Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Win7x64 is being used as a server


  • This topic is locked This topic is locked
22 replies to this topic

#1 - Amy -

- Amy -

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 23 October 2011 - 10:58 AM

This behavior started on my previous Win7x64 computer. Every attempt to fix it failed, even a clean install of Windows. So I bought a new laptop. Within a few days it showed some of the same behavior, and now -- a month later -- it's completely taken over like my old computer. Yet, malware scans have never found anything on either computer. Attached File  B1 Gathering my data then setting up bluetooth and video drivers.txt   16.1KB   3 downloadsAttached File  Attach.txt   14.86KB   2 downloadsAttached File  A2 WmiPrvSE.exe to post.txt   23.22KB   2 downloads

I don't know what else to do. I'd appreciate any help in restoring my hard-drive layout, my network security, and control of my system. If you know of others who have solved something like this, a link to that would be great as well. Thanks in advance

--------------------------------------------------
ATTACHED
--------------------------------------------------
-- The DDS content is pasted below; the "Attach.txt" file is attached.
-- Process Explorer screenshots (A1) and script (A2) of a hijacked WmiPrvSE.exe (showing owners, activity, script, etc.).
-- txt files (A2 and B1) showing scripts this malware runs, to see how it operates.

--------------------------------------------------
PRIMARY SYMPTOMS
--------------------------------------------------
1. MY COMPUTER CONFIGURES ITSELF, AND I CAN'T CHANGE IT.

-- When I try to change it's settings or stop it from accessing the network, for example, it blocks my access, or it has scripts that over-ride or get around my attempts to secure the system.

-- For example, see attachments A1 and A2 showing it running Dcom Launch at startup, and tieing it to essential system processes (so killing the process would shut down the computer).

-- Its settings focus on things related to networking, remote procedures, and videos. It appears to be trying to videotape me and/or track my activity. It has set up a LOT of audio and video drivers. Some of the audio devices had the microphones on; The video drivers are configured to ATTACH.TODESKTOP which I believe means whatever I see on my screen is also sent to another monitor.

2. THERE ARE OTHER USERS THAT SHOW UP, EVEN AS OWNERS.

-- See attachment A1 for examples.

-- I have found Recycle Bins that have a $ in their name, and their contents are another recycle bin and what appears to be a user profile. I don't know if this is related, but I saw something about this on another post and it appeared to be due to malware.

3. I HAVE LIMITED ACCESS TO MY HARD DRIVE, AND IT MAY HAVE BEEN MOVED.??

-- "Computer" is no longer on my start menu and Explorer doesn't show me the root directory (C:\) or any system folders. To get to them I have to type the path into Explorer, or search for a file in one of those directories then choose "Open File Location".

-- DiskPart refers to AMYS-PC as "online". Also, when I opened a file using Adobe Bridge, it launched Download Manager which downloaded my file from my hard drive, and listed this filepath: FILE:///C:/TEMP/LOGS/MSDFINE2.LOG

4. MY COMPUTER IS APPARENTLY BEING USED AS A SERVER.

-- At startup, it seemed every possible network connection was launched. I've disable a bunch, but it hasn't helped.

-- There are many calls to svchost followed by an extention(?). In the Registry, it shows that each extention calls up a long list of settings and services (elevating their privileges, running configuration files, starting remote procedure activities, etc.). The networking activity is started without my knowledge or permission, and I can't stop it.

-- Running TCPView shows realtime activity, often involving dozens of websites and IP addresses.

5. ALL OF THIS IS HAPPENING, BUT NO SCAN HAS DETECTED MALWARE.

-- It seems like several system files have been replaced, but file check on Microsoft's website says they are OK.

-- In case it helps, Ive attached some txt files (A2 and B1) with scripts that are run to show how this malware operates.


--------------------------------------------------
DDS
--------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Amys at 1:37:41 on 2011-10-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.10218 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Avanquest NetDefense Firewall *Disabled* {0F30DED7-ED39-6BCD-62F2-CB158C558FCC}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\AVANQU~1\SYSTEM~1\MxTask.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~2\AVANQU~1\SYSTEM~1\mxtask2.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit=userinit.exe
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
StartupFolder: C:\Users\Amys\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{AEB5D5BA-0E08-4B0C-93AF-E43B9252A123} : DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{EB3F860B-A14B-4324-8579-FEA25230CB63} : DhcpNameServer = 68.87.76.182 68.87.78.134
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
IE-X64: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\Windows\system32\drivers\SMR210.SYS --> C:\Windows\system32\drivers\SMR210.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111021.030\IDSviA64.sys [2011-10-21 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 .AVQWindowsMonitorService;SystemSuite Process Monitor;C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe [2011-9-9 288000]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-9-25 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-27 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-6 2655768]
R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-12 136824]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\system32\DRIVERS\fspad_win764.sys --> C:\Windows\system32\DRIVERS\fspad_win764.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AQFileRestore;AQFileRestore;C:\Windows\system32\DRIVERS\AQFileRestore.sys --> C:\Windows\system32\DRIVERS\AQFileRestore.sys [?]
S3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\system32\DRIVERS\bthprint.sys --> C:\Windows\system32\DRIVERS\bthprint.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-6 79360]
S3 KFilter;KFilter;C:\PROGRA~2\AVANQU~1\SYSTEM~1\KFilter.sys [2011-9-9 45968]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TFilter;TFilter;C:\PROGRA~2\AVANQU~1\SYSTEM~1\TFilter.sys [2011-9-9 36192]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Premier Elements 10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
S4 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-8-6 113840]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2011-10-23 08:36:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0233D410-9CEA-440A-8F30-4995E4791C74}\offreg.dll
2011-10-22 12:32:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-22 12:19:08 17288 ----a-w- C:\Windows\System32\drivers\Dbgv.sys
2011-10-22 09:15:48 -------- d-----w- C:\Users\Amys\AppData\Roaming\T55
2011-10-22 08:50:32 -------- d-----w- C:\Program Files (x86)\Auslogics
2011-10-21 17:37:34 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0233D410-9CEA-440A-8F30-4995E4791C74}\mpengine.dll
2011-10-20 17:23:07 -------- d-----w- C:\Temp
2011-10-20 05:19:18 -------- d-----w- C:\Users\Amys\AppData\Roaming\Nik Software
2011-10-20 02:57:58 -------- d-----w- C:\Users\Amys\AppData\Local\Nik Software
2011-10-20 02:57:55 -------- d-----w- C:\ProgramData\Nik Software
2011-10-20 02:57:52 -------- d-----w- C:\Program Files\Nik Software
2011-10-19 23:44:19 -------- d-----w- C:\Users\Amys\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-10-19 23:07:32 -------- d-----w- C:\Program Files (x86)\FastStone Player
2011-10-19 23:07:26 -------- d-----w- C:\Program Files (x86)\FastStone Capture
2011-10-19 23:07:17 -------- d-----w- C:\Program Files (x86)\FastStone MaxView
2011-10-19 23:06:58 -------- d-----w- C:\Program Files (x86)\FastStone Photo Resizer
2011-10-19 23:05:37 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer
2011-10-19 17:03:52 -------- d-----w- C:\Users\Amys\AppData\Roaming\Printer's Apprentice
2011-10-19 17:03:52 -------- d-----w- C:\ProgramData\Printer's Apprentice
2011-10-19 17:03:40 -------- d-----w- C:\Users\Amys\AppData\Local\Caphyon
2011-10-19 17:03:38 -------- d-----w- C:\Program Files (x86)\Printer's Apprentice
2011-10-19 14:42:31 -------- d-----w- C:\Users\Amys\--- INSTALLATION FILES ---
2011-10-19 14:40:11 -------- d-----w- C:\Users\Amys\--- APPS ---
2011-10-19 14:26:00 -------- d-----w- C:\Program Files (x86)\The Extractor
2011-10-19 12:20:10 -------- d-----w- C:\Users\Amys\AppData\Local\Opera
2011-10-19 11:18:31 -------- d-----w- C:\Program Files (x86)\SmartSound Software
2011-10-19 11:18:15 -------- d-----w- C:\ProgramData\SmartSound Software Inc
2011-10-19 11:13:35 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-10-19 11:13:35 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-10-19 11:13:35 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-10-19 11:12:04 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2011-10-19 11:12:04 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-10-19 08:55:11 -------- d-----w- C:\Users\Amys\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-10-19 00:11:10 -------- d-----w- C:\Users\Amys\Zenmaps
2011-10-18 20:14:30 710 ----a-w- C:\Users\Amys\advanced_ip_scanner_Favorites.bin
2011-10-18 17:17:29 -------- d-----w- C:\Users\Amys\.zenmap
2011-10-18 16:52:43 -------- d-----w- C:\Program Files (x86)\Belarc
2011-10-18 16:48:02 -------- d-----w- C:\Program Files\WinPcap
2011-10-18 16:47:40 -------- d-----w- C:\Program Files (x86)\Nmap
2011-10-18 16:33:51 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2011-10-18 16:09:56 -------- d-----w- C:\Users\Amys\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2011-10-18 11:09:19 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-17 18:50:41 282 ----a-w- C:\Users\Amys\advanced_ip_scanner_MAC.bin
2011-10-17 15:58:04 -------- d-----w- C:\Program Files (x86)\Advanced IP Scanner v2
2011-10-16 18:24:18 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-16 12:28:36 -------- d-----w- C:\Users\Amys\AppData\Local\Avanquest_Software
2011-10-16 12:04:55 -------- d-----w- C:\Program Files\CCleaner
2011-10-15 19:38:36 -------- d-sh--r- C:\_Backup.RC
2011-10-15 19:09:21 -------- d--h--w- C:\_Backup
2011-10-15 18:53:42 17168 ----a-w- C:\Windows\System32\drivers\AQFileRestore.sys
2011-10-15 18:53:22 -------- d-----w- C:\Users\Amys\AppData\Roaming\Avanquest
2011-10-15 18:53:18 -------- d-----w- C:\ProgramData\Avanquest
2011-10-15 18:53:18 -------- d-----w- C:\Program Files (x86)\Avanquest
2011-10-14 14:48:46 27016 ----a-w- C:\Windows\SysWow64\drivers\PROCEXP141.SYS
2011-10-13 15:38:27 -------- d-----w- C:\Users\Amys\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-10-13 15:38:27 -------- d-----w- C:\Users\Amys\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-10-13 11:59:54 -------- d-----w- C:\Users\Amys\AppData\Roaming\GlarySoft
2011-10-13 11:51:42 -------- d-----w- C:\Program Files (x86)\Glary Utilities Pro
2011-10-13 05:24:45 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2011-10-13 05:19:04 -------- d-----w- C:\ProgramData\Cisco Systems
2011-10-13 05:12:53 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-10-12 12:17:10 -------- d-----w- C:\Users\Amys\AppData\Local\Amazon
2011-10-11 19:44:34 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-11 19:44:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-11 19:44:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-11 19:44:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-11 19:44:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-11 19:44:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-11 19:44:23 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 19:44:23 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-11 19:44:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-11 01:50:53 19936 ------w- C:\Windows\System32\pwdrvio.sys
2011-10-11 01:50:53 1002056 ----a-w- C:\Windows\System32\pwNative.exe
2011-10-11 01:50:52 13280 ------w- C:\Windows\System32\pwdspio.sys
2011-10-11 01:50:48 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard Home 7.0
2011-10-10 23:31:24 -------- d-----w- C:\Users\Amys\AppData\Roaming\Malwarebytes
2011-10-10 23:30:53 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-10 23:30:49 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-10 23:30:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-10 22:33:53 -------- d-----w- C:\Users\Amys\AppData\Local\DuplicateCleaner
2011-10-10 22:33:30 -------- d-----w- C:\Program Files (x86)\Duplicate Cleaner
2011-10-10 14:46:36 -------- dc----w- C:\Users\Amys\AppData\Local\MigWiz
2011-10-10 03:44:54 -------- d-----w- C:\Users\Amys\AppData\Local\Adobe
2011-10-09 23:01:26 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-10-09 23:01:20 -------- d-----w- C:\Windows\SHELLNEW
2011-10-09 23:00:59 -------- d-----w- C:\Users\Amys\AppData\Local\Microsoft Help
2011-10-09 09:20:47 -------- d-----w- C:\Users\Amys\AppData\Roaming\SeriousBit
2011-10-03 18:41:22 -------- d-----w- C:\Program Files\FSP
2011-10-01 19:58:29 -------- d-----w- C:\Users\Amys\AppData\Roaming\PeerNetworking
2011-10-01 14:17:13 250368 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp101.dll
2011-10-01 14:17:13 250368 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\1_hpfpp101.dll
2011-10-01 14:17:11 641664 ----a-w- C:\Windows\System32\hpzids40.dll
2011-10-01 14:17:10 136704 ----a-w- C:\Windows\System32\hpf3l101.dll
2011-10-01 12:05:42 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-01 12:05:42 -------- d-----w- C:\Windows\System32\Wat
2011-10-01 03:47:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-01 03:47:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-10-01 03:47:41 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-10-01 03:47:41 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-10-01 03:47:40 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-10-01 03:07:37 96376 ----a-w- C:\Windows\System32\drivers\SMR210.SYS
2011-10-01 03:07:31 -------- d-----w- C:\Users\Amys\AppData\Local\NPE
2011-09-30 22:51:37 -------- d-----w- C:\Users\Amys\AppData\Local\CrashDumps
2011-09-30 22:50:06 -------- d-----w- C:\ProgramData\Geek Squad
2011-09-30 22:39:24 -------- d-----w- C:\Windows\Internet Logs
2011-09-30 16:33:55 -------- d-----w- C:\Program Files (x86)\Opera Internet Browser
2011-09-30 12:57:51 -------- d-----w- C:\Users\Amys\AppData\Local\Apps
2011-09-28 12:15:01 -------- d-----w- C:\Users\Amys\AppData\Local\ElevatedDiagnostics
2011-09-28 10:10:45 -------- d-----w- C:\ProgramData\Recovery
2011-09-27 05:57:20 -------- d-----w- C:\Users\Amys\AppData\Roaming\Roxio Log Files
2011-09-26 12:57:16 -------- d-----w- C:\Users\Amys\AppData\Local\Diagnostics
2011-09-26 03:12:38 -------- d-----w- C:\Windows\pss
2011-09-26 03:05:28 34288 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-09-26 03:05:26 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-09-26 03:05:26 -------- d-----w- C:\Program Files\Symantec
2011-09-26 03:05:26 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-09-26 03:05:19 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-09-26 03:05:19 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-09-26 03:05:11 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-09-26 03:05:09 -------- d-----w- C:\ProgramData\Norton
2011-09-26 03:05:09 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-09-26 02:46:49 -------- d-----w- C:\ProgramData\NortonInstaller
2011-09-26 02:46:49 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-09-26 02:36:21 -------- d-----w- C:\Users\Amys\AppData\Roaming\asus
2011-09-26 02:35:49 -------- d--h--w- C:\ProgramData\.syncID
2011-09-26 02:32:46 -------- d-----w- C:\Users\Amys\AppData\Roaming\ASUS WebStorage
2011-09-26 02:09:35 -------- d-----w- C:\Users\Amys\AppData\Roaming\Zeon
2011-09-25 22:06:32 -------- d-----w- C:\Users\Amys\AppData\Local\BMExplorer
2011-09-25 22:05:13 -------- d-----w- C:\Users\Amys\AppData\Local\VirtualStore
2011-09-25 22:05:05 -------- d-----w- C:\ProgramData\FolderView
2011-09-25 15:06:08 458840 ----a-w- C:\Windows\System32\drivers\~GLH0023.TMP
2011-09-25 15:02:00 -------- d-----w- C:\ProgramData\CheckPoint
2011-09-25 14:08:40 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-09-25 13:33:58 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-09-25 13:33:58 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-09-25 13:33:58 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-09-25 13:33:58 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-09-25 13:33:58 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-09-25 13:33:58 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-09-25 13:33:53 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-09-25 13:30:54 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
.
==================== Find3M ====================
.
2011-10-23 08:33:48 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-15 17:56:42 2621440 ---h--r- C:\G74Sx.BIN
2011-08-06 14:45:40 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-08-06 14:45:40 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-08-06 14:45:39 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-08-06 14:45:39 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-06 14:45:24 80512 ----a-w- C:\Windows\AsusScr_G74 Series_ENG Uninstaller.exe
2011-08-06 14:45:16 3058304 ----a-w- C:\Windows\AsScrPro.exe
.
============= FINISH: 1:37:54.79 ===============




BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 23 October 2011 - 11:23 AM

Hello - Amy -,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

3.
Are you connected to the internet through a router? If so we need to reset that router.
How to reset your Router.


Things to include in your next reply::
TdssKIller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 - Amy -

- Amy -
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 23 October 2011 - 08:55 PM

Hi, thank you SO much for taking the time to try to help me! Here are the results:

1. TDSSKiller found nothing, so no log is attached.

2. I have attached the log for Combofix. FYI I didn't realize the scan would take so long, so I only disabled my firewall & AV for 1 hour. I'm guessing they came back on during the scan. Sorry, I hope that didn't mess it up.

