[Solved] Win 7 'Antispyware' 2012 malware infection

theolugs · Jan 28, 2012

ComboFix 12-01-26.01 - Larz 26/01/2012 15:22:21.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1033.18.4078.2709 [GMT 1:00]
Gestart vanuit: c:\users\Larz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 ))))))))))))))))))))))))))))))
.
.
2012-01-26 14:30 . 2012-01-26 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 14:15 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE602464-6CF3-4A2D-90D4-9BAB2BA4CDCB}\mpengine.dll
2012-01-21 19:16 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-21 19:16 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-21 19:16 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-21 19:16 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-21 19:15 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-21 19:15 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-21 19:15 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-21 19:15 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 19:15 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-21 19:15 . 2011-11-17 06:35 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-21 19:15 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-21 19:15 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-21 19:15 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-21 19:15 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-19 17:25 . 2012-01-19 17:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-19 17:24 . 2012-01-19 17:24 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-01-19 17:24 . 2012-01-19 17:24 -------- d-----w- c:\program files (x86)\Java
2012-01-19 14:48 . 2012-01-19 14:51 -------- d-----w- C:\HijackThis
2012-01-18 08:53 . 2012-01-18 08:53 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-01-18 08:52 . 2012-01-18 08:52 -------- d-----w- c:\windows\PCHEALTH
2012-01-18 08:52 . 2012-01-18 08:52 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-01-18 08:50 . 2012-01-18 08:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-01-18 08:49 . 2012-01-18 08:49 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-01-18 08:47 . 2012-01-18 08:47 -------- d-----r- C:\MSOCache
2012-01-18 08:20 . 2012-01-18 08:20 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-18 08:20 . 2012-01-18 08:20 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-18 08:19 . 2012-01-18 08:23 -------- d-----w- c:\users\Larz\AppData\Roaming\DAEMON Tools Lite
2012-01-18 08:18 . 2012-01-18 08:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-01-17 13:09 . 2012-01-17 13:09 -------- d-----w- c:\program files (x86)\ESET
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\users\Larz\AppData\Roaming\Malwarebytes
2012-01-15 21:17 . 2012-01-15 21:17 -------- d-----w- c:\programdata\Malwarebytes
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\users\Larz\AppData\Roaming\SUPERAntiSpyware.com
2012-01-15 15:45 . 2012-01-15 15:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-15 15:03 . 2012-01-15 15:34 -------- d-----w- c:\programdata\clp
2012-01-15 15:03 . 2012-01-15 23:24 -------- d-----w- c:\users\Larz\AppData\Roaming\Fighters
2012-01-15 15:02 . 2012-01-15 15:02 -------- d-----w- c:\programdata\Common Toolkit Suite
2012-01-15 15:00 . 2012-01-16 11:43 -------- d-----w- c:\programdata\Fighters
2012-01-11 12:26 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:26 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 12:26 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 12:25 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:25 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 12:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-07 16:46 . 2012-01-07 16:47 -------- d-----w- c:\users\Larz\AppData\Roaming\SecondLife
2012-01-07 16:46 . 2012-01-23 23:00 -------- d-----w- c:\users\Larz\AppData\Local\SecondLife
2012-01-07 16:44 . 2012-01-07 16:47 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\users\Larz\AppData\Local\Unity
2012-01-05 14:52 . 2012-01-05 14:52 -------- d-----w- c:\program files (x86)\Unity
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-12-27 18:47 . 2011-12-27 18:47 -------- d-----w- c:\users\Larz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 14:28 . 2011-09-24 11:11 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-01-19 17:24 . 2011-05-26 08:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-06 05:15 . 2011-10-07 08:52 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-04 09:26 . 2010-11-21 03:27 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-21 21:44 . 2011-12-20 10:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-15 12:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:41 . 2011-12-15 12:53 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-15 12:52 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-15 12:53 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-15 12:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-15 12:52 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-19_14.01.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-26 14:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-19 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-19 14:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-26 14:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-19 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-26 14:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-01-26 13:50 54578 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-26 13:50 37294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-22 10:42 . 2012-01-26 13:50 13910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3153752710-2568903584-3459727460-1000_UserData.bin
+ 2011-09-21 19:15 . 2012-01-24 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-21 19:15 . 2012-01-19 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:15 . 2012-01-24 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-21 19:15 . 2012-01-19 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-19 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-22 10:42 . 2012-01-26 13:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-22 10:42 . 2012-01-19 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-01-18 12:28 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-23 10:00 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-09-22 10:42 . 2012-01-19 12:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-22 10:42 . 2012-01-26 13:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-22 10:42 . 2012-01-19 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-22 10:42 . 2012-01-26 13:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 19:55 . 2012-01-19 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:55 . 2012-01-26 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-21 19:55 . 2012-01-26 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 19:55 . 2012-01-19 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-20 16:40 . 2012-01-20 16:40 35264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 76200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 43464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 79776 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 24504 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.resources.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 28600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 15208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 15784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 27528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 14240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 56184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 17840 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.resources.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 12720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 91512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 27056 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.resources.dll
- 2012-01-18 08:55 . 2012-01-19 00:34 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-25 10:07 . 2010-02-25 10:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VBAJET32.DLL
+ 2010-01-09 20:47 . 2010-01-09 20:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\THOCRAPI.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL
+ 2010-02-28 01:13 . 2010-02-28 01:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MUOPTIN.DLL
+ 2010-03-01 04:17 . 2010-03-01 04:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL
+ 2010-01-10 18:48 . 2010-01-10 18:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOCFU.DLL
+ 2010-03-01 04:09 . 2010-03-01 04:09 61832 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSAEXP30.DLL
+ 2010-03-12 23:59 . 2010-03-12 23:59 14208 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICUI.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXP_XPS.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACERCLR.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODTXT.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODEXL.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODDBS.DLL
+ 2010-03-23 09:54 . 2010-03-23 09:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEERR.DLL
+ 2010-02-28 03:33 . 2010-02-28 03:33 93576 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCOLK.DLL
+ 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCESSPL.DLL
+ 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACC12PL.DLL
+ 2012-01-21 16:39 . 2012-01-21 16:39 28160 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\8301416694cb22f15077e6d433e59e2a\Microsoft.Office.Tools.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 55808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7ce7180a1e9ef37cd133a88e7cfa35ac\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 21504 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\75734390d4c4dc617095e32e52ef7525\Microsoft.Office.Tools.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 45056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\50d6a3f6411155288bd7462c86184215\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d1f2d3b5e187e3bc12ec2522bb845392\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 86016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9b2b2e2e66a51e68a2679339ce4e4a77\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\71a6663950cfe588237265f13a6a9f8f\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5b75d5795521241fb2344a38cf42f295\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\19a56cfd48276cdd930333131e029afe\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f9ac3f5d32bfdb6e11210fa4debc4ec1\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f49ab7f96c66031f641e2390ff85b71b\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ea0945a1fd1d5da1b9b9eb8df39687ac\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cd2766ef74cee07c420507db80aed932\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b97304651681e8187cb08b85ee71af27\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\92241baa98c147f5b67ed2ffb566e7a3\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\739f346c180e2f07b7b27716760245ad\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\723bdb36a46e387e81a1326318f096fc\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\560af98e8232dfaa8f745112ed6b8be1\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0682fc9eff42e1bb0843c1f738d6dbbe\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.dll
- 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
- 2012-01-18 08:52 . 2012-01-18 08:52 11656 c:\windows\assembly\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 83896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 10192 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 63408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 77752 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 23976 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 62392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 55256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 32688 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 38856 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 35256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 24496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
+ 2011-10-02 23:52 . 2012-01-19 17:10 5958 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-26 13:48 . 2012-01-26 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-19 14:01 . 2012-01-19 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-19 14:01 . 2012-01-19 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-26 13:48 . 2012-01-26 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-19 17:24 . 2012-01-19 17:24 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-19 17:24 . 2012-01-19 17:24 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-01-19 17:24 . 2012-01-19 17:24 149280 c:\windows\SysWOW64\java.exe
+ 2011-09-21 19:42 . 2012-01-26 13:42 266108 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-01-26 13:44 510760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-19 14:00 510760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-20 16:43 . 2012-01-20 16:43 397208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 151472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.resources\v4.0_10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 133544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 201648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 163744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 141688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 341392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 139672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 171384 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 465304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 357272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.dll
+ 2012-01-19 17:24 . 2012-01-19 17:24 207360 c:\windows\Installer\41ee8.msi
+ 2011-04-28 21:41 . 2011-04-28 21:41 655360 c:\windows\Installer\1203134.msp
+ 2011-04-28 21:32 . 2011-04-28 21:32 608768 c:\windows\Installer\1203105.msp
+ 2011-04-28 19:27 . 2011-04-28 19:27 608768 c:\windows\Installer\12030ff.msp

