012-01-18 08:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-01-17 13:09 . 2012-01-17 13:09 -------- d-----w- c:\program files (x86)\ESET
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\users\Larz\AppData\Roaming\Malwarebytes
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\users\Larz\AppData\Roaming\SUPERAntiSpyware.com
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-15 15:03 . 2012-01-15 15:34 -------- d-----w- c:\programdata\clp
2012-01-15 15:03 . 2012-01-15 23:24 -------- d-----w- c:\users\Larz\AppData\Roaming\Fighters
2012-01-15 15:02 . 2012-01-15 15:02 -------- d-----w- c:\programdata\Common Toolkit Suite
2012-01-15 15:00 . 2012-01-16 11:43 -------- d-----w- c:\programdata\Fighters
2012-01-11 12:26 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:26 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 12:25 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:25 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 12:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 16:46 . 2012-01-07 16:47 -------- d-----w- c:\users\Larz\AppData\Roaming\SecondLife
2012-01-07 16:46 . 2012-01-23 23:00 -------- d-----w- c:\users\Larz\AppData\Local\SecondLife
2012-01-07 16:44 . 2012-01-07 16:47 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\users\Larz\AppData\Local\Unity
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\program files (x86)\Unity
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 14:28 . 2011-09-24 11:11 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-01-19 17:24 . 2011-05-26 08:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-06 05:15 . 2011-10-07 08:52 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-11-21 03:27 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-21 21:44 . 2011-12-20 10:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-15 12:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:41 . 2011-12-15 12:53 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-15 12:52 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-15 12:53 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-15 12:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-19_14.01.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-26 14:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-19 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-19 14:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-26 14:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-19 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-26 14:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-01-26 13:50 54578 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-26 13:50 37294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-22 10:42 . 2012-01-26 13:50 13910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3153752710-2568903584-3459727460-1000_UserData.bin
+ 2011-09-21 19:15 . 2012-01-24 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-21 19:15 . 2012-01-19 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:15 . 2012-01-24 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-21 19:15 . 2012-01-19 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-19 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-22 10:42 . 2012-01-26 13:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-22 10:42 . 2012-01-19 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-01-18 12:28 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-23 10:00 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-09-22 10:42 . 2012-01-19 12:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-22 10:42 . 2012-01-26 13:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-22 10:42 . 2012-01-19 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-22 10:42 . 2012-01-26 13:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 19:55 . 2012-01-19 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:55 . 2012-01-26 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:55 . 2012-01-26 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 19:55 . 2012-01-19 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-20 16:40 . 2012-01-20 16:40 35264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 76200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 43464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 79776 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 24504 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.resources.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 28600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 15208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 15784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 27528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 14240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 56184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 17840 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.resources.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 12720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 91512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 27056 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.resources.dll
- 2012-01-18 08:55 . 2012-01-19 00:34 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-25 10:07 . 2010-02-25 10:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VBAJET32.DLL
+ 2010-01-09 20:47 . 2010-01-09 20:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\THOCRAPI.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL
+ 2010-02-28 01:13 . 2010-02-28 01:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MUOPTIN.DLL
+ 2010-03-01 04:17 . 2010-03-01 04:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL
+ 2010-01-10 18:48 . 2010-01-10 18:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOCFU.DLL
+ 2010-03-01 04:09 . 2010-03-01 04:09 61832 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSAEXP30.DLL
+ 2010-03-12 23:59 . 2010-03-12 23:59 14208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICUI.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXP_XPS.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACERCLR.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODTXT.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODEXL.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODDBS.DLL
+ 2010-03-23 09:54 . 2010-03-23 09:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEERR.DLL
+ 2010-02-28 03:33 . 2010-02-28 03:33 93576 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCOLK.DLL
+ 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCESSPL.DLL
+ 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACC12PL.DLL
+ 2012-01-21 16:39 . 2012-01-21 16:39 28160 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\8301416694cb22f15077e6d433e59e2a\Microsoft.Office.Tools.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 55808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7ce7180a1e9ef37cd133a88e7cfa35ac\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 21504 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\75734390d4c4dc617095e32e52ef7525\Microsoft.Office.Tools.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 45056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\50d6a3f6411155288bd7462c86184215\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d1f2d3b5e187e3bc12ec2522bb845392\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 86016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9b2b2e2e66a51e68a2679339ce4e4a77\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\71a6663950cfe588237265f13a6a9f8f\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5b75d5795521241fb2344a38cf42f295\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\19a56cfd48276cdd930333131e029afe\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f9ac3f5d32bfdb6e11210fa4debc4ec1\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f49ab7f96c66031f641e2390ff85b71b\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ea0945a1fd1d5da1b9b9eb8df39687ac\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cd2766ef74cee07c420507db80aed932\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b97304651681e8187cb08b85ee71af27\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\92241baa98c147f5b67ed2ffb566e7a3\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\739f346c180e2f07b7b27716760245ad\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\723bdb36a46e387e81a1326318f096fc\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\560af98e8232dfaa8f745112ed6b8be1\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0682fc9eff42e1bb0843c1f738d6dbbe\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.dll
- 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
- 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 83896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 10192 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 63408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 77752 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 23976 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 62392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 55256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 32688 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 38856 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 35256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 24496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
+ 2011-10-02 23:52 . 2012-01-19 17:10 5958 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-26 13:48 . 2012-01-26 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-19 14:01 . 2012-01-19 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-19 14:01 . 2012-01-19 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-26 13:48 . 2012-01-26 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-19 17:24 . 2012-01-19 17:24 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-19 17:24 . 2012-01-19 17:24 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-01-19 17:24 . 2012-01-19 17:24 149280 c:\windows\SysWOW64\java.exe
+ 2011-09-21 19:42 . 2012-01-26 13:42 266108 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-01-26 13:44 510760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-19 14:00 510760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-20 16:43 . 2012-01-20 16:43 397208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 151472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 133544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 201648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 163744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 141688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 341392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 139672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 171384 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 465304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 357272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.dll
+ 2012-01-19 17:24 . 2012-01-19 17:24 207360 c:\windows\Installer\41ee8.msi
+ 2011-04-28 21:41 . 2011-04-28 21:41 655360 c:\windows\Installer\1203134.msp
+ 2011-04-28 21:32 . 2011-04-28 21:32 608768 c:\windows\Installer\1203105.msp
+ 2011-04-28 19:27 . 2011-04-28 19:27 608768 c:\windows\Installer\12030ff.msp