3. Effect on system... Unfortunately I don't see any change. I am measuring that by (1) looking for my root directory and system folders and (2) using TCPView to check on network activity. It is very active. I just uploaded a screenshot of TCPView in case it helps you.


Question: My internet connection worked fine after ComboFix and a reboot. Do I still need to reset my router?


Thanks again for your help!
Amy

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 23 October 2011 - 09:15 PM

Hello,


Yes, please reset your router. Do you have other machines connected to this router? If so please disconnect them until we get this machine clean. So the won't keep reinfecting each other.


1.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    afd.sys
    ntbt.sys
    cdrom.sys
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

3.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Things to include in your next reply::
OTl.txt
Extra.txt
aswMbr log
Mbam log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 26 October 2011 - 10:18 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 - Amy -

- Amy -
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 26 October 2011 - 10:53 AM

Hi, thanks again for your help.

First let me apologize for breaking a rule. I was SO frustrated yesterday that I signed up with Comcast (my ISP) for remote access virus removal then worked with Cisco tech support to get my router set up (about 5 hours total)

They fixed the issue with my Computer not being on the start menu (it was 3 registry settings), and managed to remove my SYMPTOMS (launching processes, opening ports, facilitating network traffic). However, it is already in full force again because we didn't address the SOURCE.

I have a subscription service with them, but I thought I'd try here first. I see so many issues resolved on this site -- this is a NASTY bot and I'm hoping you have actually seen something like this get cleaned out of a system.

-------------------------------

On the positive side, I have more info about the problem, and one item was fixed!

-- I definitely have a bot. They told me this, and it is evident in my network activity, its configuration of my system, it's ability to remain totally stealth even though it has taken over my system, and that my system tests clean for viruses.

-- It loads at startup and turns my computer into a domain and creates several virtual ports. My PRINTER is actually configured as a BOOTABLE device (I went into BIOS during startup to boot off my CD-ROM and saw my printer as a third option).

-- My computer was brand new a month ago. Now it's a mess! The bot's installations are extensive -- I have found logs and I have my system set up to record events, etc. I can re-install Windows if necessary, but need to find the source first or it will happen again.

-- I have bought an upgrade to Windows 7 Professional. (It's just a key, not the CDs; I have Home Premium now). If you think it could be helpful, I can install it.

--------------------------------

If you are familiar with this type of infection, I'd like to continue working with you. If you think Comcast would be just as likely to find a solution, I can go that route. But I'm concerned that they didn't look at things like my Task Scheduler or otherwise try to identify a source and prevent reinfection.

I hope you don't take offense to this since it's a donation-based site, but if you or someone you could refer me to had first hand experience eradicating a bot like this, I'd happily pay for a remote access clean up!

Thanks again for any assistance or guidance you can provide.

Amy






#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 26 October 2011 - 04:18 PM

Hello,


This is very Important step Take this machine off the net and leave it off the net. If you want my help you need to follow my direction specifically. If not I will not continue to help you. Please follow the direction given in post 4 and then will see about helping you get this problem sorted out

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 - Amy -

- Amy -
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 28 October 2011 - 06:54 AM

I completely understand why it's important that I follow your instructions precisely -- I came to this site because I trust your process.

Unfortunately, I have to meet a work deadline that requires me to be online for at least 3 or 4 more days (finalizing a Wordpress website). This bot is making me crazy, but I have to finish my work obligation first and then I guess I will just start a new thread.

One question before you go: If I am very responsive to instructions, can you guesstimate how many days I can expect to be offline?

Thanks again for your help and your patience,
Amy

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 28 October 2011 - 03:44 PM

One question before you go: If I am very responsive to instructions, can you guesstimate how many days I can expect to be offline?

Could be as little as one day and as long as three or four. It really depends how much time you have to dedicate to getting this done. I will be free tomorrow off and on but you would have to let me know what time would be good for you. Just so you know and this is very important. A bot is a backdoor and a information and password stealer. These means that any thing you do on that machine someone else could be logging your every key stroke.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 - Amy -

- Amy -
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 30 October 2011 - 06:12 PM

Thank you for the heads up. I have tried to minimize my connection time but realize I am leaving myself vulnerable by delaying the fix and that my tracked info may get uploaded whenever I connect. SOOO frustrating.

I anticipate finishing my work obligation Wednesday, and would be available to dedicate myself to virus cleansing starting Thursday. I imagine you are cringing right now, imagining the state of my system by then. Believe me, me too.

I'll check back mid-week and if this thread is still open I'll check in and we can get to work. Otherwise I'll open a new thread.

Thank you Fireman! :-)

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 30 October 2011 - 07:47 PM

Hello,

Just pm me when you are ready to continue. I will keep it open till Friday.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 - Amy -

- Amy -
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 06 November 2011 - 09:27 AM

I followed the instructions (your PM directed me to step 4) and below are the requested results.

Notes:
-- No malware appeared to have been found. However, when aswMBR was done, the "Fix MBR" button was NOT grayed out.
-- Your instructions indicate aswMBR is 511K. The link downloaded a file over 1.8M and that seemed consistent with other sources I checked. Unless you tell me I used the wrong software, I'll assume your instructions just need an update.
-- I believe I reset my router when originally asked, but just to be sure let me know if I should do it again.

Thanks for your patience. I'll use my ipad to check for further instructions. Once I send this, I'll keep the computer offline except to download things per your instructions.
Thanks! Amy



-------------------------------------------------------------------


OTL logfile created on: 11/6/2011 3:24:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Amys\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 9.80 Gb Available Physical Memory | 81.78% Memory free
23.95 Gb Paging File | 21.74 Gb Available in Paging File | 90.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.46 Gb Total Space | 128.94 Gb Free Space | 54.07% Space Free | Partition Type: NTFS
Drive D: | 332.70 Gb Total Space | 187.43 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
Drive R: | 25.00 Gb Total Space | 11.82 Gb Free Space | 47.28% Space Free | Partition Type: NTFS