theolugs · Jan 28, 2012

+ 2012-01-20 16:40 . 2012-01-20 16:40 571232 c:\windows\Installer\{90140000-006E-0413-0000-0000000FF1CE}\misc.exe
- 2012-01-19 00:32 . 2012-01-19 00:32 571232 c:\windows\Installer\{90140000-006E-0413-0000-0000000FF1CE}\misc.exe
+ 2012-01-20 16:40 . 2012-01-20 16:40 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2012-01-19 00:32 . 2012-01-19 00:32 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-02-13 05:25 . 2010-02-13 05:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
+ 2011-03-02 06:20 . 2011-03-02 06:20 169864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OARPMANY.EXE
+ 2010-01-09 20:47 . 2010-01-09 20:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL
+ 2010-03-01 04:09 . 2010-03-01 04:09 524176 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SOA.DLL
+ 2010-03-25 09:23 . 2010-03-25 09:23 203632 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SHAREPOINTPROVIDER.DLL
+ 2010-02-28 01:13 . 2010-02-28 01:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\SELFCERT.EXE
+ 2010-03-01 03:56 . 2010-03-01 03:56 647552 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PTXT9.DLL
+ 2010-02-28 01:22 . 2010-02-28 01:22 139136 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\PRTF9.DLL
+ 2010-02-28 01:21 . 2010-02-28 01:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OISGRAPH.DLL
+ 2010-02-28 01:21 . 2010-02-28 01:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OISAPP.DLL
+ 2010-02-28 01:21 . 2010-02-28 01:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OIS.EXE
+ 2010-02-28 01:09 . 2010-02-28 01:09 401784 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OFFXML.DLL
+ 2010-02-28 01:15 . 2010-02-28 01:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSTORDB.EXE
+ 2010-03-29 20:47 . 2010-03-29 20:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSPROOF6.DLL
+ 2010-03-24 19:28 . 2010-03-24 19:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOICONS.EXE
+ 2010-03-06 04:29 . 2010-03-06 04:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSODCW.DLL
+ 2010-03-01 04:17 . 2010-03-01 04:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSOCF.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 787864 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSET7TKJP.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 512392 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSET7TK.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 543144 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSET7.DLL
+ 2010-03-24 19:28 . 2010-03-24 19:28 571232 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MISC.EXE
+ 2010-02-28 01:15 . 2010-02-28 01:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MEDCAT.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 427904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBITOOL.DLL
+ 2012-01-18 08:54 . 2012-01-18 08:54 169856 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBITOIN.DLL
+ 2010-03-12 23:58 . 2010-03-12 23:58 960384 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIOBDR.DLL
+ 2012-01-18 08:54 . 2012-01-18 08:54 960384 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIOBDA.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 567168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICLNT.DLL
+ 2010-03-12 23:58 . 2010-03-12 23:58 567168 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICLNR.DLL
+ 2010-03-13 13:54 . 2010-03-13 13:54 447872 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBICLI.DLL
+ 2010-03-12 23:58 . 2010-03-12 23:58 518016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIBDCR.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 518016 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBIBDCA.DLL
+ 2010-03-29 19:45 . 2010-03-29 19:45 169352 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IPOLK.DLL
+ 2010-03-22 19:36 . 2010-03-22 19:36 178560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IETAG.DLL
+ 2010-03-24 20:17 . 2010-03-24 20:17 944008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GROOVEMN.EXE
+ 2010-02-04 03:41 . 2010-02-04 03:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FLTLDR.EXE
+ 2010-02-25 10:07 . 2010-02-25 10:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXPSRV.DLL
+ 2010-03-23 10:03 . 2010-03-23 10:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EXP_PDF.DLL
+ 2010-03-22 20:30 . 2010-03-22 20:30 115584 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\EMABLT32.DLL
+ 2010-02-28 01:09 . 2010-02-28 01:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\DWTRIG20.EXE
+ 2010-03-01 04:18 . 2010-03-01 04:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\CDLMSO.DLL
+ 2010-01-18 19:59 . 2010-01-18 19:59 998776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ASMAIN.DLL
+ 2010-01-18 19:59 . 2010-01-18 19:59 100280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ASLTS.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEXBE.DLL
+ 2010-03-01 04:19 . 2010-03-01 04:19 247200 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEWSS.DLL
+ 2010-03-23 09:54 . 2010-03-23 09:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACETXT.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEREP.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACER3X.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL
+ 2010-03-22 19:51 . 2010-03-22 19:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEODBC.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEEXCL.DLL
+ 2010-03-23 09:54 . 2010-03-23 09:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEEXCH.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEES.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEDAO.DLL
+ 2010-02-28 03:33 . 2010-02-28 03:33 164224 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCWIZ.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACACEDAO.DLL