 

[theolugs]

+ 2012-01-20 16:40 . 2012-01-20 16:40 571232 c:\windows\Installer\{90140000-006E-0413-0000-0000000FF1CE}\misc.exe
- 2012-01-19 00:32 . 2012-01-19 00:32 571232 c:\windows\Installer\{90140000-006E-0413-0000-0000000FF1CE}\misc.exe
+ 2012-01-20 16:40 . 2012-01-20 16:40 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2012-01-19 00:32 . 2012-01-19 00:32 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-02-13 05:25 . 2010-02-13 05:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
+ 2011-03-02 06:20 . 2011-03-02 06:20 169864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OARPMANY.EXE
+ 2010-01-09 20:47 . 2010-01-09 20:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL
+ 2010-03-01 04:09 . 2010-03-01 04:09 524176 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOA.DLL
+ 2010-03-25 09:23 . 2010-03-25 09:23 203632 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SHAREPOINTPROVIDER.DLL
+ 2010-02-28 01:13 . 2010-02-28 01:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SELFCERT.EXE
+ 2010-03-01 03:56 . 2010-03-01 03:56 647552 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PTXT9.DLL
+ 2010-02-28 01:22 . 2010-02-28 01:22 139136 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PRTF9.DLL
+ 2010-02-28 01:21 . 2010-02-28 01:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OISGRAPH.DLL
+ 2010-02-28 01:21 . 2010-02-28 01:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OISAPP.DLL
+ 2010-02-28 01:21 . 2010-02-28 01:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OIS.EXE
+ 2010-02-28 01:09 . 2010-02-28 01:09 401784 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OFFXML.DLL
+ 2010-02-28 01:15 . 2010-02-28 01:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSTORDB.EXE
+ 2010-03-29 20:47 . 2010-03-29 20:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSPROOF6.DLL
+ 2010-03-24 19:28 . 2010-03-24 19:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOICONS.EXE
+ 2010-03-06 04:29 . 2010-03-06 04:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSODCW.DLL
+ 2010-03-01 04:17 . 2010-03-01 04:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOCF.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 787864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSET7TKJP.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 512392 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSET7TK.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 543144 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSET7.DLL
+ 2010-03-24 19:28 . 2010-03-24 19:28 571232 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MISC.EXE
+ 2010-02-28 01:15 . 2010-02-28 01:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MEDCAT.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 427904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBITOOL.DLL
+ 2012-01-18 08:54 . 2012-01-18 08:54 169856 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBITOIN.DLL
+ 2010-03-12 23:58 . 2010-03-12 23:58 960384 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIOBDR.DLL
+ 2012-01-18 08:54 . 2012-01-18 08:54 960384 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIOBDA.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 567168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICLNT.DLL
+ 2010-03-12 23:58 . 2010-03-12 23:58 567168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICLNR.DLL
+ 2010-03-13 13:54 . 2010-03-13 13:54 447872 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICLI.DLL
+ 2010-03-12 23:58 . 2010-03-12 23:58 518016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIBDCR.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 518016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIBDCA.DLL
+ 2010-03-29 19:45 . 2010-03-29 19:45 169352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IPOLK.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 178560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IETAG.DLL
+ 2010-03-24 20:17 . 2010-03-24 20:17 944008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GROOVEMN.EXE
+ 2010-02-04 03:41 . 2010-02-04 03:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FLTLDR.EXE
+ 2010-02-25 10:07 . 2010-02-25 10:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXPSRV.DLL
+ 2010-03-23 10:03 . 2010-03-23 10:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXP_PDF.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 115584 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EMABLT32.DLL
+ 2010-02-28 01:09 . 2010-02-28 01:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\DWTRIG20.EXE
+ 2010-03-01 04:18 . 2010-03-01 04:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CDLMSO.DLL
+ 2010-01-18 19:59 . 2010-01-18 19:59 998776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ASMAIN.DLL
+ 2010-01-18 19:59 . 2010-01-18 19:59 100280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ASLTS.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEXBE.DLL
+ 2010-03-01 04:19 . 2010-03-01 04:19 247200 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEWSS.DLL
+ 2010-03-23 09:54 . 2010-03-23 09:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACETXT.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEREP.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACER3X.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODBC.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEEXCL.DLL
+ 2010-03-23 09:54 . 2010-03-23 09:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEEXCH.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEES.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEDAO.DLL
+ 2010-02-28 03:33 . 2010-02-28 03:33 164224 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCWIZ.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACACEDAO.DLL