Computer Name: AMYS-PC | User Name: Amys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 03:22:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Amys\Desktop\OTL.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/28 22:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/09 06:49:24 | 000,288,000 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe
PRC - [2011/09/07 01:56:44 | 000,583,576 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\Xfinity Signature Support Desktop Application\escont.exe
PRC - [2011/09/07 01:56:42 | 000,913,816 | ---- | M] (Support.com, Inc.) -- C:\Program Files (x86)\Xfinity Signature Support Desktop Application\esService.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/27 04:38:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/15 09:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/28 22:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/04/27 04:38:34 | 000,237,160 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/29 14:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/07/27 09:40:16 | 000,113,840 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe -- (AsusUacSvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Premier Elements 10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/09/09 06:49:24 | 000,288,000 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2011/09/09 06:49:22 | 000,421,376 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2011/09/07 01:56:42 | 000,913,816 | ---- | M] (Support.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\Xfinity Signature Support Desktop Application\esService.exe -- (Xfinity Signature Support Desktop Application)
SRV - [2011/08/06 06:45:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/08/06 06:45:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 04:38:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/02/13 20:16:12 | 000,417,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\T55\WinMate\WMService.exe -- (WMService)
SRV - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 09:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/10/02 22:45:40 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2011/09/25 05:33:59 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/09/02 21:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2011/09/02 21:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011/08/12 09:13:26 | 000,017,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AQFileRestore.sys -- (AQFileRestore)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/18 22:03:08 | 000,053,760 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_win764.sys -- (fspad_win764)
DRV:64bit: - [2011/04/21 10:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/08 14:46:08 | 000,177,152 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2011/04/08 14:46:08 | 000,056,320 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2011/03/30 19:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 19:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 19:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 18:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 05:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/25 16:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011/01/26 22:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/29 14:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/15 16:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/05 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/08/03 02:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/17 15:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/10/05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 01:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:06:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHPRINT.SYS -- (BTHprint)
DRV:64bit: - [2009/06/10 12:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/10/28 02:38:18 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111105.009\EX64.SYS -- (NAVEX15)
DRV - [2011/10/28 02:38:18 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111105.009\ENG64.SYS -- (NAVENG)
DRV - [2011/10/14 15:10:08 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111027.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/09/25 18:59:21 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/25 05:33:51 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/09/23 08:11:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111104.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/09/09 06:49:22 | 000,036,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Avanquest\SystemSuite\TFilter.sys -- (TFilter)
DRV - [2011/09/09 06:49:20 | 000,045,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Avanquest\SystemSuite\Kfilter.sys -- (KFilter)
DRV - [2010/07/26 12:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/09/28 10:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_2_3 [2011/11/06 02:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/11/04 09:15:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/28 03:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/27 20:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amys\AppData\Roaming\Mozilla\Extensions
[2011/10/31 09:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\isrg4mmr.default\extensions
[2011/10/31 09:18:59 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\isrg4mmr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/10/28 16:24:53 | 000,000,000 | ---D | M] ("Default Tab") -- C:\Users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\isrg4mmr.default\extensions\addon@defaulttab.com
[2011/10/30 15:34:09 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\isrg4mmr.default\extensions\foxmarks@kei.com
[2011/10/28 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\yp6qb4tj.default\extensions
[2011/10/28 16:24:53 | 000,000,000 | ---D | M] ("Default Tab") -- C:\Users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\yp6qb4tj.default\extensions\addon@defaulttab.com
[2011/10/30 15:34:12 | 000,004,912 | ---- | M] () -- C:\Users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\isrg4mmr.default\searchplugins\search-here.xml
[2011/10/28 03:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/04 09:15:18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/11/06 02:33:51 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_2_3
[2011/09/28 10:44:13 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
() (No name found) -- C:\USERS\AMYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISRG4MMR.DEFAULT\EXTENSIONS\{AFF0F480-EDE7-11DB-8BB2-438255D89593}.XPI
() (No name found) -- C:\USERS\AMYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISRG4MMR.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\AMYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISRG4MMR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\AMYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISRG4MMR.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
() (No name found) -- C:\USERS\AMYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISRG4MMR.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\AMYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISRG4MMR.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\AMYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ISRG4MMR.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE.XPI
[2011/09/28 22:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 16:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/23 16:06:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [AutoWinRarZip] C:\Program Files (x86)\AutoWinRarZipInstall\AutoWinRarZip.exe -k File not found
O4 - Startup: C:\Users\Amys\START MENU\Programs\Startup\AutorunsDisabled [2011/10/26 00:33:15 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB3F860B-A14B-4324-8579-FEA25230CB63}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 03:22:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Amys\Desktop\OTL.exe
[2011/11/04 09:14:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/04 05:02:26 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\Expert PDF Reader
[2011/11/03 03:50:23 | 000,000,000 | ---D | C] -- C:\Users\Amys\--- APPS, OTHER ---
[2011/11/02 07:51:36 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/11/02 07:00:53 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\PeerNetworking
[2011/11/02 06:59:54 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/01 18:47:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/01 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\AVG2012
[2011/11/01 17:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/01 17:51:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/11/01 17:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/01 17:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/11/01 17:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/01 17:42:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/01 17:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/30 22:50:21 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\ASUS Utility
[2011/10/30 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\NPE
[2011/10/30 13:32:38 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\[ VIEWERS ]
[2011/10/29 00:31:27 | 000,000,000 | ---D | C] -- C:\Users\Amys\ALL PHOTOSHOP ACTIONS
[2011/10/28 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegmagiK
[2011/10/28 20:51:20 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\Downloads
[2011/10/28 20:51:14 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\CNET TechTracker
[2011/10/28 20:51:14 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\CBS Interactive
[2011/10/28 19:25:11 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\[ UI TWEAKS ]
[2011/10/28 19:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[ UI TWEAKS ]
[2011/10/28 19:01:02 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\[ FILE MANAGEMENT ]
[2011/10/28 17:47:00 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\Adobe Mini Bridge CS5.1
[2011/10/28 17:46:59 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1.amy
[2011/10/28 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\FileZilla
[2011/10/28 17:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/10/28 16:53:02 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\UltraVNC
[2011/10/28 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\WinZip
[2011/10/28 16:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/10/28 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/10/28 16:24:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A8B5FFA8-79F1-48DF-BEDF-966D494FAE01}
[2011/10/28 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\PackageAware
[2011/10/28 16:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Default Tab
[2011/10/28 16:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMate
[2011/10/28 16:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T55
[2011/10/28 16:20:40 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\HamsterSoft
[2011/10/28 16:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamster ZIP Archiver
[2011/10/28 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\factormystic.net
[2011/10/28 13:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreshUI
[2011/10/28 13:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
[2011/10/28 13:50:18 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\Theme Organizer
[2011/10/28 13:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Theme Organizer
[2011/10/28 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\StartEd Pro
[2011/10/28 13:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartEd
[2011/10/28 13:47:11 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\TweakNow WinSecret 2011
[2011/10/28 13:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow WinSecret 2011
[2011/10/28 13:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\BitNami WordPress Stack
[2011/10/28 13:22:35 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\ZipGenius
[2011/10/28 13:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfreader
[2011/10/28 13:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft
[2011/10/28 13:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipGenius 6
[2011/10/28 13:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZipGenius 6
[2011/10/28 06:25:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/27 20:37:49 | 000,000,000 | R--D | C] -- C:\Users\Amys\Documents\Scanned Documents
[2011/10/27 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\Fax
[2011/10/27 20:31:44 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\Mozilla
[2011/10/27 20:31:44 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Mozilla
[2011/10/27 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/10/27 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\OpswatLogs
[2011/10/26 05:15:25 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\Avanquest
[2011/10/26 04:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PilotMan
[2011/10/26 04:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clone Tools
[2011/10/26 04:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dupli Find
[2011/10/26 01:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/10/26 01:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/10/26 01:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2011/10/26 01:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2011/10/25 23:39:40 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\Tific
[2011/10/25 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Symantec
[2011/10/25 20:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[ FILE MANAGEMENT ]
[2011/10/25 19:57:49 | 000,000,000 | ---D | C] -- C:\Users\Amys\Desktop\STUFF FROM ROAMING
[2011/10/25 09:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/10/25 09:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011/10/24 19:16:58 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\Xfinity Signature Support Desktop Application
[2011/10/24 19:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfinity Signature Support Desktop Application
[2011/10/24 19:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2011/10/24 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\STK
[2011/10/24 17:26:06 | 000,000,000 | -H-D | C] -- C:\Users\Amys\Start Menu\Programs\Startup\AutorunsDisabled
[2011/10/24 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/24 17:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\support.com
[2011/10/24 17:07:07 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\supportdotcom
[2011/10/24 17:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportdotcom
[2011/10/24 16:28:09 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/23 17:05:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/23 16:09:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/23 13:45:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/23 13:45:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/23 13:45:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/23 13:44:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/23 13:44:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/23 13:27:12 | 004,269,652 | R--- | C] (Swearware) -- C:\Users\Amys\Desktop\ComboFix.exe
[2011/10/23 08:18:29 | 000,000,000 | ---D | C] -- C:\Users\Amys\Desktop\Shortcuts to apps
[2011/10/23 08:16:53 | 000,000,000 | ---D | C] -- C:\Users\Amys\- stuff to sort thru
[2011/10/23 06:17:06 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\Runscanner.net
[2011/10/22 11:42:01 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\[ NETWORKING ]
[2011/10/22 04:19:08 | 000,017,288 | ---- | C] (Sysinternals) -- C:\Windows\SysNative\drivers\Dbgv.sys
[2011/10/22 01:15:48 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\T55
[2011/10/22 00:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/10/21 19:01:25 | 000,000,000 | --SD | C] -- C:\Users\Amys\Documents\My Data Sources.amy
[2011/10/20 09:23:07 | 000,000,000 | ---D | C] -- C:\Temp
[2011/10/20 04:52:44 | 000,000,000 | ---D | C] -- C:\Users\Amys\Desktop\Effies pic
[2011/10/19 18:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nik Software
[2011/10/19 18:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2011/10/19 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Player
[2011/10/19 15:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Capture
[2011/10/19 15:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone MaxView
[2011/10/19 15:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Photo Resizer
[2011/10/19 15:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2011/10/19 09:03:52 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\Printer's Apprentice
[2011/10/19 09:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Printer's Apprentice
[2011/10/19 09:03:40 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Caphyon
[2011/10/19 09:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Printer's Apprentice 8.1
[2011/10/19 09:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Printer's Apprentice
[2011/10/19 06:42:31 | 000,000,000 | ---D | C] -- C:\Users\Amys\--- INSTALLATION FILES ---
[2011/10/19 06:40:11 | 000,000,000 | ---D | C] -- C:\Users\Amys\--- APPS, SYSTEM ---
[2011/10/19 06:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Extractor
[2011/10/19 06:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Extractor
[2011/10/19 06:14:35 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\Adobe
[2011/10/19 06:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[ GRAPHICS ]
[2011/10/19 06:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[ NETWORKING ]
[2011/10/19 06:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[ VIEWERS ]
[2011/10/19 04:20:10 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Opera
[2011/10/19 03:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartSound
[2011/10/19 03:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2011/10/19 03:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2011/10/19 03:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/10/19 03:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/10/19 00:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/10/18 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Amys\Zenmaps
[2011/10/18 10:04:57 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\gtk-2.0
[2011/10/18 09:17:29 | 000,000,000 | ---D | C] -- C:\Users\Amys\.zenmap
[2011/10/18 08:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2011/10/18 08:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap
[2011/10/18 08:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2011/10/17 07:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced IP Scanner v2
[2011/10/16 23:29:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/16 04:28:36 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Avanquest_Software
[2011/10/16 04:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/15 11:38:36 | 000,000,000 | RHSD | C] -- C:\_Backup.RC
[2011/10/15 11:37:54 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\Microsoft Office
[2011/10/15 11:09:21 | 000,000,000 | ---D | C] -- C:\_Backup
[2011/10/15 10:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2011/10/15 10:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest
[2011/10/14 17:20:50 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\OneNote Notebooks
[2011/10/14 15:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[ PASSWORD-RELATED ]
[2011/10/14 15:33:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[ HARDWARE ]
[2011/10/14 06:48:46 | 000,027,016 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysWow64\drivers\PROCEXP141.SYS
[2011/10/13 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\Outlook Files
[2011/10/13 11:00:32 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\[ SYSTEM TUNE-UP ]
[2011/10/13 03:59:54 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Roaming\GlarySoft
[2011/10/13 03:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities Pro
[2011/10/12 21:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2011/10/12 21:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/12 08:29:53 | 000,000,000 | ---D | C] -- C:\Users\Amys\Documents\My Kindle Content
[2011/10/12 04:17:14 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\[ GRAPHICS ]
[2011/10/12 04:17:14 | 000,000,000 | ---D | C] -- C:\Users\Amys\Start Menu\Programs\[ ANTI-VIRUS ]
[2011/10/12 04:17:10 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Amazon
[2011/10/10 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniTool Partition Wizard Home 7.0
[2011/10/10 15:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/10 15:30:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/10 15:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/10 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\DuplicateCleaner
[2011/10/10 14:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Cleaner
[2011/10/10 09:00:45 | 000,000,000 | ---D | C] -- C:\Users\Amys\------- T o F i l e --------
[2011/10/10 08:46:40 | 000,000,000 | ---D | C] -- C:\Users\Amys\------ W e b s i t e -------
[2011/10/10 08:46:05 | 000,000,000 | ---D | C] -- C:\Users\Amys\------- H a c k e d --------
[2011/10/10 08:44:47 | 000,000,000 | ---D | C] -- C:\Users\Amys\- ACTIVE -
[2011/10/10 06:46:36 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\MigWiz
[2011/10/09 20:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/09 20:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/09 20:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/10/09 20:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/10/09 19:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/10/09 19:44:54 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Adobe
[2011/10/09 15:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/10/09 15:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/10/09 15:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/10/09 15:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/10/09 15:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/10/09 15:01:20 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011/10/09 15:00:59 | 000,000,000 | ---D | C] -- C:\Users\Amys\AppData\Local\Microsoft Help
[2011/10/09 15:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/10/09 15:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/10/09 15:00:38 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/10/07 05:23:46 | 000,283,728 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/06 03:22:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Amys\Desktop\OTL.exe
[2011/11/06 03:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/06 02:42:12 | 000,671,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/06 02:42:12 | 000,124,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/06 02:42:11 | 000,794,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 02:40:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 02:40:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 02:33:41 | 000,000,005 | ---- | M] () -- C:\Windows\SysWow64\wmstartuptick
[2011/11/06 02:33:20 | 1055,776,766 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/05 16:05:08 | 108,876,448 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/05 02:59:58 | 000,001,456 | ---- | M] () -- C:\Users\Amys\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/04 16:04:57 | 000,063,550 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/11/04 09:15:18 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/03 03:23:44 | 000,006,536 | ---- | M] () -- C:\Windows\RegmagiK.INI
[2011/11/02 07:01:20 | 000,021,043 | ---- | M] () -- C:\Users\Amys\AppData\Roaming\UserTile.png
[2011/11/02 01:30:00 | 000,000,668 | ---- | M] () -- C:\Users\Amys\advanced_ip_scanner_Favorites.bin
[2011/11/02 01:30:00 | 000,000,370 | ---- | M] () -- C:\Users\Amys\advanced_ip_scanner_MAC.bin
[2011/11/01 17:51:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/01 17:51:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/30 22:43:56 | 000,017,288 | ---- | M] (Sysinternals) -- C:\Windows\SysNative\drivers\Dbgv.sys
[2011/10/30 16:57:15 | 004,985,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/28 15:31:30 | 000,000,116 | ---- | M] () -- C:\Users\Amys\AppData\Roaming\mainhst.zgh
[2011/10/28 13:16:22 | 000,001,119 | ---- | M] () -- C:\Users\Amys\Application Data\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk
[2011/10/26 00:12:01 | 000,001,065 | ---- | M] () -- C:\Users\Amys\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/10/24 19:14:16 | 000,027,820 | ---- | M] () -- C:\ProgramData\xportnchk.ini
[2011/10/24 19:13:35 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/10/23 16:06:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/23 13:27:21 | 004,269,652 | R--- | M] (Swearware) -- C:\Users\Amys\Desktop\ComboFix.exe
[2011/10/18 16:11:17 | 000,000,218 | ---- | M] () -- C:\Users\Amys\.recently-used.xbel
[2011/10/18 08:52:43 | 000,001,310 | ---- | M] () -- C:\Users\Amys\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/18 06:26:09 | 000,000,812 | ---- | M] () -- C:\Users\Amys\Pictures - Shortcut.lnk
[2011/10/17 17:09:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/16 04:28:08 | 000,788,062 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/15 10:08:43 | 353,910,727 | ---- | M] () -- C:\Users\Amys\from 10-14-1.PML
[2011/10/15 10:08:43 | 298,184,055 | ---- | M] () -- C:\Users\Amys\from 10-14.PML
[2011/10/15 10:08:43 | 040,626,495 | ---- | M] () -- C:\Users\Amys\from 10-14-2.PML
[2011/10/14 06:49:06 | 000,027,016 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysWow64\drivers\PROCEXP141.SYS
[2011/10/09 15:52:52 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/05 16:05:08 | 108,876,448 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/11/04 16:04:57 | 000,063,550 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/11/04 09:15:18 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/02 07:00:53 | 000,021,043 | ---- | C] () -- C:\Users\Amys\AppData\Roaming\UserTile.png
[2011/11/01 17:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/11/01 17:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/31 08:00:09 | 000,006,536 | ---- | C] () -- C:\Windows\RegmagiK.INI
[2011/10/30 16:57:37 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\wmstartuptick
[2011/10/28 21:06:47 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegmagiK 32 bit.lnk
[2011/10/28 16:50:10 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 16.0.lnk
[2011/10/28 13:45:47 | 000,000,116 | ---- | C] () -- C:\Users\Amys\AppData\Roaming\mainhst.zgh
[2011/10/28 13:16:22 | 000,001,119 | ---- | C] () -- C:\Users\Amys\Application Data\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk
[2011/10/28 03:27:28 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/24 19:16:28 | 000,002,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfinity Signature Support Desktop Application.lnk
[2011/10/24 19:14:16 | 000,027,820 | ---- | C] () -- C:\ProgramData\xportnchk.ini
[2011/10/23 13:45:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/23 13:45:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/23 13:45:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/23 13:45:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/23 13:45:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/18 16:11:17 | 000,000,218 | ---- | C] () -- C:\Users\Amys\.recently-used.xbel
[2011/10/18 12:14:30 | 000,000,668 | ---- | C] () -- C:\Users\Amys\advanced_ip_scanner_Favorites.bin
[2011/10/18 08:52:43 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/18 08:52:43 | 000,001,310 | ---- | C] () -- C:\Users\Amys\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/18 06:26:13 | 000,000,812 | ---- | C] () -- C:\Users\Amys\Pictures - Shortcut.lnk
[2011/10/17 17:09:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/17 10:50:41 | 000,000,370 | ---- | C] () -- C:\Users\Amys\advanced_ip_scanner_MAC.bin
[2011/10/15 10:53:42 | 000,017,168 | ---- | C] () -- C:\Windows\SysNative\drivers\AQFileRestore.sys
[2011/10/15 10:53:42 | 000,001,984 | ---- | C] () -- C:\Windows\SysNative\drivers\AQFileRestore.inf
[2011/10/15 10:46:00 | 000,788,062 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/15 10:07:33 | 040,626,495 | ---- | C] () -- C:\Users\Amys\from 10-14-2.PML
[2011/10/15 10:07:15 | 353,910,727 | ---- | C] () -- C:\Users\Amys\from 10-14-1.PML
[2011/10/15 10:06:47 | 298,184,055 | ---- | C] () -- C:\Users\Amys\from 10-14.PML
[2011/10/13 07:09:51 | 000,001,456 | ---- | C] () -- C:\Users\Amys\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/10 17:50:53 | 001,002,056 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe
[2011/10/10 17:50:53 | 000,019,936 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys
[2011/10/10 17:50:52 | 000,013,280 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys
[2011/10/09 21:10:17 | 000,001,065 | ---- | C] () -- C:\Users\Amys\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/10/09 14:03:16 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/09/27 13:27:45 | 000,000,017 | ---- | C] () -- C:\Users\Amys\AppData\Local\resmon.resmoncfg
[2011/09/25 18:35:12 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/08/06 06:45:42 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/08/06 06:45:42 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/08/06 06:45:42 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/08/06 06:45:41 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/08/06 06:45:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/08/06 06:30:39 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2009/07/28 21:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/25 22:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

========== LOP Check ==========

[2011/10/26 05:15:25 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\Avanquest
[2011/11/01 18:00:22 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\AVG2012
[2011/10/28 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\CBS Interactive
[2011/11/02 07:51:36 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/11/04 15:17:16 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\Expert PDF Reader
[2011/11/03 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\FileZilla
[2011/10/26 00:27:18 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\GlarySoft
[2011/10/26 00:33:07 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\gtk-2.0
[2011/10/28 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\HamsterSoft
[2011/11/03 03:20:26 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\OpswatLogs
[2011/11/02 07:00:53 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\PeerNetworking
[2011/10/29 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\Printer's Apprentice
[2011/10/26 00:33:15 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\Runscanner.net
[2011/11/02 06:59:54 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/28 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1.amy
[2011/10/26 00:33:15 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\supportdotcom
[2011/10/26 00:33:15 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\T55
[2011/10/25 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\Tific
[2011/10/28 13:47:11 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\TweakNow WinSecret 2011
[2011/10/28 13:45:54 | 000,000,000 | ---D | M] -- C:\Users\Amys\AppData\Roaming\ZipGenius
[2011/10/28 03:25:35 | 000,024,036 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2010/11/20 01:23:36 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 18:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011/04/24 18:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/24 19:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: AGP440.SYS >
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CDROM.SYS >
[2010/11/20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 01:19:22 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2010/11/05 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys
[2010/11/05 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/05 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/10 22:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/10 22:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/10 22:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/10 22:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/10 22:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/10 22:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/10 22:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/10 22:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >


---------------------------------------------------------------------

OTL Extras logfile created on: 11/6/2011 3:24:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Amys\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 9.80 Gb Available Physical Memory | 81.78% Memory free
23.95 Gb Paging File | 21.74 Gb Available in Paging File | 90.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.46 Gb Total Space | 128.94 Gb Free Space | 54.07% Space Free | Partition Type: NTFS
Drive D: | 332.70 Gb Total Space | 187.43 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
Drive R: | 25.00 Gb Total Space | 11.82 Gb Free Space | 47.28% Space Free | Partition Type: NTFS

Computer Name: AMYS-PC | User Name: Amys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Photoshop CS5.1 64-bit\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Directory [Suction] -- "C:\Users\Amys\Desktop\Suction.exe" "%1" "%*"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Photoshop CS5.1 64-bit\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Directory [Suction] -- "C:\Users\Amys\Desktop\Suction.exe" "%1" "%*"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B7465E2-1A7E-4D21-8670-94D9C11449B8}" = AVG 2012
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{42B40185-E134-43FD-9381-69F92B317417}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}" = Fresco Logic USB3.0 Host Controller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.37
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}" = WinZip 16.0
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PremElem100" = Adobe Premiere Elements 10
"Rotation Desktop for G Series_is1" = Rotation Desktop for G Series.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{072D086C-BE42-4276-B720-72A07F819B15}" = Free eXPert PDF Reader
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F329DFD-E9BE-49F4-B5EE-6CC8232D38E9}" = SystemSuite Professional
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{25E86A0D-ADE4-4837-97C4-FC228D1F3103}_is1" = WinMate
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{6231E574-8DEB-4995-8F89-EF7DC85E50C4}" = Printer's Apprentice 8.1
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E2CA49-B6B9-4FE2-A39B-F6EA18AC5405}_is1" = Auslogics Task Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A0E125E4-19BF-4240-A483-943085EA520C}" = Advanced IP Scanner
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B11AB9C8-18A6-41DC-98B4-4988CC030136}" = THX TruStudio
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D29C595F-DF6D-4807-B0DE-C4B5C8DF226F}" = RegmagiK
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"AsusScr_G74 Series_ENG" = AsusScr_G74 Series_ENG
"Belarc Advisor" = Belarc Advisor 8.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Default Tab" = Default Tab
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"FileZilla Client" = FileZilla Client 3.5.1
"FreshDevices - FreshUI_is1" = FreshUI
"Glary Utilities_is1" = Glary Utilities Pro 2.38.0.1288
"HKN ThemeOrganizer" = Theme Organizer Pro
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"N360" = Norton 360
"Nmap" = Nmap 5.51
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Printer's Apprentice 8.1" = Printer's Apprentice 8.1
"StartEd Pro" = StartEd Pro
"The Extractor1.4.3.1" = The Extractor
"TweakNow WinSecret 2011_is1" = TweakNow WinSecret 2011
"Xfinity Signature Support Desktop Application" = Xfinity Signature Support Desktop Application

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"CNET TechTracker" = CNET TechTracker

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

-----------------------------------------------------------------------------

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-06 05:10:01
-----------------------------
05:10:01.222 OS Version: Windows x64 6.1.7601 Service Pack 1
05:10:01.222 Number of processors: 8 586 0x2A07
05:10:01.222 ComputerName: AMYS-PC UserName: Amys
05:10:02.798 Initialize success
05:10:39.838 AVAST engine defs: 11110601
05:10:52.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:10:52.209 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
05:10:52.225 Disk 0 MBR read successfully
05:10:52.240 Disk 0 MBR scan
05:10:52.240 Disk 0 Windows 7 default MBR code
05:10:52.256 Service scanning
05:10:53.457 Modules scanning
05:10:53.457 Disk 0 trace - called modules:
05:10:53.488 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
05:10:53.504 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a889790]
05:10:53.519 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa800a248560]
05:10:53.519 5 ACPI.sys[fffff88000ef57a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a2a1050]
05:10:56.140 AVAST engine scan C:\Windows
05:10:59.744 AVAST engine scan C:\Windows\system32
05:12:23.672 AVAST engine scan C:\Windows\system32\drivers
05:12:33.344 AVAST engine scan C:\Users\Amys
05:30:11.248 AVAST engine scan C:\ProgramData
05:34:56.073 Scan finished successfully
05:36:45.367 Disk 0 MBR has been saved successfully to "C:\Users\Amys\Desktop\MBR.dat"
05:36:45.367 The log file has been saved successfully to "C:\Users\Amys\Desktop\aswMBR.txt"


---------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8096

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/6/2011 5:51:55 AM
mbam-log-2011-11-06 (05-51-55).txt

Scan type: Quick scan
Objects scanned: 196638
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 06 November 2011 - 11:38 AM

Hello,

We will repeat some steps we done before. I think you becoming reinfected before from your router.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, type 1 (SCAN) then Enter
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

4.
Let's reset that router one more time to be sure.


Things to include in your next reply::
TDSSKIller log
Combofix.txt
RogueKiller log
How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 - Amy -

- Amy -
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 06 November 2011 - 03:23 PM

I'm going to reset my router now. I wanted to get the other results off to you in the mean time.

Notes:

-- I got an error that my post was too long so I'm splitting it into two or more posts.
-- Regarding the Rogue program, I may not have done it properly. Please see the small section just above the Rogue report for specifics....
-- A huge problem I've been having (and am still having) is that it's hijacked Microsoft Office apps. Opening them often reroutes to an installation package (for a "single image" version of Office12) or something else. I just tried to open Word and got an error "Microsoft Office cannot verify the license for this Application. A repair attempt failed or was canceled by the user. The application will now shut down." I did cancel something, but it was the installation I mentioned just above.