+ 2012-01-21 16:40 . 2012-01-21 16:40 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\ff4466a4f4edd74967ffd68b32ed42fe\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\f244c79b2b74ce5d958992b035bcae5b\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\e3c203e0682e3d84c5abe2bbf67f36ee\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\431e8f8fb8c650e566bfff9fa1114690\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 864256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\1423e98c74015fd6dff8acb6672845d9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 232448 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\05e62412ad3f1f3f4b3cab5b35c61840\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7e0c3e59372160f90d0c17225f5c0e1a\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7da8e01276e9763783ff11a7ae146c5f\Microsoft.Office.Tools.Common.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\14b878bd3fdd08127dd20c7cf94173f2\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 408064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\0238950e134b6596f5ae0375f726623d\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ffd9b07ace24d2bf89125ea752ef7fea\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b446243289b12f0a35cb4add1d8890cd\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\95028b0c307584cd7b7d8f22cbe7bb5b\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6f0b990bda795ca0b7634a8e56451461\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\47c9ac4a2b48ce02882611672b83c575\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\386e68533c104553fdbc79046e17fbd9\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\efef7199c4c98dcd2885a1655444ad5e\Microsoft.Office.Tools.Common.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 864768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e8b60345c1eb1889caf2510e68b67d8c\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\658c69c4555a409a4c8e18e05c586373\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\4636f87c243bcf600432719affa8d4a9\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\0aac6bb26c060363f8f4775300826859\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\06e93a16031b00d7c4249f6881ea39aa\Microsoft.Office.Tools.Word.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\decc2b5bc04141ba4044a81ae2245ba9\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d6758646ef3d5f5cfd06dc5025f82fa0\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bab8b770342bef1373dd65a6cd97ae95\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7c0236b6ab381ec1705e433184da9680\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\75efd918615705fa0081fcf2d76f8ff5\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\65c3b9746c2c5c232e034ac1cac13c41\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5fc9062052ebbdba79977711e2caab00\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\2309cae238d6ddd62ece03206462961b\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
- 2011-10-16 14:28 . 2011-10-16 14:28 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ea86cbc92df84b8ed738d47665bbd7a8\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c64e7f1b2e8f4526bd5de1208e5fb340\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c12ae83849416530bedf214fdfd384b4\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\96c9f4776983ce5117071c54957ca686\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6aed22875a2d7f279fe80f6eba524b7e\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\61692eac1c7ea834c23d796a871a1f67\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\193931d8a264d135001ea449464b9383\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\152c691207b01ef89bddb468f1f838f8\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\14c004acbf02bd8f341bb1328d56e270\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\00ee7d81dc0f0e79eb7c0d1ae2ce785f\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll
+ 2012-01-21 16:38 . 2012-01-21 16:38 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\5174700093ff14fdc5d80e3b0b4c91cf\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 363936 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2012-01-20 16:40 . 2012-01-20 16:40 157624 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.resources\10.0.0.0_nl_b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 193472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 153008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 427904 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
- 2012-01-18 08:54 . 2012-01-18 08:54 169856 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Tools.Intl\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.Intl.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 178040 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.tools.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.intl.resources.dll
- 2012-01-18 09:01 . 2012-01-18 09:01 178040 c:\windows\assembly\GAC_MSIL\microsoft.office.businessapplications.tools.intl.resources\14.0.0.0_nl_71e9bce111e9429c\Microsoft.Office.BusinessApplications.Tools.intl.resources.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 567168 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Runtime\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.Runtime.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 518016 c:\windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 964480 c:\windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
+ 2010-10-20 11:44 . 2010-10-20 11:44 1207656 c:\windows\SysWOW64\FM20.DLL
+ 2009-07-14 02:34 . 2012-01-22 18:20 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-01-12 09:56 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 04:45 . 2012-01-22 18:23 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-18 09:23 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-09-24 16:15 . 2012-01-26 13:44 1321336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-24 06:53 . 2012-01-24 06:53 3629056 c:\windows\Installer\2baf108.msi
+ 2011-04-28 22:33 . 2011-04-28 22:33 5870080 c:\windows\Installer\120312c.msp
+ 2011-04-28 20:26 . 2011-04-28 20:26 3651072 c:\windows\Installer\1202f4c.msp
+ 2011-04-28 19:26 . 2011-04-28 19:26 3994624 c:\windows\Installer\1202f2a.msp
+ 2011-04-28 20:13 . 2011-04-28 20:13 1843712 c:\windows\Installer\1202ef7.msp
+ 2011-04-28 19:26 . 2011-04-28 19:26 2426880 c:\windows\Installer\1202ee7.msp
- 2012-01-18 08:55 . 2012-01-19 00:34 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-01-18 08:55 . 2012-01-20 16:44 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2012-01-18 08:55 . 2012-01-19 00:34 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-10-28 15:33 . 2010-10-28 15:33 1100152 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\SETUP.EXE