+ 2012-01-21 16:40 . 2012-01-21 16:40 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\ff4466a4f4edd74967ffd68b32ed42fe\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\f244c79b2b74ce5d958992b035bcae5b\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\e3c203e0682e3d84c5abe2bbf67f36ee\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\431e8f8fb8c650e566bfff9fa1114690\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 864256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\1423e98c74015fd6dff8acb6672845d9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 232448 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\05e62412ad3f1f3f4b3cab5b35c61840\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7e0c3e59372160f90d0c17225f5c0e1a\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7da8e01276e9763783ff11a7ae146c5f\Microsoft.Office.Tools.Common.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\14b878bd3fdd08127dd20c7cf94173f2\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 408064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\0238950e134b6596f5ae0375f726623d\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ffd9b07ace24d2bf89125ea752ef7fea\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b446243289b12f0a35cb4add1d8890cd\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\95028b0c307584cd7b7d8f22cbe7bb5b\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6f0b990bda795ca0b7634a8e56451461\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\47c9ac4a2b48ce02882611672b83c575\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\386e68533c104553fdbc79046e17fbd9\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\efef7199c4c98dcd2885a1655444ad5e\Microsoft.Office.Tools.Common.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 864768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e8b60345c1eb1889caf2510e68b67d8c\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\658c69c4555a409a4c8e18e05c586373\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\4636f87c243bcf600432719affa8d4a9\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\0aac6bb26c060363f8f4775300826859\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\06e93a16031b00d7c4249f6881ea39aa\Microsoft.Office.Tools.Word.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\decc2b5bc04141ba4044a81ae2245ba9\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d6758646ef3d5f5cfd06dc5025f82fa0\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bab8b770342bef1373dd65a6cd97ae95\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7c0236b6ab381ec1705e433184da9680\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\75efd918615705fa0081fcf2d76f8ff5\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\65c3b9746c2c5c232e034ac1cac13c41\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5fc9062052ebbdba79977711e2caab00\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\2309cae238d6ddd62ece03206462961b\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
- 2011-10-16 14:28 . 2011-10-16 14:28 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ea86cbc92df84b8ed738d47665bbd7a8\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c64e7f1b2e8f4526bd5de1208e5fb340\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c12ae83849416530bedf214fdfd384b4\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\96c9f4776983ce5117071c54957ca686\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6aed22875a2d7f279fe80f6eba524b7e\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\61692eac1c7ea834c23d796a871a1f67\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\193931d8a264d135001ea449464b9383\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\152c691207b01ef89bddb468f1f838f8\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\14c004acbf02bd8f341bb1328d56e270\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\00ee7d81dc0f0e79eb7c0d1ae2ce785f\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\5174700093ff14fdc5d80e3b0b4c91cf\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 363936 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 157624 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 193472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 153008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
- 2012-01-18 08:54 . 2012-01-18 08:54 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 178040 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.tools.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.intl.resources.dll
- 2012-01-18 09:01 . 2012-01-18 09:01 178040 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.tools.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.intl.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 964480 c:\windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
+ 2010-10-20 11:44 . 2010-10-20 11:44 1207656 c:\windows\SysWOW64\FM20.DLL
+ 2009-07-14 02:34 . 2012-01-22 18:20 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-01-12 09:56 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 04:45 . 2012-01-22 18:23 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-18 09:23 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-09-24 16:15 . 2012-01-26 13:44 1321336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-24 06:53 . 2012-01-24 06:53 3629056 c:\windows\Installer\2baf108.msi
+ 2011-04-28 22:33 . 2011-04-28 22:33 5870080 c:\windows\Installer\120312c.msp
+ 2011-04-28 20:26 . 2011-04-28 20:26 3651072 c:\windows\Installer\1202f4c.msp
+ 2011-04-28 19:26 . 2011-04-28 19:26 3994624 c:\windows\Installer\1202f2a.msp
+ 2011-04-28 20:13 . 2011-04-28 20:13 1843712 c:\windows\Installer\1202ef7.msp