-------------------------------------------------------------------------

TDSS did not find anything

-------------------------------------------------------------------------

ComboFix 11-11-06.02 - Amys 11/06/2011 11:09:37.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12265.9518 [GMT -8:00]
Running from: c:\users\Amys\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 19:12 . 2011-11-06 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 19:12 . 2011-11-06 19:12 -------- d-----w- c:\users\Amys_2\AppData\Local\temp
2011-11-06 18:36 . 2011-11-06 18:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0233D410-9CEA-440A-8F30-4995E4791C74}\offreg.dll
2011-11-06 13:49 . 2011-11-06 13:49 -------- d-----w- c:\users\Amys\AppData\Roaming\Malwarebytes
2011-11-04 13:02 . 2011-11-04 23:17 -------- d-----w- c:\users\Amys\AppData\Roaming\Expert PDF Reader
2011-11-03 11:50 . 2011-11-03 11:53 -------- d-----w- c:\users\Amys\--- APPS, OTHER ---
2011-11-02 15:51 . 2011-11-02 15:51 -------- d-----w- c:\users\Amys\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2011-11-02 15:00 . 2011-11-02 15:00 -------- d-----w- c:\users\Amys\AppData\Roaming\PeerNetworking
2011-11-02 14:59 . 2011-11-02 14:59 -------- d-----w- c:\users\Amys\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-11-02 02:47 . 2011-11-02 02:47 -------- d-----w- C:\$AVG
2011-11-02 01:51 . 2011-11-06 18:36 -------- d-----w- c:\programdata\AVG2012
2011-11-02 01:49 . 2011-11-02 01:49 -------- d-----w- c:\program files (x86)\AVG
2011-11-02 01:42 . 2011-11-02 01:42 -------- d--h--w- c:\programdata\Common Files
2011-11-02 01:41 . 2011-11-06 18:37 -------- d-----w- c:\programdata\MFAData
2011-10-31 01:31 . 2011-10-31 01:43 -------- d-----w- c:\users\Amys\AppData\Local\NPE
2011-10-29 08:31 . 2011-10-29 08:34 -------- d-----w- c:\users\Amys\ALL PHOTOSHOP ACTIONS
2011-10-29 05:06 . 2011-10-29 05:06 -------- d-----w- c:\program files (x86)\RegmagiK
2011-10-29 04:51 . 2011-10-29 04:51 -------- d-----w- c:\users\Amys\AppData\Roaming\CBS Interactive
2011-10-29 01:47 . 2011-10-29 01:47 -------- d-----w- c:\users\Amys\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-10-29 01:01 . 2011-11-03 22:14 -------- d-----w- c:\users\Amys\AppData\Roaming\FileZilla
2011-10-29 01:01 . 2011-10-29 01:01 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-10-29 00:53 . 2011-10-29 00:53 -------- d-----w- c:\users\Amys\AppData\Roaming\UltraVNC
2011-10-29 00:51 . 2011-10-29 00:51 -------- d-----w- c:\users\Amys\AppData\Local\WinZip
2011-10-29 00:49 . 2011-10-29 00:51 -------- d-----w- c:\programdata\WinZip
2011-10-29 00:24 . 2011-10-29 00:24 -------- d-----w- c:\program files (x86)\Default Tab
2011-10-29 00:24 . 2011-10-29 00:24 -------- dc-h--w- c:\programdata\{A8B5FFA8-79F1-48DF-BEDF-966D494FAE01}
2011-10-29 00:24 . 2011-10-29 00:24 -------- d-----w- c:\users\Amys\AppData\Local\PackageAware
2011-10-29 00:24 . 2011-10-29 00:24 -------- d-----w- c:\program files (x86)\T55
2011-10-29 00:20 . 2011-10-29 00:20 -------- d-----w- c:\users\Amys\AppData\Roaming\HamsterSoft
2011-10-29 00:18 . 2011-11-02 08:27 -------- d-----w- c:\program files (x86)\Hamster ZIP Archiver
2011-10-29 00:09 . 2011-10-29 00:09 -------- d-----w- c:\users\Amys\AppData\Local\factormystic.net
2011-10-28 21:53 . 2011-10-30 23:21 -------- d-----w- c:\program files (x86)\FreshUI
2011-10-28 21:50 . 2011-10-28 21:50 -------- d-----w- c:\program files (x86)\Theme Organizer
2011-10-28 21:49 . 2011-10-28 21:49 -------- d-----w- c:\program files (x86)\StartEd
2011-10-28 21:47 . 2011-10-28 21:47 -------- d-----w- c:\program files (x86)\TweakNow WinSecret 2011
2011-10-28 21:47 . 2011-10-28 21:47 -------- d-----w- c:\users\Amys\AppData\Roaming\TweakNow WinSecret 2011
2011-10-28 21:32 . 2011-11-02 08:26 -------- d-----w- c:\program files\BitNami WordPress Stack
2011-10-28 21:22 . 2011-10-28 21:45 -------- d-----w- c:\users\Amys\AppData\Roaming\ZipGenius
2011-10-28 21:19 . 2011-10-28 21:19 -------- d-----w- c:\program files (x86)\pdfreader
2011-10-28 21:19 . 2011-10-28 21:19 -------- d-----w- c:\program files (x86)\Visagesoft
2011-10-28 21:16 . 2011-10-28 21:16 -------- d-----w- c:\program files (x86)\ZipGenius 6
2011-10-28 14:27 . 2011-10-28 14:27 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-28 14:25 . 2011-10-28 14:25 -------- d-----w- c:\windows\system32\Macromed
2011-10-28 04:31 . 2011-10-28 04:31 -------- d-----w- c:\users\Amys\AppData\Local\Mozilla
2011-10-28 04:27 . 2011-11-03 11:20 -------- d-----w- c:\users\Amys\AppData\Roaming\OpswatLogs
2011-10-26 13:15 . 2011-10-26 13:15 -------- d-----w- c:\users\Amys\AppData\Roaming\Avanquest
2011-10-26 12:57 . 2011-10-28 10:45 -------- d-----w- c:\program files (x86)\Clone Tools
2011-10-26 12:57 . 2011-10-26 12:57 131072 ----a-r- c:\users\Amys\AppData\Roaming\Microsoft\Installer\{31E616C4-0A06-4FA1-AAB9-FC9FACF834A7}\CloneTools.exe1_BC53CBB83E6B4C1EB232D79E819D358A.exe
2011-10-26 12:57 . 2011-10-26 12:57 -------- d-----w- c:\programdata\PilotMan
2011-10-26 12:48 . 2011-10-28 10:45 -------- d-----w- c:\program files (x86)\Dupli Find
2011-10-26 09:44 . 2011-10-26 09:44 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-10-26 09:29 . 2011-10-26 09:29 3584 ----a-r- c:\users\Amys\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-10-26 09:29 . 2011-10-26 09:29 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up
2011-10-26 09:28 . 2011-10-26 09:28 -------- d-----w- c:\program files (x86)\MSECACHE
2011-10-26 07:39 . 2011-10-26 07:39 -------- d-----w- c:\users\Amys\AppData\Roaming\Tific
2011-10-26 07:39 . 2011-10-26 07:39 -------- d-----w- c:\users\Amys\AppData\Local\Symantec
2011-10-25 17:56 . 2011-10-26 08:32 -------- d-----w- c:\programdata\SecTaskMan
2011-10-25 17:56 . 2011-10-26 08:32 -------- d-----w- c:\program files (x86)\Security Task Manager
2011-10-25 03:16 . 2011-10-25 03:19 -------- d-----w- c:\program files (x86)\Xfinity Signature Support Desktop Application
2011-10-25 03:15 . 2011-10-25 03:15 -------- d-----w- c:\program files (x86)\Common Files\supportsoft
2011-10-25 01:08 . 2011-10-25 03:19 -------- d-----w- c:\programdata\support.com
2011-10-25 01:07 . 2011-10-26 08:33 -------- d-----w- c:\users\Amys\AppData\Roaming\supportdotcom
2011-10-25 01:07 . 2011-10-26 07:37 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom
2011-10-25 00:29 . 2011-10-25 00:29 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-25 00:28 . 2011-10-25 00:28 -------- d-----w- c:\windows\PCHEALTH
2011-10-23 14:17 . 2011-10-26 08:33 -------- d-----w- c:\users\Amys\AppData\Roaming\Runscanner.net
2011-10-22 12:19 . 2011-10-31 06:43 17288 ----a-w- c:\windows\system32\drivers\Dbgv.sys
2011-10-22 09:15 . 2011-10-26 08:33 -------- d-----w- c:\users\Amys\AppData\Roaming\T55
2011-10-22 08:50 . 2011-10-22 08:50 -------- d-----w- c:\program files (x86)\Auslogics
2011-10-21 17:37 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0233D410-9CEA-440A-8F30-4995E4791C74}\mpengine.dll
2011-10-20 17:23 . 2011-10-23 15:02 -------- d-----w- C:\Temp
2011-10-20 02:57 . 2011-10-20 18:16 -------- d-----w- c:\programdata\Nik Software
2011-10-20 02:57 . 2011-10-20 04:31 -------- d-----w- c:\program files\Nik Software
2011-10-19 23:07 . 2011-10-20 18:16 -------- d-----w- c:\program files (x86)\FastStone Player
2011-10-19 23:07 . 2011-10-20 18:16 -------- d-----w- c:\program files (x86)\FastStone Capture
2011-10-19 23:07 . 2011-10-20 18:16 -------- d-----w- c:\program files (x86)\FastStone MaxView
2011-10-19 23:06 . 2011-10-20 18:16 -------- d-----w- c:\program files (x86)\FastStone Photo Resizer
2011-10-19 23:05 . 2011-10-20 18:16 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2011-10-19 17:03 . 2011-10-30 04:56 -------- d-----w- c:\users\Amys\AppData\Roaming\Printer's Apprentice
2011-10-19 17:03 . 2011-10-19 17:38 -------- d-----w- c:\programdata\Printer's Apprentice
2011-10-19 17:03 . 2011-10-26 08:33 -------- d-----w- c:\users\Amys\AppData\Local\Caphyon
2011-10-19 17:03 . 2011-10-19 17:03 -------- d-----w- c:\program files (x86)\Printer's Apprentice
2011-10-19 14:42 . 2011-10-26 08:27 -------- d-----w- c:\users\Amys\--- INSTALLATION FILES ---
2011-10-19 14:40 . 2011-11-03 11:54 -------- d-----w- c:\users\Amys\--- APPS, SYSTEM ---
2011-10-19 14:26 . 2011-10-19 14:26 -------- d-----w- c:\program files (x86)\The Extractor
2011-10-19 12:20 . 2011-10-26 08:33 -------- d-----w- c:\users\Amys\AppData\Local\Opera
2011-10-19 11:18 . 2011-10-19 11:19 -------- d-----w- c:\program files (x86)\SmartSound Software
2011-10-19 11:18 . 2011-10-19 22:25 -------- d-----w- c:\programdata\SmartSound Software Inc
2011-10-19 11:13 . 2010-03-19 10:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-10-19 11:13 . 2009-10-20 10:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-10-19 11:13 . 2009-10-20 10:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-10-19 11:12 . 2011-10-19 11:50 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-10-19 11:12 . 2011-10-19 11:12 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-10-19 08:55 . 2011-10-19 08:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-19 00:11 . 2011-10-19 00:11 -------- d-----w- c:\users\Amys\Zenmaps
2011-10-18 20:14 . 2011-11-02 09:30 668 ----a-w- c:\users\Amys\advanced_ip_scanner_Favorites.bin
2011-10-18 18:04 . 2011-10-26 08:33 -------- d-----w- c:\users\Amys\AppData\Roaming\gtk-2.0
2011-10-18 17:17 . 2011-10-22 07:32 -------- d-----w- c:\users\Amys\.zenmap
2011-10-18 16:52 . 2011-10-18 16:52 -------- d-----w- c:\program files (x86)\Belarc
2011-10-18 16:47 . 2011-10-18 16:48 -------- d-----w- c:\program files (x86)\Nmap
2011-10-18 16:33 . 2011-10-18 16:33 -------- d-----w- c:\program files (x86)\Common Files\Atheros
2011-10-17 18:50 . 2011-11-02 09:30 370 ----a-w- c:\users\Amys\advanced_ip_scanner_MAC.bin
2011-10-17 15:58 . 2011-10-17 15:58 -------- d-----w- c:\program files (x86)\Advanced IP Scanner v2
2011-10-16 18:24 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-16 12:28 . 2011-10-17 12:39 -------- d-----w- c:\users\Amys\AppData\Local\Avanquest_Software
2011-10-16 12:04 . 2011-10-16 23:52 -------- d-----w- c:\program files\CCleaner
2011-10-15 19:09 . 2011-10-25 01:07 -------- d-----w- C:\_Backup
2011-10-15 18:53 . 2011-08-12 17:13 17168 ----a-w- c:\windows\system32\drivers\AQFileRestore.sys
2011-10-15 18:53 . 2011-10-15 19:09 -------- d-----w- c:\programdata\Avanquest
2011-10-15 18:53 . 2011-10-15 18:53 -------- d-----w- c:\program files (x86)\Avanquest
2011-10-14 14:48 . 2011-10-14 14:49 27016 ----a-w- c:\windows\SysWow64\drivers\PROCEXP141.SYS
2011-10-13 22:28 . 2011-10-13 22:28 -------- d-----w- c:\users\Amys_2\AppData\Roaming\FastStone
2011-10-13 11:59 . 2011-10-26 08:27 -------- d-----w- c:\users\Amys\AppData\Roaming\GlarySoft
2011-10-13 11:51 . 2011-10-20 18:17 -------- d-----w- c:\program files (x86)\Glary Utilities Pro
2011-10-13 05:19 . 2011-10-13 05:19 -------- d-----w- c:\programdata\Cisco Systems
2011-10-13 05:12 . 2011-10-19 23:18 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-10-12 21:40 . 2011-10-12 21:40 -------- d-----w- c:\users\Amys_2\AppData\Local\CrashDumps
2011-10-12 14:20 . 2011-10-12 14:20 -------- d-----w- c:\users\Amys_2\AppData\Local\Adobe
2011-10-12 12:17 . 2011-10-26 08:27 -------- d-----w- c:\users\Amys\AppData\Local\Amazon
2011-10-11 19:44 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 19:44 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 19:44 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 19:44 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-11 19:44 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-11 19:44 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 03:13 . 2011-08-06 14:44 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-10-03 06:45 . 2011-10-03 06:45 32128 ----a-w- c:\windows\system32\ssmirrdr.dll
2011-10-03 06:45 . 2011-10-03 06:45 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2011-09-25 13:33 . 2011-09-26 03:05 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-24_00.07.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-10-23 08:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-06 16:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-23 08:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-25 03:13 . 2011-11-06 16:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-06 16:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-31 00:57 . 2011-10-31 00:57 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-02-18 20:13 . 2011-10-31 01:40 46172 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-06 11:10 56732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-26 02:23 . 2011-11-06 11:10 11212 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1926782572-22229150-3017687675-1000_UserData.bin
+ 2010-02-18 04:41 . 2010-02-18 04:41 54656 c:\windows\system32\VBAME.DLL
+ 2011-09-28 06:59 . 2011-10-28 07:56 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-09-28 06:59 . 2011-10-20 17:13 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-02-21 00:20 . 2010-02-21 00:20 31616 c:\windows\system32\FM20ENU.DLL
- 2009-07-14 05:30 . 2011-10-22 04:10 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-10-25 06:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-03 06:45 . 2011-10-03 06:45 10112 c:\windows\system32\DriverStore\FileRepository\ssmirrdr.inf_amd64_neutral_f60e4a3bb7f7b95a\nt_amd64\ssmirrdr.sys
+ 2011-10-03 06:45 . 2011-10-03 06:45 32128 c:\windows\system32\DriverStore\FileRepository\ssmirrdr.inf_amd64_neutral_f60e4a3bb7f7b95a\nt_amd64\ssmirrdr.dll
- 2011-10-10 23:30 . 2011-09-01 00:00 25416 c:\windows\system32\drivers\mbam.sys
+ 2011-10-10 23:30 . 2011-09-01 01:00 25416 c:\windows\system32\drivers\mbam.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47 73280 c:\windows\system32\drivers\disk(39).sys
- 2011-09-25 21:57 . 2011-10-22 20:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-25 21:57 . 2011-11-05 23:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-25 21:57 . 2011-10-22 20:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-25 21:57 . 2011-11-05 23:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-22 20:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-05 23:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2011-10-22 20:35 87992 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-11-05 22:25 87992 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-25 00:28 . 2011-10-25 00:28 76200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 79776 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 15208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 27528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 56184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 91512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
+ 2011-06-20 07:19 . 2011-06-20 07:19 40960 c:\windows\Installer\5092b38.msp
+ 2011-01-25 00:17 . 2011-01-25 00:17 11776 c:\windows\Installer\5092b2e.msp
+ 2011-10-29 00:50 . 2011-10-29 00:50 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}\IconCD95F6617.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 34144 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\oisicon.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 42848 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\msouc.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 19296 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\cagicon.exe
+ 2010-03-13 08:04 . 2010-03-13 08:04 10104 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\XLCALL32.DLL
+ 2010-03-25 17:23 . 2010-03-25 17:23 36768 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\SOCIALPROVIDER.DLL
+ 2011-10-25 00:50 . 2011-10-25 00:50 28160 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\8301416694cb22f15077e6d433e59e2a\Microsoft.Office.Tools.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 55808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7ce7180a1e9ef37cd133a88e7cfa35ac\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 21504 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\f01fa762f59ae32d37fb4b0c9e331c98\Microsoft.Office.Tools.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 45056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\ac1e4a1b83bdb8c1ad39a54d0cb38bc4\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d1f2d3b5e187e3bc12ec2522bb845392\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 86016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9b2b2e2e66a51e68a2679339ce4e4a77\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\71a6663950cfe588237265f13a6a9f8f\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5b75d5795521241fb2344a38cf42f295\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\19a56cfd48276cdd930333131e029afe\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f49ab7f96c66031f641e2390ff85b71b\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cd2766ef74cee07c420507db80aed932\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b97304651681e8187cb08b85ee71af27\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\723bdb36a46e387e81a1326318f096fc\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\560af98e8232dfaa8f745112ed6b8be1\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\11036fb2ba3d7b70b7eb302b17254d65\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 83896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 63408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 77752 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 23976 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 62392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 32688 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 35256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 24496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