+ 2010-12-21 00:08 . 2010-12-21 00:08 5790056 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.6029\OSETUP.DLL
+ 2010-02-17 20:56 . 2010-02-17 20:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\WKCONV.EXE
+ 2010-02-28 01:55 . 2010-02-28 01:55 1040736 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\UMOUTLOOKADDIN.DLL
+ 2010-03-01 04:07 . 2010-03-01 04:07 2831768 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\STSLIST.DLL
+ 2010-03-30 07:29 . 2010-03-30 07:29 1177968 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ONFILTER.DLL
+ 2010-01-09 20:24 . 2010-01-09 20:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OIMG.DLL
+ 2010-02-28 01:19 . 2010-02-28 01:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OFFOWC.DLL
+ 2010-03-29 20:48 . 2010-03-29 20:48 6629808 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\NL7MODELS0011.DLL
+ 2010-03-29 20:48 . 2010-03-29 20:48 2460080 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\NL7LEXICONS0011.DLL
+ 2010-03-29 20:47 . 2010-03-29 20:47 7467440 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\NL7DATA0011.DLL
+ 2012-01-18 08:53 . 2012-01-18 08:53 1689472 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\LOBISYNC.DLL
+ 2010-03-30 07:36 . 2010-03-30 07:36 5496688 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IPEDITOR.DLL
+ 2010-03-30 07:36 . 2010-03-30 07:36 5867896 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\IPDESIGN.DLL
+ 2010-03-30 07:36 . 2010-03-30 07:36 1734000 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\INFOPATH.EXE
+ 2010-03-12 21:45 . 2010-03-12 21:45 4299648 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GRAPH.EXE
+ 2010-03-01 04:08 . 2010-03-01 04:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\GFX.DLL
+ 2010-02-20 16:20 . 2010-02-20 16:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FM20.DLL
+ 2010-01-18 19:59 . 2010-01-18 19:59 2182040 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ASSAPIFE.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACEWDAT.DLL
+ 2010-03-23 09:55 . 2010-03-23 09:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACECORE.DLL
+ 2010-03-24 19:28 . 2010-03-24 19:28 1449312 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCICONS.EXE
+ 2012-01-18 08:54 . 2012-01-18 08:54 1857400 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\ACCESS.DLL
+ 2012-01-21 16:40 . 2012-01-21 16:40 2034688 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\5c8ad6ab883df8044d8d7f474c8b16be\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 1117184 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\5be8cdb1f33142b52ff128672b87d70b\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\373e114bba9eeabeef6c90bb57cec250\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\027bac94fcf73a9bf17802dc66182095\Microsoft.Office.Tools.Word.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\b256341c2a367f33af895485bb309e63\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-01-21 16:39 . 2012-01-21 16:39 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\7f231ac348acc848236c5a2878f6706a\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-01-20 16:44 . 2012-01-20 16:44 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
- 2011-10-16 11:30 . 2011-10-16 11:30 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
- 2011-10-16 14:28 . 2011-10-16 14:28 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 3238400 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\ce4585c5d5730daacd0d1e709a21efd2\Microsoft.Office.BusinessData.ni.dll
+ 2012-01-20 16:44 . 2012-01-20 16:44 1564672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\b5f035ed367de31fb3c49d0e83060002\Microsoft.Office.BusinessApplications.Runtime.ni.dll
+ 2012-01-20 16:45 . 2012-01-20 16:45 4752384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\2500054cf96b7709cb17b45c6c790546\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
- 2012-01-18 08:54 . 2012-01-18 08:54 1857400 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 1857400 c:\windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Access\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2012-01-20 16:43 . 2012-01-20 16:43 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
- 2012-01-18 08:53 . 2012-01-18 08:53 1689472 c:\windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.SyncServices\14.0.0.0__71e9bce111e9429c\Microsoft.Office.BusinessApplications.SyncServices.dll
- 2011-09-21 22:35 . 2012-01-19 00:35 16881920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3153752710-2568903584-3459727460-1000-8192.dat
+ 2011-09-21 22:35 . 2012-01-26 13:44 16881920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3153752710-2568903584-3459727460-1000-8192.dat
+ 2012-01-19 17:24 . 2012-01-19 17:24 12905472 c:\windows\Installer\41ee3.msi
+ 2011-04-28 22:28 . 2011-04-28 22:28 16972800 c:\windows\Installer\1203126.msp
+ 2011-04-28 22:28 . 2011-04-28 22:28 11056128 c:\windows\Installer\120311d.msp
+ 2011-04-28 19:34 . 2011-04-28 19:34 11155456 c:\windows\Installer\1203115.msp
+ 2011-04-28 22:28 . 2011-04-28 22:28 15230976 c:\windows\Installer\120310d.msp
+ 2011-04-28 20:50 . 2011-04-28 20:50 14219776 c:\windows\Installer\1202f99.msp
+ 2011-04-28 19:27 . 2011-04-28 19:27 14467072 c:\windows\Installer\1202f56.msp
+ 2011-04-28 19:27 . 2011-04-28 19:27 13031936 c:\windows\Installer\1202f1b.msp
+ 2010-03-01 04:09 . 2010-03-01 04:09 13988704 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\MSACCESS.EXE
+ 2012-01-21 16:39 . 2012-01-21 16:39 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\06e5638d1925f6cf87ff8fad1ef06d75\System.Core.ni.dll
- 2011-10-15 15:21 . 2011-10-15 15:21 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\06e5638d1925f6cf87ff8fad1ef06d75\System.Core.ni.dll
+ 2012-01-20 16:44 . 2012-01-20 16:44 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
- 2011-10-16 11:30 . 2011-10-16 11:30 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
+ 2011-04-28 19:33 . 2011-04-28 19:33 425345024 c:\windows\Installer\12030f9.msp
.
-- Snapshot teruggezet naar huidige datum (placed to current date) --