+ 2011-04-28 19:26 . 2011-04-28 19:26 2426880 c:\windows\Installer\1202ee7.msp
- 2012-01-18 08:55 . 2012-01-19 00:34 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-10-28 15:33 . 2010-10-28 15:33 1100152 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\SETUP.EXE
+ 2010-12-21 00:08 . 2010-12-21 00:08 5790056 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OSETUP.DLL
+ 2010-02-17 20:56 . 2010-02-17 20:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WKCONV.EXE
+ 2010-02-28 01:55 . 2010-02-28 01:55 1040736 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\UMOUTLOOKADDIN.DLL
+ 2010-03-01 04:07 . 2010-03-01 04:07 2831768 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\STSLIST.DLL
+ 2010-03-30 07:29 . 2010-03-30 07:29 1177968 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONFILTER.DLL
+ 2010-01-09 20:24 . 2010-01-09 20:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OIMG.DLL
+ 2010-02-28 01:19 . 2010-02-28 01:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OFFOWC.DLL
+ 2010-03-29 20:48 . 2010-03-29 20:48 6629808 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\NL7MODELS0011.DLL
+ 2010-03-29 20:48 . 2010-03-29 20:48 2460080 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\NL7LEXICONS0011.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 7467440 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\NL7DATA0011.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 1689472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBISYNC.DLL
+ 2010-03-30 07:36 . 2010-03-30 07:36 5496688 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IPEDITOR.DLL
+ 2010-03-30 07:36 . 2010-03-30 07:36 5867896 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IPDESIGN.DLL
+ 2010-03-30 07:36 . 2010-03-30 07:36 1734000 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INFOPATH.EXE
+ 2010-03-12 21:45 . 2010-03-12 21:45 4299648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GRAPH.EXE
+ 2010-03-01 04:08 . 2010-03-01 04:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GFX.DLL
+ 2010-02-20 16:20 . 2010-02-20 16:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FM20.DLL
+ 2010-01-18 19:59 . 2010-01-18 19:59 2182040 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ASSAPIFE.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEWDAT.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACECORE.DLL
+ 2010-03-24 19:28 . 2010-03-24 19:28 1449312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCICONS.EXE
+ 2012-01-18 08:54 . 2012-01-18 08:54 1857400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCESS.DLL
+ 2012-01-21 16:40 . 2012-01-21 16:40 2034688 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\5c8ad6ab883df8044d8d7f474c8b16be\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 1117184 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\5be8cdb1f33142b52ff128672b87d70b\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\373e114bba9eeabeef6c90bb57cec250\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\027bac94fcf73a9bf17802dc66182095\Microsoft.Office.Tools.Word.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\b256341c2a367f33af895485bb309e63\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\7f231ac348acc848236c5a2878f6706a\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-01-20 16:44 . 2012-01-20 16:44 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
- 2011-10-16 11:30 . 2011-10-16 11:30 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
- 2011-10-16 14:28 . 2011-10-16 14:28 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\ce4585c5d5730daacd0d1e709a21efd2\Microsoft.Office.BusinessData.ni.dll
+ 2012-01-20 16:44 . 2012-01-20 16:44 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\b5f035ed367de31fb3c49d0e83060002\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2500054cf96b7709cb17b45c6c790546\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
- 2012-01-18 08:54 . 2012-01-18 08:54 1857400 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 1857400 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
- 2011-09-21 22:35 . 2012-01-19 00:35 16881920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3153752710-2568903584-3459727460-1000-8192.dat
+ 2011-09-21 22:35 . 2012-01-26 13:44 16881920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3153752710-2568903584-3459727460-1000-8192.dat
+ 2012-01-19 17:24 . 2012-01-19 17:24 12905472 c:\windows\Installer\41ee3.msi
+ 2011-04-28 22:28 . 2011-04-28 22:28 16972800 c:\windows\Installer\1203126.msp
+ 2011-04-28 22:28 . 2011-04-28 22:28 11056128 c:\windows\Installer\120311d.msp
+ 2011-04-28 19:34 . 2011-04-28 19:34 11155456 c:\windows\Installer\1203115.msp
+ 2011-04-28 22:28 . 2011-04-28 22:28 15230976 c:\windows\Installer\120310d.msp
+ 2011-04-28 20:50 . 2011-04-28 20:50 14219776 c:\windows\Installer\1202f99.msp
+ 2011-04-28 19:27 . 2011-04-28 19:27 14467072 c:\windows\Installer\1202f56.msp
+ 2011-04-28 19:27 . 2011-04-28 19:27 13031936 c:\windows\Installer\1202f1b.msp
+ 2010-03-01 04:09 . 2010-03-01 04:09 13988704 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSACCESS.EXE
+ 2012-01-21 16:39 . 2012-01-21 16:39 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\06e5638d1925f6cf87ff8fad1ef06d75\System.Core.ni.dll
- 2011-10-15 15:21 . 2011-10-15 15:21 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\06e5638d1925f6cf87ff8fad1ef06d75\System.Core.ni.dll
+ 2012-01-20 16:44 . 2012-01-20 16:44 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
- 2011-10-16 11:30 . 2011-10-16 11:30 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
+ 2011-04-28 19:33 . 2011-04-28 19:33 425345024 c:\windows\Installer\12030f9.msp
.
-- Snapshot teruggezet naar huidige datum (placed to current date) --