- 2011-10-23 22:48 . 2011-10-23 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-06 10:33 . 2011-11-06 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-06 10:33 . 2011-11-06 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-23 22:48 . 2011-10-23 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-29 05:06 . 2011-10-29 05:06 2734 c:\windows\Installer\{D29C595F-DF6D-4807-B0DE-C4B5C8DF226F}\_853F67D554F05449430E7E.exe
+ 2011-10-29 05:06 . 2011-10-29 05:06 2734 c:\windows\Installer\{D29C595F-DF6D-4807-B0DE-C4B5C8DF226F}\_65C29C26F8C88A20A08020.exe
+ 2011-10-28 14:27 . 2011-10-28 14:27 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-09-30 12:05 . 2011-11-03 08:54 296082 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-09-25 23:01 . 2011-11-06 16:18 440988 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-11-06 10:42 671730 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-22 01:57 671730 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-22 01:57 124966 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-06 10:42 124966 c:\windows\system32\perfc009.dat
+ 2011-10-28 14:27 . 2011-10-28 14:27 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_Plugin.exe
- 2009-07-14 05:30 . 2011-10-22 04:10 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-10-25 06:27 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-22 04:10 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-10-25 06:27 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:38 . 2011-10-20 18:18 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2011-10-28 11:16 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:01 . 2011-11-06 10:27 483236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-25 00:28 . 2011-10-25 00:28 397208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 133544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 201648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 163744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 141688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 341392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 139672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 171384 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 465304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 357272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.dll
+ 2011-10-26 09:44 . 2011-10-26 09:44 873984 c:\windows\Installer\742ebc.msi
+ 2011-10-26 09:44 . 2011-10-26 09:44 868864 c:\windows\Installer\742eb5.msi
+ 2011-10-26 09:43 . 2011-10-26 09:43 868864 c:\windows\Installer\742e9f.msi
+ 2011-10-26 09:43 . 2011-10-26 09:43 875520 c:\windows\Installer\742e98.msi
+ 2011-10-26 09:43 . 2011-10-26 09:43 885760 c:\windows\Installer\742e91.msi
+ 2011-10-26 09:44 . 2011-10-26 09:44 881152 c:\windows\Installer\742e8a.msi
+ 2011-10-26 09:42 . 2011-10-26 09:42 868864 c:\windows\Installer\742e6e.msi
+ 2006-09-07 01:09 . 2006-09-07 01:09 472064 c:\windows\Installer\67f3b5.msi
+ 2010-07-23 01:27 . 2010-07-23 01:27 288768 c:\windows\Installer\5092b24.msp
+ 2010-07-22 09:44 . 2010-07-22 09:44 248832 c:\windows\Installer\5092a63.msp
+ 2011-08-22 09:12 . 2011-08-22 09:12 133120 c:\windows\Installer\5092a16.msp
+ 2007-11-07 15:12 . 2007-11-07 15:12 232960 c:\windows\Installer\25be928.msi
+ 2011-04-29 03:27 . 2011-04-29 03:27 608768 c:\windows\Installer\14ca910.msp
+ 2011-10-29 00:50 . 2011-10-29 00:50 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}\IconCD95F66110.exe
+ 2011-10-26 09:43 . 2011-10-26 09:43 571232 c:\windows\Installer\{90140000-006E-0409-1000-0000000FF1CE}\misc.exe
- 2011-10-13 12:39 . 2011-10-13 12:39 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-10-25 00:24 . 2011-10-25 00:24 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 415584 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\pubs.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 303456 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\outicon.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 571232 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\misc.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 326496 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\joticon.exe
+ 2010-02-13 13:25 . 2010-02-13 13:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
+ 2010-03-30 03:30 . 2010-03-30 03:30 159088 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\ONENOTEMANAGED.DLL
+ 2010-01-10 04:51 . 2010-01-10 04:51 143736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\MSCONV97.DLL
+ 2010-02-28 09:24 . 2010-02-28 09:24 271736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\CLVIEW.EXE
+ 2011-10-25 00:51 . 2011-10-25 00:51 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\ff4466a4f4edd74967ffd68b32ed42fe\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\f244c79b2b74ce5d958992b035bcae5b\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\e3c203e0682e3d84c5abe2bbf67f36ee\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\431e8f8fb8c650e566bfff9fa1114690\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 864256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\1423e98c74015fd6dff8acb6672845d9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 232448 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\05e62412ad3f1f3f4b3cab5b35c61840\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7e0c3e59372160f90d0c17225f5c0e1a\Microsoft.Office.Tools.Outlook.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7da8e01276e9763783ff11a7ae146c5f\Microsoft.Office.Tools.Common.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 408064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7c41f7ee7db50ca05e4bfafe9d2f94eb\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\14b878bd3fdd08127dd20c7cf94173f2\Microsoft.Office.Tools.Excel.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e425a2bfd8281ff959f0f4b7884a9bdf\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bac77175ca598fa44c64861a18b182ec\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b508c1a8715fa22d8a1a25c8bc4366bd\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8fc3954eda901e8c39e4731af5d6426e\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8efedc192ad140d96b00a9edf76951e6\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\755ed0463f475a65ec459d2f4f67391a\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\f8c5c0de2a2bd3c0569d384d4d757660\Microsoft.Office.Tools.Common.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 864768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\b4128a477f244d3b4fbcdf6c539a0226\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\a58b1c7c833e65136ad5ec1cf51b7c3c\Microsoft.Office.Tools.Word.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\2fd58f62cdc51045961d969a58740fe9\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\1d01c36fea73905edcd30231fd50de91\Microsoft.Office.Tools.Outlook.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\0fef4345375db0c723a1bb8be585c0d1\Microsoft.Office.Tools.Excel.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\decc2b5bc04141ba4044a81ae2245ba9\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\ccf9101fd4b39730d243f55c1a96d875\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bab8b770342bef1373dd65a6cd97ae95\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b8da204e5f1d026178f081d6b3a3db54\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9a21875685b69e8e82099ce51c2eee66\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\75efd918615705fa0081fcf2d76f8ff5\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\65c3b9746c2c5c232e034ac1cac13c41\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\4dcee46c4687e1bf368288f89b017861\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e29fcbc5cb55983d0f0e7deaba15d1fe\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\96c9f4776983ce5117071c54957ca686\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\81e792f48d3c097d39924b553d49b82e\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6aed22875a2d7f279fe80f6eba524b7e\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3cfcbb95bc13892434609fb0372c2e83\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2011-10-25 00:48 . 2011-10-25 00:48 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\193931d8a264d135001ea449464b9383\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\14c004acbf02bd8f341bb1328d56e270\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 363936 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 193472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
+ 2011-10-25 00:28 . 2011-10-25 00:28 153008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
+ 2009-07-18 03:21 . 2011-10-28 14:27 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2010-10-20 19:44 . 2010-10-20 19:44 1207656 c:\windows\SysWOW64\FM20.DLL
+ 2009-07-14 04:45 . 2011-10-31 00:57 4985408 c:\windows\system32\FNTCACHE.DAT
+ 2010-02-21 00:20 . 2010-02-21 00:20 1603944 c:\windows\system32\FM20.DLL
- 2009-07-14 04:45 . 2011-10-20 18:05 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-02 02:09 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-15 19:09 . 2011-11-03 11:11 3345436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-11-02 01:48 . 2011-11-02 01:48 2830336 c:\windows\Installer\a56f3ef.msi
+ 2011-11-02 01:48 . 2011-11-02 01:48 8544256 c:\windows\Installer\a56f3eb.msi
+ 2011-10-26 09:47 . 2011-10-26 09:47 1992192 c:\windows\Installer\742ed2.msi
+ 2011-10-26 09:44 . 2011-10-26 09:44 2522624 c:\windows\Installer\742eca.msi
+ 2011-10-26 09:44 . 2011-10-26 09:44 2513920 c:\windows\Installer\742ec3.msi
+ 2011-10-26 09:44 . 2011-10-26 09:44 2517504 c:\windows\Installer\742eae.msi
+ 2011-10-26 09:44 . 2011-10-26 09:44 2503680 c:\windows\Installer\742ea6.msi
+ 2011-10-26 09:43 . 2011-10-26 09:43 2865664 c:\windows\Installer\742e83.msi
+ 2011-10-26 09:43 . 2011-10-26 09:43 2506240 c:\windows\Installer\742e7c.msi
+ 2011-10-26 09:43 . 2011-10-26 09:43 2503680 c:\windows\Installer\742e75.msi
+ 2011-10-26 09:42 . 2011-10-26 09:42 3702272 c:\windows\Installer\742e67.msi
+ 2011-11-04 17:13 . 2011-11-04 17:13 7577600 c:\windows\Installer\66cf85f.msi
+ 2011-07-21 20:42 . 2011-07-21 20:42 3222016 c:\windows\Installer\5092b52.msp
+ 2011-08-16 06:56 . 2011-08-16 06:56 3445760 c:\windows\Installer\5092aea.msp
+ 2011-01-14 18:53 . 2011-01-14 18:53 9680896 c:\windows\Installer\5092a9a.msp
+ 2011-03-18 02:37 . 2011-03-18 02:37 1758720 c:\windows\Installer\5092a79.msp
+ 2011-07-21 20:52 . 2011-07-21 20:52 5418496 c:\windows\Installer\5092a2d.msp
+ 2011-08-22 09:11 . 2011-08-22 09:11 1859584 c:\windows\Installer\5092a0d.msp
+ 2011-07-19 05:25 . 2011-07-19 05:25 3138560 c:\windows\Installer\3fb4560.msi
+ 2010-07-15 02:10 . 2010-07-15 02:10 2818048 c:\windows\Installer\3ed4247.msi
+ 2011-04-29 03:26 . 2011-04-29 03:26 3994624 c:\windows\Installer\14ca7a3.msp
+ 2011-04-29 03:26 . 2011-04-29 03:26 2426880 c:\windows\Installer\14ca762.msp
+ 2011-10-26 12:56 . 2011-10-26 12:56 2930688 c:\windows\Installer\126766f.msi
+ 2011-10-26 09:49 . 2011-10-29 10:23 1479520 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\xlicons.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 1858400 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\wordicon.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 5486432 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\promoicon.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 3792736 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\pptico.exe
+ 2011-10-26 09:49 . 2011-10-29 10:23 1449312 c:\windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\accicons.exe
+ 2010-03-25 03:30 . 2010-03-25 03:30 1479520 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\XLICONS.EXE
+ 2010-03-27 15:45 . 2010-03-27 15:45 6810456 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\WRD12CNV.DLL
+ 2010-03-25 03:29 . 2010-03-25 03:29 1858400 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\WORDICON.EXE
+ 2010-02-18 04:56 . 2010-02-18 04:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\WKCONV.EXE
+ 2010-03-27 15:59 . 2010-03-27 15:59 1423192 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\WINWORD.EXE
+ 2010-03-25 17:23 . 2010-03-25 17:23 2508672 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\SOCIALCONNECTOR.DLL
+ 2010-03-25 03:30 . 2010-03-25 03:30 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\PPTICO.EXE
+ 2010-03-30 15:35 . 2010-03-30 15:35 1583472 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\ONFILTER.DLL
+ 2010-03-30 15:35 . 2010-03-30 15:35 2131296 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\ONENOTE.EXE
+ 2010-03-01 12:22 . 2010-03-01 12:22 3114368 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\GKWORD.DLL
+ 2010-03-01 12:22 . 2010-03-01 12:22 2780032 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\GKPOWERPOINT.DLL
+ 2010-03-01 12:22 . 2010-03-01 12:22 4563328 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\GKEXCEL.DLL
+ 2011-10-25 00:51 . 2011-10-25 00:51 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\e7143b32c801701b96229026e6a848d4\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2011-10-25 00:50 . 2011-10-25 00:50 1117184 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\e00916dc41d9b9ddc7ce8d6515e95f84\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 2034688 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\25cdcd89db9159e8b20789923aea4d2e\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2011-10-25 00:51 . 2011-10-25 00:51 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\027bac94fcf73a9bf17802dc66182095\Microsoft.Office.Tools.Word.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\74c63bb16383d8fc029a041e36bc6a3e\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2011-10-25 00:49 . 2011-10-25 00:49 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\2a14d35f41a7585758cc30ce43150eb9\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2011-10-28 14:27 . 2011-10-28 14:27 11328672 c:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll
+ 2011-09-25 23:55 . 2011-11-06 10:27 16956480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1926782572-22229150-3017687675-1000-8192.dat
+ 2011-09-25 15:37 . 2011-11-06 10:27 34691972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1926782572-22229150-3017687675-1000-4096.dat
+ 2011-09-25 15:37 . 2011-11-06 10:27 11793280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1926782572-22229150-3017687675-1000-12288.dat
+ 2010-08-13 20:16 . 2010-08-13 20:16 39978496 c:\windows\Installer\7cc22b1.msp
+ 2011-10-26 09:45 . 2011-10-26 09:45 29962240 c:\windows\Installer\742f3f.msi
+ 2011-07-21 20:44 . 2011-07-21 20:44 65792512 c:\windows\Installer\5092b6c.msp
+ 2011-03-08 21:12 . 2011-03-08 21:12 48317952 c:\windows\Installer\5092b0c.msp
+ 2010-11-11 07:36 . 2010-11-11 07:36 14808064 c:\windows\Installer\5092af3.msp
+ 2011-07-21 20:48 . 2011-07-21 20:48 10101248 c:\windows\Installer\5092ad4.msp
+ 2011-06-20 07:13 . 2011-06-20 07:13 22633984 c:\windows\Installer\5092abd.msp
+ 2010-08-13 20:16 . 2010-08-13 20:16 39978496 c:\windows\Installer\5092ab4.msp
+ 2011-07-21 20:59 . 2011-07-21 20:59 19958784 c:\windows\Installer\5092a44.msp
+ 2011-10-22 23:00 . 2011-10-22 23:00 24296448 c:\windows\Installer\30f99b2.msi
+ 2011-10-28 21:18 . 2011-10-28 21:18 13148160 c:\windows\Installer\24fa330.msi
+ 2011-04-29 06:28 . 2011-04-29 06:28 16972800 c:\windows\Installer\14ca946.msp
+ 2011-04-29 06:28 . 2011-04-29 06:28 11056128 c:\windows\Installer\14ca934.msp
+ 2011-04-29 03:34 . 2011-04-29 03:34 11155456 c:\windows\Installer\14ca924.msp
+ 2011-04-29 03:27 . 2011-04-29 03:27 14467072 c:\windows\Installer\14ca7b2.msp
+ 2011-04-29 03:27 . 2011-04-29 03:27 13031936 c:\windows\Installer\14ca791.msp
+ 2010-03-13 08:08 . 2010-03-13 08:08 24994656 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\XL12CNV.EXE
+ 2010-03-27 15:59 . 2010-03-27 15:59 25109848 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\WWLIB.DLL
+ 2010-03-09 17:01 . 2010-03-09 17:01 15603560 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\PPCORE.DLL
+ 2010-03-30 15:35 . 2010-03-30 15:35 13886312 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\ONMAIN.DLL
+ 2010-03-13 07:07 . 2010-03-13 07:07 19196280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\OARTCONV.DLL
+ 2010-03-13 22:24 . 2010-03-13 22:24 30315880 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-13 22:09 . 2010-03-13 22:09 28232544 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000100000000F01FEC\14.0.4763\EXCEL.EXE
+ 2011-04-29 03:33 . 2011-04-29 03:33 425345024 c:\windows\Installer\14ca908.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctOTU0MDk1NDgwLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1869&mid=0878e5123b0e47d1a83c7a7" [?]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\Amys\START MENU\Programs\Startup\AutorunsDisabled