theolugs · Jan 28, 2012

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Larz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Larz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Larz\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-18 546608]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-18 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-31 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-29 2361344]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 17:28]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000Core.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153752710-2568903584-3459727460-1000UA.job
- c:\users\Larz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 08:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Larz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Larz\AppData\Roaming\Mozilla\Firefox\Profiles\1q5lh36e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.http - 10.1.66.12
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-01-26 15:31:40
ComboFix-quarantined-files.txt 2012-01-26 14:31
ComboFix2.txt 2012-01-19 14:06
ComboFix3.txt 2012-01-17 12:59
.
Pre-Run: 483.103.694.848 bytes free
Post-Run: 483.053.600.768 bytes free
.
- - End Of File - - 130876E2B67EDC9C6451DDA4CD4DA1D7

ESET did not produce log.

issue with "illegal operation attempted on object marked for deletion" is resolved.

VAIO preinstalled programs seem to be just crappy freeware according to forums and review. looking into unistalling them, i'm on that now.

Bobbye · Jan 30, 2012

Okay, looking good. A couple of entries to check in HijackThis:

Please reopen HijackThis to 'do system scan only.' Check each of the following- if found:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

Close all Windows except HijackThis and click on "Fix Checked."
======================================
Question: Did you set this up?
2012-01-16 13:16:20 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
=======================================
Comment: The proxy is still in Firefox: FF - prefs.js: network.proxy.http_port - 8080
Did you reset the proxy per my Reply #11?
========================================
Have all of the problems been resolved?

theolugs · Feb 1, 2012

found and removed 6 of 7 via HijackThis, it did show an alert before scanning saying
'system denied acces to Hosts files' c:/windows/system32/drivers/etc/hosts

about the C:\Windows\SysWow64\TempWmicBatchFile.bat , i looked it up and found it was created 29-09-2011, this being around the date bought it. it was last modified today according to the properties details.

I'm sure I didn't create it myself, because I don't usually dare messing with data in that area.

I did reset the proxy, yet I need to use certain proxy to acces wireless internet at school. I'll reset it again.

haven't noticed ant problems lately, no signs of malware activities that i'd relate to the infection I stumbled upon.
I am sometimes coping with my pc not wanting to shut down. although it only occurs when I had it in sleep mode for a while and then shut it down about an hour later.
It keeps showing the 'shutting down' screen, even after I once let it run for more than 20mins.

theolugs · Feb 1, 2012

Later that day I researched my shutdown probs. Yet I didn't find what I was looking for, however I did find that an app named avscanningservice.exe was probably the malware I caught.
the log showed the .exe interferred with the startup process. I tried looking up the file, but returned no result .. Hopefully it's deletedby CF or others, but i'm not sure it is.

other then that, the VAIOcare apps are also interferring with the startup and shutdown process.
I began running the less useless VAIO programs yesterday to see what they're about:
Care; runs tests on my drivers so the cause of errors can be found
update: checks in with VAIO for updates on VAIO systems
there's only one possible problem: they don't have an uninstaller .. so now i'm not savvy about removing them as i must do this manually in Control Panel.

Bobbye · Feb 1, 2012

The best order to do an uninstall is:

1. See if program has it's own uninstaller. If it does, use it.
2. If no uninstaller in program, then use Add/Remove Programs.
After you uninstall a program, use Windows Explorer (Win key + E) to access Computer> Local Drive (usually C)> Programs> find program folder for each uninstalled program and do a Right Click> Delete.
3. IF neither #1 or #2 is available, you can use the Windows Installer Cleanup Utility to remove the program.

An alternative for removing the useless preloads is the PC Decrapifier. (I am not sure whether this works on Win 7.

theolugs · Feb 3, 2012

Thanks for your help sir, I'm glad I had a pro workin' on this that provided such good service!.
I'll remove the preloads by your suggestions.
and can I be sure that the malware infection is removed ?

Bobbye · Feb 3, 2012

Are you connected to a work network> I did some searching for the AVScanningService.exe

AVScanningService.exe is part of Prevention AV Scanning Service developed by Preventon Technologies Limited. This task protect your system against viruses, Trojan horses and other threats: >Gateway AntiVirus and Intrusion Prevention

Stability>> How stable is AVScanningService.exe> This process is quite unstable.
The following problems where reported :
* AVScanningService.exe crashes sometimes.
* AVScanningService.exe sometimes does not respond anymore
* AVScanningService.exe regular uses 100% of the CPU.

This definitely seems like heavy coverage for a home PC. It refers to AV scanning, but also mentions firewall. I don't see any processes in the logs that I can identify- no installed program, driver or Service.. However, based on what I read and the problem it is causing by hanging, this would appear to b something you are better off without.

If you use a network work server, you will need to check with the work IT before doing anything. If it is not network work related, you can try booting into Safe Mode, then searching the system for AVScanningService.exe or possibly Gateway or Prevention***.

It appears that this product has to be purchased. The consensus is that few think it needs to be running or is essential to the system. It is thought to be a legitimate product, although there isn't much out there about 'need'.
===============================

I did find that an app named avscanningservice.exe was probably the malware I caught.

This is coming up as a legitimate file. But I'd like you to check the Event Viewer. You will look in the Application log. Error will most likely be App Hang ID #1002. If you can find one of those for this process, double click on it, click on the Copy button and either paste the error here or give me the Description.