 

[theolugs]

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Larz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Larz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-31 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Larz\AppData\Roaming\Mozilla\Firefox\Profiles\1q5lh36e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 10.1.66.12
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-01-26 15:31:40
ComboFix-quarantined-files.txt 2012-01-26 14:31
ComboFix2.txt 2012-01-19 14:06
ComboFix3.txt 2012-01-17 12:59
.
Pre-Run: 483.103.694.848 bytes free
Post-Run: 483.053.600.768 bytes free
.
- - End Of File - - 130876E2B67EDC9C6451DDA4CD4DA1D7

ESET did not produce log.


issue with "illegal operation attempted on object marked for deletion" is resolved.

VAIO preinstalled programs seem to be just crappy freeware according to forums and review. looking into unistalling them, i'm on that now.

 

[Bobbye]

Okay, looking good. A couple of entries to check in HijackThis:

Please reopen HijackThis to 'do system scan only.' Check each of the following- if found:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

Close all Windows except HijackThis and click on "Fix Checked."
======================================
Question: Did you set this up?
2012-01-16 13:16:20 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
=======================================
Comment: The proxy is still in Firefox: FF - prefs.js: network.proxy.http_port - 8080
Did you reset the proxy per my Reply #11?
========================================
Have all of the problems been resolved?

 

[theolugs]

found and removed 6 of 7 via HijackThis, it did show an alert before scanning saying
'system denied acces to Hosts files' c:/windows/system32/drivers/etc/hosts

about the C:\Windows\SysWow64\TempWmicBatchFile.bat , i looked it up and found it was created 29-09-2011, this being around the date bought it. it was last modified today according to the properties details.

I'm sure I didn't create it myself, because I don't usually dare messing with data in that area.


I did reset the proxy, yet I need to use certain proxy to acces wireless internet at school. I'll reset it again.

haven't noticed ant problems lately, no signs of malware activities that i'd relate to the infection I stumbled upon.
I am sometimes coping with my pc not wanting to shut down. although it only occurs when I had it in sleep mode for a while and then shut it down about an hour later.
It keeps showing the 'shutting down' screen, even after I once let it run for more than 20mins.