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xfinity Signature Support Desktop Application]
@="Xfinity Signature Support Desktop Application"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WMService;WMService;c:\program files (x86)\T55\WinMate\WMService.exe [2011-02-14 417280]
R2 Xfinity Signature Support Desktop Application;Xfinity Signature Support Desktop Application;c:\program files (x86)\Xfinity Signature Support Desktop Application\esService.exe [2011-09-07 913816]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [x]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\DRIVERS\bthprint.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-06 79360]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys [x]
R3 KFilter;KFilter;c:\progra~2\AVANQU~1\SYSTEM~1\KFilter.sys [2011-09-09 45968]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]
R3 TFilter;TFilter;c:\progra~2\AVANQU~1\SYSTEM~1\TFilter.sys [2011-09-09 36192]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Premier Elements 10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
R4 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840]
R4 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R4 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R4 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R4 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R4 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R4 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R4 cpuz134;cpuz134;c:\users\Amys\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R4 PORTMON;PORTMON;c:\users\Amys\Desktop\SYSINT & Others\PORTMSYS.SYS [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-14 1155704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111104.030\IDSvia64.sys [2011-09-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 .AVQWindowsMonitorService;SystemSuite Process Monitor;c:\program files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe [2011-09-09 288000]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-27 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-26 136824]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29457217
*NewlyCreated* - ASWMBR
*Deregistered* - 29457217
*Deregistered* - aswMBR
*Deregistered* - Avgldx64
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\system32\blank.htm
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
FF - ProfilePath - c:\users\Amys\AppData\Roaming\Mozilla\Firefox\Profiles\isrg4mmr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AutoWinRarZip - c:\program files (x86)\AutoWinRarZipInstall\AutoWinRarZip.exe
Toolbar-Locked - (no file)
AddRemove-Office14.SingleImage - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0093040BB0258D14E86D6B933B2B9E81\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft_Trinity_Excel_dll_80669_80669_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10023"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0283E042C21402145B5FA1646BBB1592\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="IECONTENTSERVICE.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10413"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\02D0E27E36D0B834CB1729BAF9E9B845\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="POWERPNT.EXE"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10409"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\02D80E3DE599CAA4F8E52D3D9448E22E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{EDF9874C-9E37-4110-9FC3-094247E114DF}"
"MediaCabinet"="PATCH_CAB"
"File"="SOCIALCONNECTOR.DLL"
"ComponentVersion"="14.0.6109.5001"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10466"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\02FCF8ABD92A8B34F8AA1B34B25D0955\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_msosec_xml_1_____X86.3643236F_FC70_11D3_A536_0090278A1BB8"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\034E942C51E4988488EFC09AB0D80011\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10017"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\034E942C51E4988488EFC09AB0D80011\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_VSTOMessageProvider_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10054"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\04939F7CA5722D24896AEABE227F693A\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSTORDB.EXE"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10289"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\05CEA9EC5FEA8574EA748DE4ABC952AD\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ODFFILT.DLL.x86"
"ComponentVersion"="2010.1400.6019.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10427"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\06067B7D4EC6B624D9E8913001B0CF70\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.Office.Tools.Word.Adapter_Pipeline.v10.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10065"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\072958416F021494BBDF2E9AB7E91D6D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOWordImpl_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\08AB3036FE3E1D64DB37C959DDBC635C\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10015"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\08AB3036FE3E1D64DB37C959DDBC635C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10053"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\08B4F56D45EE76C45ADF93B8C9DA0CC6\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="EMSMDB32.DLL_0005"
"ComponentVersion"="14.0.6025.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10348"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\094022EC42BC99740A0896C868826FB3\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="PROMO.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10455"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\09BEEFA746BE37B438A6B2F351A80868\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSODCW.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10084"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0B7056D85BE27CB43A27E7503FF2EA6F\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10029"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0B7056D85BE27CB43A27E7503FF2EA6F\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="vsto_shared_vstoee_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10101"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0B75C6FCFEF39CB49B3F37FBB86726C0\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CORBEL.TTF"
"ComponentVersion"="5.61.0.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0BBDB966EB3417047ABF4B25015BC855\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v10_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10027"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0C38DDC0001EFA24C9C6FD2429A0A807\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOOutlookInterfaces_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0E00D668A6E772B4BA2A3747B3821A47\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="QP.DPV"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0F2A7E907B078294BBD356DC8840852C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="EXP_XPS.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10286"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\104ECBD48FB74DF44BBBB7E0FBCA89D2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONBTTNPPT.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10416"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1310AF93A24288141B507C85EA5F5178\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="VPREVIEW.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10342"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\13A31C284359A9136A90E7B8EFC2DFBB\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_policy.30729.4148.policy_9_0_Microsoft_VC90_MFC_x86.QFE.71F730CE_8B24_3BC2_83EA_36396DE29B9E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\169308B6ECCB7C9409A57C64330E9103\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_MSVSTOAppInfoDocument_GAC_v9_x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10034"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1816E7DBFAE81D119A1F000679BDFEDC\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="WB00516L.GIF"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1982085E3AB56B140A3827AF84FFA8CD\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ASCIIENG.LNG"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1B1CE6A9E646B1544A15BC039B124CF5\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MISC.EXE"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10377"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1BEF2E9B13536084DBE2F1D2C9CCF79B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}"
"MediaCabinet"="PATCH_CAB"
"File"="OART.DLL"
"ComponentVersion"="14.0.6106.5005"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10456"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1E89579F121CBF742BCED8DDCE579222\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTARuntime_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1F634A93F525C9D4595E106D280FBF52\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.AddInAdapter_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10066"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\6C184F62EBD8B8F4D9D81705182CA3ED]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="10.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\8F7463F0D15ECCF48826A9D8C0A5FC52]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="8.0.50727"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\9FA945EEAAF84854382BCE1FCBD91CFF]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="10.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FC84038432ED25479C333AF44F339EF\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="PTXT9.DLL"
"ComponentVersion"="14.0.6022.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10452"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2024ACD68DA31964A9A31139E0EC70F0\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PG_INDEX.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2168143289C7B204EAC64F97D787D2B1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.AddInAdapter_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10075"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\21B41DCD782B16A4FB93C7E448906696\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Office.Contract.dll_GAC_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10018"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\238A0BCBD3DCCDB499B8892EBC667422\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTAHosting_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\245B6465E1D4AE2438C268D3D53A86AB\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="SETUP.EXE"
"ComponentVersion"="14.0.6010.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10295"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\24917672C895F314FAA0BE471AE04798\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft_Trinity_SmartDocs_dll_80362_80362_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10024"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2562336682C91B850AF18C3B9B1A1EE8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.66332652_9C28_58B1_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\26ACD19CF6B4E524BA0AAD6336BA0A97\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="IEAWSDC.DLL.x86"
"ComponentVersion"="14.0.6100.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10265"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\29F8481B6A8A74848B0EC6F286D71140\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="rtscom.dll.99741D6B_FCC2_4B3D_83AB_413A37786D04"
"ComponentVersion"="1.7.6223.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2ABF341BA7FCA4B41AB34F5CF72C05B9\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPTIRM.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2B940B0EF356E2A4F8538BE5E81F1A1F\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="SCANPST.EXE_0002"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10368"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2C4FF92F6793EEB49B8DBC32B68DC3CF\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="EMABLT32.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10375"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2D1D746BE14ECD449B5C8C9520290487\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OLKFSTUB.DLL.x86"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10390"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2D762436AF7B6B543820741456BDAF60\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="EXP_PDF.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10001"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2F50513B3C6BA2446BDDBA96E27B5460\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_GAC_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10013"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3178D6A16119EA44AB06C40F8E1C5DB8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="DW20.EXE_0001"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10337"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\328C92F06101B774CB718C307BFF4064\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.Runtime.v10_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10072"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\35750758D0E3C7246B2831DB6D982B11\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AG00004_.GIF"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\35A398BD482B8D84280AD2765D8C0C1C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OARPMANY.EXE"
"ComponentVersion"="14.0.6022.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10093"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\361923C4E76385C438E8C873B8144CF2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="SELFCERT.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10329"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\379E92CC2CB71D119A12000A9CE1A22A\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FM20.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10336"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3A6D2077B64803E30B7837065053EB74\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_policy.30729.4148.policy_9_0_Microsoft_VC90_ATL_x86.QFE.36F772C3_DEA7_32C0_AD18_338903366207"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3B3A6627984E33145AC9E9300A51E062\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ACERCLR.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10306"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3B848CAE004FA8E4B95AD944F72B5D68\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll_Pipeline_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10016"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3C2FF77B9B5E1D11F82800008FA78393\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="BOAT.WMF"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3C727F747BB5E144884E81C1DBC4968D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}"
"MediaCabinet"="PATCH_CAB"
"File"="OARTCONV.DLL"
"ComponentVersion"="14.0.6106.5005"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10457"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3F19D822036D95A4C90430E9EE95833E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="EXLIRMV.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3F1D8A3A590C6F84C95874449F452985\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="XLCPRTID.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3FBE6794382795F46916DAEE0D3AECC1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="MSO0127.ACL"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\40E20BA4E3B030A42B5C4F617577967F\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="MAIN.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4250C4F2C091BDB498501B20CF734A70\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{294BAA9E-9209-497F-A71F-7E52EFB194D4}"
"MediaCabinet"="PATCH_CAB"
"File"="XL12CNV.EXE"
"ComponentVersion"="14.0.6106.5005"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10460"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\429AD28E0F170CA41943791FBC58FB5B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_MSVSTOExcelHostAdapter_GAC_v10_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10039"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\42F1E9AF3ECCEE443A80AFBF0C9085A1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CANDARA.TTF"
"ComponentVersion"="5.61.0.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\43127487E127FCC46B87EEE24C8B1BB1\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10031"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\43127487E127FCC46B87EEE24C8B1BB1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10102"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\437BB137699EF90439C2C4CF29FCAE71\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OFFOWC.DLL"
"ComponentVersion"="14.0.6022.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10326"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\444CDB622AA8ED84B8C7B23A4E05306A\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="APEX.EFTX"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.