Click on Start> Run> type in Eventvwr.msc> Enter> Application log.

theolugs · Feb 4, 2012

most of the time I'm connected to my home network at my dorm, weekends at my parents home connection (wireless) and in school I'm sometimes connected to the school network. that only happens once every 2 weeks.

the info you found on the AVScanningService.exe is not that similar to what I found:
I found that certain sites claim this is an non-risk app created by preventon.
yet some forums (bout 3 I found) say the file was related to spyware infections such as my case (win7 antspyware ..).
Plus I never installed any AV or whatever protection other then my MS security essentials.
I will follow your instructions on locating the file in safe mode and post results in next reply.

checking the Event Viewer:
windows logs>application:
found 1 game app hang, several explorer.exe hangs and Foxit pdf reader hangs.

Log Name: Application
Source: Application Hang
Date: 17/10/2011 17:16:10
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program FoxitReader502.0718_enu_Setup.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: fc0
Start Time: 01cc8cdb3443ecaa
Termination Time: 0
Application Path: C:\Users\Larz\AppData\Local\Temp\is-0Q8BN.tmp\FoxitReader502.0718_enu_Setup.tmp
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-10-17T15:16:10.000000000Z" />
<EventRecordID>6831</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>51.1052.0.0</Data>
<Data>fc0</Data>
<Data>01cc8cdb3443ecaa</Data>
<Data>0</Data>
<Data>C:\Users\Larz\AppData\Local\Temp\is-0Q8BN.tmp\FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>
</Data>
<Binary>54006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 23/09/2011 16:18:36
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program firefox.exe version 6.0.2.4262 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 630
Start Time: 01cc79f79189d294
Termination Time: 82
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: e8f14cf2-e5ee-11e0-8325-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-09-23T14:18:36.000000000Z" />
<EventRecordID>2796</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>firefox.exe</Data>
<Data>6.0.2.4262</Data>
<Data>630</Data>
<Data>01cc79f79189d294</Data>
<Data>82</Data>
<Data>C:\Program Files (x86)\Mozilla Firefox\firefox.exe</Data>
<Data>e8f14cf2-e5ee-11e0-8325-78843ce85d04</Data>
<Binary>55006E006B006E006F0077006E0000000000</Binary>
</EventData>
</Event>

theolugs · Feb 4, 2012

Log Name: Application
Source: Application Hang
Date: 29/01/2012 14:37:30
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 157c
Start Time: 01ccde89bf644792
Termination Time: 65
Application Path: C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
Report Id: 0b779fdd-4a7e-11e1-a27f-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-29T13:37:30.000000000Z" />
<EventRecordID>19724</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>chrome.exe</Data>
<Data>16.0.912.77</Data>
<Data>157c</Data>
<Data>01ccde89bf644792</Data>
<Data>65</Data>
<Data>C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe</Data>
<Data>0b779fdd-4a7e-11e1-a27f-78843ce85d04</Data>
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 29/01/2012 20:58:04
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 150c
Start Time: 01ccde8b2a59f9bf
Termination Time: 19
Application Path: C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe
Report Id: 8c6f9598-4ab3-11e1-a27f-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-29T19:58:04.000000000Z" />
<EventRecordID>19747</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>chrome.exe</Data>
<Data>16.0.912.77</Data>
<Data>150c</Data>
<Data>01ccde8b2a59f9bf</Data>
<Data>19</Data>
<Data>C:\Users\Larz\AppData\Local\Google\Chrome\Application\chrome.exe</Data>
<Data>8c6f9598-4ab3-11e1-a27f-78843ce85d04</Data>
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 15/01/2012 17:35:43
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 174c
Start Time: 01ccd39806211691
Termination Time: 0
Application Path: C:\Windows\explorer.exe
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-01-15T16:35:43.000000000Z" />
<EventRecordID>17450</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>explorer.exe</Data>
<Data>6.1.7601.17567</Data>
<Data>174c</Data>
<Data>01ccd39806211691</Data>
<Data>0</Data>
<Data>C:\Windows\explorer.exe</Data>
<Data>
</Data>
<Binary>430072006F00730073002D00740068007200650061006400000044006500610064006C006F0063006B0000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 24/11/2011 0:04:45
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 454
Start Time: 01ccaa3319fe7081
Termination Time: 121
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-11-23T23:04:45.000000000Z" />
<EventRecordID>11803</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>wmplayer.exe</Data>
<Data>12.0.7601.17514</Data>
<Data>454</Data>
<Data>01ccaa3319fe7081</Data>
<Data>121</Data>
<Data>C:\Program Files (x86)\Windows Media Player\wmplayer.exe</Data>
<Data>
</Data>
<Binary>430072006F00730073002D00700072006F006300650073007300000054006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000</Binary>
</EventData>
</Event>

theolugs · Feb 4, 2012

Log Name: Application
Source: Application Hang
Date: 17/10/2011 16:35:55
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program FoxitReader502.0718_enu_Setup.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13b4
Start Time: 01cc8cd92fbc0917
Termination Time: 16
Application Path: C:\Users\Larz\AppData\Local\Temp\is-2BQF8.tmp\FoxitReader502.0718_enu_Setup.tmp
Report Id:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-10-17T14:35:55.000000000Z" />
<EventRecordID>6753</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>51.1052.0.0</Data>
<Data>13b4</Data>
<Data>01cc8cd92fbc0917</Data>
<Data>16</Data>
<Data>C:\Users\Larz\AppData\Local\Temp\is-2BQF8.tmp\FoxitReader502.0718_enu_Setup.tmp</Data>
<Data>
</Data>
<Binary>54006F00700020006C006500760065006C002000770069006E0064006F0077002000690073002000690064006C00650000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 27/09/2011 11:00:44
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e68
Start Time: 01cc7cf37eaae7a5
Termination Time: 31
Application Path: C:\Windows\Explorer.EXE
Report Id: 2b20b407-e8e7-11e0-b98f-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-09-27T09:00:44.000000000Z" />
<EventRecordID>3759</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>Explorer.EXE</Data>
<Data>6.1.7601.17567</Data>
<Data>e68</Data>
<Data>01cc7cf37eaae7a5</Data>
<Data>31</Data>
<Data>C:\Windows\Explorer.EXE</Data>
<Data>2b20b407-e8e7-11e0-b98f-78843ce85d04</Data>
<Binary>430072006F00730073002D0074006800720065006100640000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 2/02/2012 14:13:09
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Doc
Description:
The program warsow_x64.exe version 0.6.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 13c4
Start Time: 01cce1ac4141baf6
Termination Time: 195
Application Path: C:\Program Files (x86)\Warsow 0.6\warsow_x64.exe
Report Id: 99c03805-4d9f-11e1-a39e-78843ce85d04

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-02T13:13:09.000000000Z" />
<EventRecordID>20290</EventRecordID>
<Channel>Application</Channel>
<Computer>Doc</Computer>
<Security />
</System>
<EventData>
<Data>warsow_x64.exe</Data>
<Data>0.6.1.0</Data>
<Data>13c4</Data>
<Data>01cce1ac4141baf6</Data>
<Data>195</Data>
<Data>C:\Program Files (x86)\Warsow 0.6\warsow_x64.exe</Data>
<Data>99c03805-4d9f-11e1-a39e-78843ce85d04</Data>
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>

next reply I'll add the search results for the avscanningservice.exe in safe mode like you instructed.

every error ID 1002 I have posted above, it's all I found. I hope this is the info you requested.

theolugs · Feb 5, 2012

after searching in control panel>performance info and tools >advanced I found a startup error by avscanningdevice.exe , though it was a ID 101.
thought I should post it

Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Microsoft-Windows-Diagnostics-Performance
Date: 16/01/2012 0:24:31
Event ID: 101
Task Category: Boot Performance Monitoring
Level: Error
Keywords: Event Log
User: LOCAL SERVICE
Computer: Doc
Description:
This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service
Version : 1.5.76
Total Time : 66553ms
Degradation Time : 59053ms
Incident Time (UTC) : ‎2012‎-‎01‎-‎15T23:21:08.671600300Z
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}" />
<EventID>101</EventID>
<Version>1</Version>
<Level>2</Level>
<Task>4002</Task>
<Opcode>33</Opcode>
<Keywords>0x8000000000010000</Keywords>
<TimeCreated SystemTime="2012-01-15T23:24:31.314195900Z" />
<EventRecordID>1013</EventRecordID>
<Correlation ActivityID="{032B0C50-F800-0002-6444-995CDCD3CC01}" />
<Execution ProcessID="1692" ThreadID="3896" />
<Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
<Computer>Doc</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="StartTime">2012-01-15T23:21:08.671600300Z</Data>
<Data Name="NameLength">22</Data>
<Data Name="Name">AVScanningService.exe</Data>
<Data Name="FriendlyNameLength">30</Data>
<Data Name="FriendlyName">Preventon AV Scanning Service</Data>
<Data Name="VersionLength">7</Data>
<Data Name="Version">1.5.76</Data>
<Data Name="TotalTime">66553</Data>
<Data Name="DegradationTime">59053</Data>
<Data Name="PathLength">88</Data>
<Data Name="Path">C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe</Data>
<Data Name="ProductNameLength">30</Data>
<Data Name="ProductName">Preventon AV Scanning Service</Data>
<Data Name="CompanyNameLength">31</Data>
<Data Name="CompanyName">Preventon Technologies Limited</Data>
</EventData>
</Event>

theolugs · Feb 6, 2012

searching for the avscanningservice.exe in safe mode didn't return any results.
Hope I gave you useful enough info in the last posts.

thanks for the help ! I really appreciate it !

Bobbye · Feb 7, 2012

Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.

Bobbye · Feb 10, 2012

Thank you for your patience.
About this:

About this:
the info you found on the AVScanningService.exe is not that similar to what I found:
I found that certain sites claim this is an non-risk app created by preventon.
yet some forums (bout 3 I found) say the file was related to spyware infections such as my case (win7 antspyware ..).
Plus I never installed any AV or whatever protection other then my MS security essentials.
I will follow your instructions on locating the file in safe mode and post results in next reply.

Please be advised that I have the WOT> Web of Trust Site Advisor enabled for all my searches. It rates site in Red, Yellow and Green, which are like traffic lights. I only access sites that are rated Green> this tells me that the 4 rating criteria of 1. Trustworthy, Vendor Reliability, Privacy and Child Safety are good to excellent. Most of the time, when I don't recognize an entry, many of the sites are rated Red. I do not use any of them so that I can be assured that what I find is accurate.

This is my way of telling you it's possible you may have gotten information about the entry from one of the 'red' sites. An it's also possible that if you did, you may have gotten additional malware.
=======================================
On the App hangs: Theses are all different dates and times. Without information about what you were doing when the errors occurred, all I can do is say this:
#1, 2, 3, 5, 6> If any of these are on the Startup Menu (check using Start> Run> msconfig> Startup tab) uncheck any process related to each. None need to start on boot. They can be launched from All Programs as needed.
1. FoxIT Reader> Date: 17/10/2011 17:16:10

The program FoxitReader502.0718_enu_Setup.tmp version 51.1052.0.0

This is the setup file. FoxIt may not be installed correctly. Delete the setup you have now. Download fresh and install again. If the setup file (tmp) doesn't delete once it's installed, do a right click> Delete on the setup> you no longer need it.
2. Firefox> Date: 23/09/2011 16:18:36
3. Chrome> Date: 29/01/2012 20:58:04
4. Explorer> Date: 15/01/2012 17:35:43 (Windows Explorer)
If this continues, please check the Troubleshooting help for Win 7 HERE.
5. Windows Media Player: Date: 24/11/2011 0:04:45
6. Warsow 0.6\warsow_x64.exe: Date: 2/02/2012 14:13:09>>

System Requirements
Windows® 95 or NT 4.0 with 100% compatible computer system
Pentium® 90 MHz Processor (133 MHz recommended)
Memory: Win 95 - 16 MB RAM Required
Win NT 4.0 - 24 MB RAM Required

Please see information HERE for 64bit.