[ POST WAS TOO LONG, I HAD TO SPLIT IT IN TWO OR MORE. THE COMBOFIX REPORT CONTINUES IN MY NEXT REPLY ]

#15 - Amy -

- Amy -
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Los Gatos, California
  • Local time:02:16 AM

Posted 06 November 2011 - 03:27 PM

[ POST WAS TOO LONG, I HAD TO SPLIT IT UP. THIS IS SEGMENT #2 ]

.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\44F31BC6A063DF042BA12B488D7F4954\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="WORDIRMV.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\45613AFAE1635B33E95D40A9869823C5\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_mfc90.dll.30729.4148.Microsoft_VC90_MFC_x86.QFE.1B1242B0_08E9_3D59_826D_ADAA4BB763B5"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\45613AFAE1635B33E95D40A9869823C5\CFD2C1F142D260E3CB8B271543DA9F98]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_mfc90.dll.30729.4148.Microsoft_VC90_MFC_x86.QFE"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="9.0.30729"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\45FFFDBBEAB996B40850F58D7F8AE5E4\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10070"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\46F95CDFF13CE474EB51E07777B04493\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Applications.Contract.v10_Pipeline_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10014"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\47510E0B2F85BAB468FE70E7CA35138D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OUTLRPC.DLL"
"ComponentVersion"="14.0.6016.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10363"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4821C69D85691B240B4C7689CF990C62\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ASMAIN.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10373"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\489BF04F9B6459E4DB0EA2FC65A7E994\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_MSVSTOWordHostAdapter_GAC_v10_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10049"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\49DFBA7AF457A8B4EBD5783F921FACC2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{A8686D24-1E89-43A1-973E-05A258D2B3F8}"
"MediaCabinet"="PATCH_CAB"
"File"="GKEXCEL.DLL"
"ComponentVersion"="14.0.6106.5000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10463"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4A03ED8C90BFC54499EF7E4BAD33D4CF\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft_VisualStudio_Tools_Applications_Hosting_v9_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10028"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4AAD4068086995D458A8E26BEDDD7E66\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.AddInAdapter_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10067"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4AFC55126308D32438EED59806D01BC9\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{A8686D24-1E89-43A1-973E-05A258D2B3F8}"
"MediaCabinet"="PATCH_CAB"
"File"="GKPOWERPOINT.DLL"
"ComponentVersion"="14.0.6106.5000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10464"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4D18DE905BD78FC48A594175D75DF03C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OFFICE.ODF"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10000"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4D20090C39D3A434E8C9BE7239075265\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_Pipeline_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10021"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4DD1D06EF40BA3D4E9D6360A4D8D4E1F\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.AddInAdapter_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10074"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4F4EC0EAAF13162448A66E670EF5DDE1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTAServerDocument_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4F69314F613FD7747826BB7149B94BFA\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONBTTNIE.DLL.x86"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10414"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4FA7F6674872AF0428E362CD907DC1C0\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSPROOF6.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10318"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\51A671B51CAD15A4D89266380338AE21\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSVSTOAppInfoDocument_Addin_v9_x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10089"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\52810A6F5092B444BB85AEC32C509F75\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OISAPP.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10333"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5564B58E1AFD50B44AED6BBDF90706CE\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONLNTCOMLIB.DLL.x86"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10393"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\57634D5732AA1D11A9CC0006794C4E25\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="VBE6EXT.OLB"
"ComponentVersion"="7.0.16.19"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10340"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\576C4383739D60740AD1C4D7DFE46C9C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_MSVSTAAddInAdapter_Pipeline_v10_enu_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10030"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\589E171CA2B916046AE88C49D4A79AC0\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="COLORSCHEME_APEX.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\59ABA340D3F15A947A14E3A25A3AA2D8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONBTTNIELINKEDNOTES.DLL.x86"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10391"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5ACEC4F65148A7A4B96E3FD28D10FE96\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AS_ClientMsmgdsrv_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC"
"ComponentVersion"="10.0.2733.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="1"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5AEF719448B58AC409CF5A58600C2302\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ENVELOPE.DLL"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10349"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5BF322F6882065A4FBC46836FB5BDE8B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft_Trinity_Word_dll_80672_80672_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10025"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5CBBBC43B2852C1438D68CD56A2D5910\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CAGCAT10.MMW"
"ComponentVersion"="10.0.0.5099"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5DB994C18AA8C2D408741CAFF912E052\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOCommonInterfaces_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5F49A35FAE1D0584B9A15E3EBD226FE4\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="MAPLE.GIF"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\606BBED41CB7A4B4280AFF1D491F9CE8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Office.Contract.dll_Pipeline_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10019"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\61BFB0215F180554AB9CEBF46A1E2CE2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FPWEC.DLL.x86"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10321"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6249068E1E0BE644CA9C342F18D16C52\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AS_xmlrwbin_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC"
"ComponentVersion"="2.0.3609.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="1"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\638BAF8FEC5E9F645963D084A26A0B2D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OIMG.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10327"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6391320068D22E54FBA57ACC0205B2CC\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOWordInterfaces_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\639AF1427AC9C994983F6C1E1C4A6D2D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="USP10.DLL_0002"
"ComponentVersion"="1.626.7600.20796"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10098"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\645F63C966C865A4BAA63D38707237AF\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSVSTAServerDoc_GAC_x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10088"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\64A398F1261E29D4E8A2E6B265A80F16\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="APPLAUSE.WAV"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\652A08B235C6DFF4C8CD41B52DE68CA4\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="InkDiv.dll.8F02A4B3_A7D7_4F8C_87BE_FAF06999D9A2"
"ComponentVersion"="1.7.2600.2180"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\681A084B627F31A4C8689BB2EE943B01\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_MSVSTOOutlookHostAdapter_GAC_v10_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10042"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\68886026B4B4F1F40AAAF8DE0EA5B223\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10025"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\68886026B4B4F1F40AAAF8DE0EA5B223\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="vsto_shared_typelib100_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10099"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6C9A6F846E2818A47A408CAF13381C71\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="PORTCONN.DLL.x86"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10094"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6CB193EC3DEAC4342BA3790465B7B00B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PPTIRMV.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6CC97BE963F08AA49BA8D7C6BF0CD115\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="IMPMAIL.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10351"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6D166A0282363C24A91D8B5B2B005947\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10077"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6D46052BBB77B1B44BCC8FDE5FC0B7D6\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_MSVSTAAddInAdapter_GAC_v10_enu_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10029"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6DCE1F8390620D240AC398BC1EDE6BE9\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="CONTAB32.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10346"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6F949E36CB3004C50AF18C3B9B1A1EE8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.63E949F6_03BC_5C40_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7000731CC79D0644E87510B086DA4065\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONSYNCPC.DLL.x86"
"ComponentVersion"="14.0.6016.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10395"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7122F57A45DA6AE3EA412F558F665013\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_atl90.dll.30729.4148.Microsoft_VC90_ATL_x86.QFE.0901F145_82C9_3BF6_A91B_31F6791950EA"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7122F57A45DA6AE3EA412F558F665013\CFD2C1F142D260E3CB8B271543DA9F98]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_atl90.dll.30729.4148.Microsoft_VC90_ATL_x86.QFE"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="9.0.30729"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\723C2F65179512E4D80BD2034028D528\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="URLREDIR.DLL.x86"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10328"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\72E0085ADACDA254783AD4FD5A106214\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.AddInHostAdapter.v10_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10076"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\767C7256DAAC3E845B6CCFE8E3DB4D2B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OISGRAPH.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10334"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\784C3ED02276AD2408271BE21E8EC807\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.AddInBase_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10069"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\798C8F26953DF8D46995FCE1E9E3B647\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONENOTE.EXE"
"ComponentVersion"="14.0.6022.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10418"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A76828A9BC56BF40ABAB3A3B530EB5C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{EFB525A0-E1C0-4E32-9968-FE401BC87363}"
"MediaCabinet"="PATCH_CAB"
"File"="STSUPLD.DLL_0001.x86"
"ComponentVersion"="14.0.6106.5001"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10469"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C6F00615A04BCB46900B7E1BC2253AB\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONFILTER.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10392"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7DA776849268E1E4485FFF5A043FF1CD\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="WORDIRM.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7F347FB0451A9704287ABB502B344EED\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10071"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\80EDA8F656FB006448BF06CFEF8BFC4E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="VBE7.DLL"
"ComponentVersion"="7.0.16.19"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10335"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\818AED26EAB038A4BB72C55277E8CE84\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="CSI.DLL.x86"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10315"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\818BC40DA5B0E084DAC4217FF842FF22\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CONSOLA.TTF"
"ComponentVersion"="5.22.0.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\821B099E87A7C0C4D924CC21E8E02D00\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OUTLVBS.DLL_0001"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10364"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\822359BE8644B234E9C08A0B2DCE2A1D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10082"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8420370EE47FE754CA5A8ACFDD374684\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CAMBRIA.TTC"
"ComponentVersion"="5.96.0.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\84C5B24201A8BCD4AA22DA27F54CDD3A\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="EXLIRM.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\86222B901F1DA824F8C372E62849C619\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll_GAC_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10020"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\862DF3DD958F5DD4EAF488EBF3A87FCA\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft_Office_Tools_Outlook_dll_134881_134881_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10022"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\869F36E6B179AC64ABEF2D2F913180E1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="DGACCBAR.DPV"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\86EE1DEB37E43BC4896128BBFE2A7072\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{A8686D24-1E89-43A1-973E-05A258D2B3F8}"
"MediaCabinet"="PATCH_CAB"
"File"="GKWORD.DLL"
"ComponentVersion"="14.0.6106.5000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10465"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\872CEF74B3BDAF547B6E038730A0CAEC\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="XML2WORD.XSL"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\87FA5D886C9174D44BCEB5FA380DE229\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ACECORE.DLL"
"ComponentVersion"="14.0.6023.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10298"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\88B4F55633DD3F4428CD32386E14F8AE\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOExcelInterfaces_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8A15E1E73BD24C04091A13146ED61992\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOOutlookImpl_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8AB074502C5B91B47BCB67E42AE529D1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="VVIEWER.DLL.x86"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10344"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8B57649A6FDD76A429AD0A781B759C23\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="WWLIB.DLL"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10399"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8B90BDC1AB855B643B43F08361D7A31C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ACEDAO.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10299"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8CA4A2DD729380043B0800BB8E938117\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="DWTRIG20.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10338"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8D6F4C562C6B3FD4D939261F062F917D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOContainerControl_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8DAB761F8C7AA3342902F14B513257A0\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="UMOUTLOOKADDIN.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10394"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8DD31FFC2FE6BE942B563EFB6C05C1D1\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OUTLOOK.EXE"
"ComponentVersion"="14.0.6025.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10361"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8DED80AD2D60BD147A8261776E2DA102\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="NAME.DLL.x86"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10296"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8E916D3630859CD4996BA160C4A5C178\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AS_ClientSql2000_xsl_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="1"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8EA51B00DB97EA24FA20C5F31E3A8CC3\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSPST32.DLL_0004"
"ComponentVersion"="14.0.6025.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10354"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8F175CF4803FEBE4CBF117E59186DF5E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CHSETTBL.CHR"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\91021713E8EB61046B817E7F7612D16D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OMSMAIN.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10356"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\92B7D0DC7E985C94E81ED558E8FF5239\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSPUB.EXE"
"ComponentVersion"="14.0.6026.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10450"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\94BE92CC2CB71D119A12000A9CE1A22A\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSLID.DLL"
"ComponentVersion"="3.1.0.14709"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10322"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\97011C9CE5BB00745B23A9A8A23A272D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FONTSCHEME_APEX.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\971EB058A25E9B44288EE36CC920AA16\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10078"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98BB4106D7EB18340BA5D41B6819DE89\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OUTLCTL.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10359"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98BF005F7386F1D4BBAB90604CC0D397\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AMERNET.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98C6F8355DA2600418456C7670479E08\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{294BAA9E-9209-497F-A71F-7E52EFB194D4}"
"MediaCabinet"="PATCH_CAB"
"File"="EXCEL.EXE"
"ComponentVersion"="14.0.6106.5005"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10459"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9B5EF1413E313ED4698C8EC517AE4613\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="GRAPH.EXE"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10290"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9BB8A76146A1B263E890F48D1B0F01E8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_mfc90cht.dll.30729.4148.Microsoft_VC90_MFCLOC_x86.QFE.1D3B0A01_2635_3323_932D_3D66D5C4B0FD"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9BB8A76146A1B263E890F48D1B0F01E8\CFD2C1F142D260E3CB8B271543DA9F98]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_mfc90cht.dll.30729.4148.Microsoft_VC90_MFCLOC_x86.QFE"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="9.0.30729"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9DA7BAFB053D9AE41AE7AAC762F84E26\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="GFX.DLL"
"ComponentVersion"="14.0.6019.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10291"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9F2A06053712E8D418882A785CA3CF3C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OSETUP.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10272"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9F5FAA0D36CC11B4BAC899501E2B906D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ENGDIC.DAT"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A1B912CAD79A36A4EA6D479A982E5000\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONBTTNOL.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10415"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A260BB520CD79BB4BBBD7E4AAA7CE7F9\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="CNFNOT32.EXE_0004"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10345"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A606E58BDC0E27D4B8B54D2B6CEF90D2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="CDLMSO.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10313"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A609E893B628DD84791945C946C9CA5E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{EEB4DDD0-08EA-4787-BDAB-D38D67A35CD5}"
"MediaCabinet"="PATCH_CAB"
"File"="MSO.DLL.x86"
"ComponentVersion"="14.0.6106.5005"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10468"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A8CD4AD91379E0F3B85DCF71AC8684DA\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr90.dll.30729.4148.Microsoft_VC90_CRT_x86.QFE.AA2EBBCC_4E3B_3442_865E_7BB3E9F45F0C"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A8CD4AD91379E0F3B85DCF71AC8684DA\CFD2C1F142D260E3CB8B271543DA9F98]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr90.dll.30729.4148.Microsoft_VC90_CRT_x86.QFE"
"ComponentVersion"="9.0.30729.4148"
"ProductVersion"="9.0.30729"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AFDDE1E77A002D11F8A800008FA78393\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="DD01366_.WMF_0001"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B002518EE7DB7F5478807789879B0533\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="APA.XSL"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B1421BF403791FD48BB3E1C9BF37AA4E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSVSTOContainerControl_GAC_v10_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10090"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B2081AEB0A404534FA913823B8A50C92\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTORuntime_GAC_nomaf_runtime_internal_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B3255D51ECD7F884995777D58CD520FF\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="BROCHURE.DPV"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B4D478507D72E0E4FBB46E036564A857\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10013"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B4D478507D72E0E4FBB46E036564A857\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_VSTOInstallerUI_enu_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10052"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B501EE07240A4374DA8D0E24930DEB62\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTORuntime_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B78A050C551DE4846A08929C7D937B84\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OIS.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10332"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B7ED126C30B720344BE78CD79ED52A4F\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="OLKIRM.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B9F7D3B7004AD3F4B80FD1F60EBAA23F\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PKEYCONFIG.COMPANION.DLL.CLIENT"
"ComponentVersion"="14.0.4730.1010"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BB17DF16A9A6C9B4F8879ED18A9824D2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOCoreInterfaces_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BD60CC015570EE94C8F423000D07C619\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="VVIEWDWG.DLL.x86"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10343"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C2241DC809500474BA6FAFE555C34C92\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="INTLDATE.DLL_0001"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10057"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C38D8569C7FFC3A4CAE09EE12EDEFD0D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSOUC.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10087"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C4201591CC18C204A842DF6239645087\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AS_msolui100_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC"
"ComponentVersion"="10.0.1600.22"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="1"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C59B781CAE8398C48A17F018A63738A2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSVSTORuntimeCommon_GAC_x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10091"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C6336D9C12F9F7049AEE63CFDD931EFB\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="PEOPLEDATAHANDLER.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10287"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C67B299ACF35ED943B8445CE2177378B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OUTLMIME.DLL"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10360"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C67C1D6AF2B545D468285937E8883BCA\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="STSLIST.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10284"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C69541C5D30000007B054852F5369A15\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="PACKAGE.XML_90003D00000000"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C69541C5D30000007B054852F5369A25\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="SETUP.XML_90003D00000000"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C6CC0C8D3F3F7264FB83B4CCD0F8E87D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="OMML2MML.XSL"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C76D0AA7C3757AD48B4102D64C75695E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AS_msolap100_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC"
"ComponentVersion"="10.0.2733.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="1"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C77E5F9194A134149A9EED8491AD67BB\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONENOTEM.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10419"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C825D7820D974254FB1A1A513B8D4070\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOV4Framework_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C893F08C9E8049A45B3D17BE8154AE64\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OWSCLT.DLL_0001.x86"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10314"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C96CA2B20FFE6E143816AE947ABDC60D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AS_xmlrw_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC"
"ComponentVersion"="2.0.3609.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="1"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CB634FD2D4CDD7F4D9662185FA1F9F94\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.Runtime.v10_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10073"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CBC0D287555E2B94BBC669AA56DD3E50\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AUTHOR.XSL"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CC39CA8893E238141AF7DE1368FDB541\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AUTHOR2STRING.XSL"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CC90EA3BA967CE8439A0F5318C28EAB7\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="RECALL.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10366"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CCFD0C0DBF1B567419D85EBA368E6341\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CONSTAN.TTF"
"ComponentVersion"="5.90.0.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CDD93D4EB80E94D419C18893C65228D3\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.Word.AddInProxy_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10083"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CDE842F8E16F24C4B9C1DD57B9991947\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="DGCOUPON.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D2FFBA7ACD4FACF41929F6CCFE88DBDA\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="OSE.EXE"
"ComponentVersion"="14.0.4730.1010"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D446E95385851D1488710877FC63A645\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Applications.AddInBase_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10068"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D48DB6C877F570947B2E0E64EB2C008E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CLASSIC1.WMF"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D495E7FD93A5C4F4F8478B1400D44BF2\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="APEX.THMX"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D4B4D10F3E41BD944BC9E10C81F96E38\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="CALIBRI.TTF"
"ComponentVersion"="5.62.0.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D4E5734E946141E41800D9DCE8DD98CD\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.Office.Tools.Excel.Adapter_Pipeline.v10.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10063"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D59878FD6A50D7B45B639653C78D819D\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="WKCONV.EXE"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10104"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D6CE92CC2CB71D119A12000A9CE1A22A\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSCONV97.DLL"
"ComponentVersion"="2010.1400.6016.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10276"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D715C75D1DC7BEA47AB3AB7794E31B52\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSOCF.DLL"
"ComponentVersion"="14.0.6023.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10323"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D796CAC860006574ABA4F35848DC97CD\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="ONBTTNWD.DLL"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10417"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D991FF7F68BCD6F45B608B583CE67F4C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSVSTORuntimeCommon_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10092"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\6C184F62EBD8B8F4D9D81705182CA3ED]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="10.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\91785D291CBB3CC40AB8659C8E48CCC2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="8.0.50727"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\9FA945EEAAF84854382BCE1FCBD91CFF]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="10.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DB2609BDD6F60CC4CB20E25238DDEAC9\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="GABRIOLA.TTF"
"ComponentVersion"="5.90.0.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DB34A05395350CA4B88BD638E6043971\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="IPEDITOR.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10403"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DC7C5CB9F2E251C4D9144ECC19235B51\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft_VisualStudio_Tools_Applicatio_142483_142483_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10026"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DCDD330CA0BB68D40AA2B8DE2DE1DAEE\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="OLMAPI32.DLL"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10355"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DD9A21F08B861544490E9FF8A35EB514\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="OFFICE10.MMW"
"ComponentVersion"="10.0.0.5100"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DEC00DA6245E86B4AB903687251FEA1B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.Office.Tools.Outlook.Adapter_Pipeline.v10.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10064"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DED4A6E8B40A6DE42B1154E5C79A7903\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10081"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E0F2919EC5305C236A7AD687E12EB4D3\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_policy.30729.4148.policy_9_0_Microsoft_VC90_MFCLOC_x86.QFE.036BF802_B20B_38B9_9A44_2CF929804212"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E2338564DA4241F499CB8A1F84247C0E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="RICHED20.DLL_0001"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10317"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E29A9E40CF5A6504281237F7D9E2E816\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AD.DPV"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E50AC7AEA20E2A24CA06FB4C652BB998\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="WRD12CNV.DLL"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10398"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E628C910A54494645A0BB00FF8CCE4EE\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="WINWORD.EXE"
"ComponentVersion"="14.0.6024.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10396"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E80345038743F8145B4D27FD677F5F4F\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="MML2OMML.XSL"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E8F980EA5EBB7EA4AA8BE919002A906E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter_Pipeline.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10079"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E91608380506EBA44BB91EDA7A448257\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSORES.DLL"
"ComponentVersion"="14.0.6026.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10339"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EA0E008FA658138428F57422772B9817\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10027"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EA0E008FA658138428F57422772B9817\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="vsto_shared_typelib90_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10100"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EAF4DA93A44810041B5E1F4C8B980210\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MUOPTIN.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10274"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ED417E2A8BA189D4C8741500D3BAD4A3\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="OSPPC.DLL.x86"
"ComponentVersion"="14.0.370.400"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EF2A38FDC1F2F624F9D5D63BE49CBADE\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy_GAC.x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10080"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F32EE7B4C55ABA741BADE91F4D70CECF\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MSOSHEXT.DLL.x86"
"ComponentVersion"="14.0.6019.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10293"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F453B6DB55AF3D44F9A8374C2DDB1656\00004109A20000000100000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{967EF02C-5C7E-4718-8FCB-BDC050190CCF}"
"MediaCabinet"="PATCH_CAB"
"File"="VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10033"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F453B6DB55AF3D44F9A8374C2DDB1656\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10103"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F529453987E3FF44594C4837EBA14E2E\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="CLVIEW.EXE"
"ComponentVersion"="14.0.6015.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10271"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F588FB2E1AFEAB84AB2100B61D182302\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOCommonImpl_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F6CFFD385F786D649A544DD9876F535B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="FL_MSVSTOExcelImpl_GAC_nomaf_runtime_x86.6BB855F2_1A20_409A_B68C_D1B6AA156190"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F704F6D49F26CD545ACF8A6ED51172E8\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll_GAC_x86.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="9.0.30729.4130"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10015"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F7B7060FCAB0DDF44903D5C85EED3511\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="IACOM2.DLL.x86"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10412"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FB15B701458457540919FC8342B90D4C\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="OLKIRMV.XML"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FB17BB8C330EFAE479F89B2786E765C5\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AS_msmdlocal_dll_32.C16C67A1_5ADC_4C44_B6AE_A40000020FCC"
"ComponentVersion"="10.0.2733.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="1"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FB77723BFCB84D138A19CBBF155CD452\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_policy.30729.4148.policy_9_0_Microsoft_VC90_CRT_x86.QFE.EB5BA578_FF7F_3863_8E53_7A003222B7FC"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FB8EDEF2A3003EA44BE9783C181BC35B\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_MSVSTORuntime_GAC_x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10047"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FD94256918F6550429DAB99E7522B047\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="TRANSMGR.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10371"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FDD2D78E6B950B540A153E716F5C7E03\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="FL_Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10_GAC_x86.enu.452A3D81_F519_47A5_A9B2_7DEE71379BC4"
"ComponentVersion"="10.0.31007.0"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10017"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FF06A7C1BE8F0A9499D5CF577391CF3A\00004109D30000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"="{047B0968-E622-4FAA-9B4B-121FA109EDDE}"
"MediaCabinet"="PATCH_CAB"
"File"="MIMEDIR.DLL"
"ComponentVersion"="14.0.6009.1000"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="10353"
"SharedComponent"="0"
"IsFullFile"="1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-06 11:14:03
ComboFix-quarantined-files.txt 2011-11-06 19:14
ComboFix2.txt 2011-10-24 00:09
.
Pre-Run: 142,918,529,024 bytes free
Post-Run: 142,711,328,768 bytes free
.
- - End Of File - - 3E43584323077CF825EE384EBAE49796



-----------------------------------------------------------------------------------------------------------------------------
POSSIBLE PROBLEMS OR UNFINISHED BUSINESS WITH THE ROGUE PROGRAM

1. Instructions say to end all running processes. I wasn't sure what that meant. If I killed all processes my system would shut down.

2. FYI At the end of the program, it said there was an error copying the AsPatch file. This file was also listed in the log in the RK_QUARANTINE folder:

Time : 06/11/2011 11:33:27
--------------------------
ERROR [AsPatch10430001.exe.vir] -> C:\Windows\AsPatch10430001.exe

3. FYI At the end of the program, it said there were some things identified in the registry I believe and I could run the program again and choose "2" to delete them. I didn't, but perhaps you want me to run it again.

--------------------------------------------------------------------------------------------------------------------------

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Amys [Admin rights]
Mode: Scan -- Date : 11/06/2011 11:33:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] ASUS Patch 10430001.job : C:\Windows\AsPatch10430001.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users