7. Microsoft-Windows-Diagnostics-Performance: Date: 16/01/2012 0:24:31This application took longer than usual to start up, resulting in a performance degradation in the system startup process:
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service
Remove from Startup
Click on Start> Run> type in services.msc> enter> Look for Service in either of the above names> Double click to open> If it's set to Automatic Startup Type change to Manual. If it's set to Manual change to Disabled. In either case, stop the Service.
Note: if you cannot handle #7 in Normal Mode, boot into Safe Mode and make the change.
==========================================
For the .bat file:
Please navigate to c:\windows\SysWow64\TempWmicBatchFile.bat and do a right click? Delete
=========================================

theolugs · Feb 18, 2012

I deleted the bat file succesfully
searched for the AVscanningservice.exe, and found where it came from. it's not a virus, it was a part of an antispyware I downloaded before consulting this community (think it was part of spywaredoctor or so) when I unistalled the whole program after seeing it was a pay service, I forgot about it. in other words: it was already gone by uninstalling the affliated program.

thanks for the instructions on the errors, already tried the browser ones, haven't experienced crashes anymore since.

and thanks very much for the WOT add on, it's already been a real help everyday !

theolugs · Feb 18, 2012

almost forgot the msconfig info, thanks for that too, so many useless progs that start on boot !
you've been a real help, thanks !

Bobbye · Feb 18, 2012

Regarding this:

it only occurs when I had it in sleep mode for a while and then shut it down about an hour later.
It keeps showing the 'shutting down' screen, even after I once let it run for more than 20mins.

If it's a laptop and you close the lid, it most likely is set to 'sleep'. If you open the machine- but plan to close it down shortly, be sure it fully 'wakes up' before you shut down. Then go to Start> Shutdown> Make sure the dialog box shows 'Shut Down', then click on Okay.
================================================
This error:
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service
Appears that it was set to scan when you started up. There isn't much sense in wasting load time and resources doing a scan on Startup.

My source for the avscanningservice.exe was:http://systemexplorer.net/db/avscanningservice.exe.html
File Name : AVScanningService.exe
Friendly Name : Preventon AV Scanning Service>>
Linked to About Gateway AntiVirus and Intrusion Prevention here:
http://www.backgroundtask.eu/Systeemtaken/taakinfo/30678/AVScanningService.exe/

I did not find any indication that this is not a legitimate program. Keep in mind that I only search on sites given the green light by WOT. Checking on any site rated red cannot be considered reliable information.
===========================================
The following may help you with the VAIO Processes:
Change Sony VAIO Services to Manual:
Start> Run> type services.msc> enter> click on each of the following Services>Change the Startup type to MANUAL> Stop the Service.

:
Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
VAIO Entertainment Aggregation and Control Service (may be VzRs or VzFw)
VAIO Entertainment File Import Service - (may be VzCdb)
VAIO Entertainment TV Device Arbitration Service - (may be VzCs)
VAIO Entertainment UPnP Client Adapter - (may be VCSW)
VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - (may be VMISrv)
VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - (may be SV_Httpd)
VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - (may be UPnPFramework)
VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - (may be VmGateway)
VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - (may be GPVSvr)
VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - (may be \SV_Httpd.)
VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - (may be UPnPFramework)

Sony Notebook Setup and Sony Utilities DLL need to be kept. Also keep "hotkey utility" if you want the Fn keys on your laptop to work. Other than that, you can get rid of everything.

AppMon Utility>> This utility updates the Sony AppMon Utility for Microsoft Windows Vista operating system compatibility.

Direct-Stream Digital (DSD) is the trademark name used by Sony and Philips for their system of recreating audible signals which uses pulse-density modulation encoding, a technology to store audio signals on digital storage media which is used for the Super Audio CD (SACD).
[o] DSD Direct
[o] DSD Direct Player
[o] DSD Playback Plug-in
This utility will install an updated version of the OpenMG™ Limited Patch to address an issue where the computer may restart when inserting or ejecting Memory Stick® media while SonicStage® software is starting.
[o] OpenMG Limited Patch 4.7-07-15-19-01
[o] OpenMG Secure Module 4.7.00

Settings Utility Series>> This utility updates the Setting Utility Series to version 2.0.00.11270 and provides compatibility with the Microsoft® Windows Vista™ ...

Sony Video Shared Library>> This utility updates the Sony® Video Shared Library to version 3.1.02.01170 to address the following issues:
[o]AVCHD™ video files may not play smoothly
[o]The default language of the installer is not set to English

======================================
If the problems have been resolved: Remove all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted
[o] Click START> then RUN
[o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.
[o] Double click OTCleanIt.exe.
[o] Click the CleanUp! button.
[o] If you are prompted to Reboot during the cleanup, select Yes.
[o]The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Set a new, clean Restore Point
[o] Click on Start> right click on Computer> Properties
[o] Select System Protection
[o] Click on the Create button (near bottom)
[o] Type a name for the Restore Point
[o] Click on Create again to save the restore point.

Deleting all but the most recent System Protection point in Windows 7
[o] Click Start> Computer> right click the C Drive and choose Properties> enter.
[o] Click Disk Cleanup from there.

[o] Click Clean up system files
This restarts Disk Cleanup to run in elevated mode.
[o] Click the More Options tab

[o] Click the Clean up under System Restore and Shadow Copies.
[o] Click OK.
[o] You will get a confirmation screen> Just click Delete.
[o] Click OK on the Disk Cleanup Screen.
[o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
Let me know if you have any questions.

TechSpot

[Solved] Win 7 'Antispyware' 2012 malware infection

theolugs Newcomer, in training

theolugs Newcomer, in training

theolugs Newcomer, in training

Bobbye Helper on the Fringe

theolugs Newcomer, in training

theolugs Newcomer, in training

Bobbye Helper on the Fringe

theolugs Newcomer, in training

Bobbye Helper on the Fringe

theolugs Newcomer, in training

theolugs Newcomer, in training

theolugs Newcomer, in training

theolugs Newcomer, in training

theolugs Newcomer, in training

Bobbye Helper on the Fringe

Bobbye Helper on the Fringe

theolugs Newcomer, in training

theolugs Newcomer, in training

Bobbye Helper on the Fringe