Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit.0access? Or a false alarm??


  • This topic is locked This topic is locked
36 replies to this topic

#1 MaskedMarvel

MaskedMarvel

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 16 September 2012 - 08:59 PM

Hi,

Today I ran Malwarebytes Antimalware and it announced I had one infected file, which supposedly was infected with rootkit.0access.

I had Malwarebytes remove the infected file. I then ran RogueKiller (log attached). Could someone explain what this log means? It seems to say that there are no infected files, but there are some suspicious registry entries. Could this have been a false alarm? Or should I change all my passwords now (major hassle)? Repeat scans by Malwarebytes and MS Security essentials showed no infected files.

Subsequently I also ran Combofix, and I messed up somehow when running it, resulting in my computer not being able to connect to the internet any more. So I had to restore my entire C-drive from a backup made a year ago using Acronis. Does this guarantee the infection has gone away, assuming future Malwarebytes scans are negative?

I would greatly appreciate any help.

Best wishes,

MM

UPDATE: I ran another Malwarebytes scan and the same (supposedly) infected file is back already, even though I just restored my entire C: drive from a backup I made a year ago. Can this be real? I mean, if this is a real infection, shouldn't there be more than just one infected file? I'm attaching my DDS and Malwarebytes logs. I would appreciate any help!

Attached Files


Edited by MaskedMarvel, 16 September 2012 - 10:06 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 PM

Posted 17 September 2012 - 12:44 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 17 September 2012 - 02:43 AM

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
WinPatrol 2009 (Outdated! Latest version is WinPatrol 2012)
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 2.0.2
AML Free Registry Cleaner 4.20
Auslogics Registry Cleaner
Java™ 6 Update 25
Java 2 SDK, SE v1.4.2_13
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.162.28 Flash Player out of Date!
Mozilla Firefox (6.0.2)
Google Chrome 13.0.782.220
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#4 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 17 September 2012 - 02:49 AM

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 02:36:55
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kimmo - KIMMO-PC
# Boot Mode : Normal
# Running from : D:\setup\Adwcleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\Users\Kimmo\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v6.0.2 (en-US)

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kimmo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Kimmo\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4121 octets] - [17/09/2012 02:36:55]

########## EOF - C:\AdwCleaner[S1].txt - [4181 octets] ##########

#5 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 17 September 2012 - 02:53 AM

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kimmo [Admin rights]
Mode : Remove -- Date : 09/17/2012 02:45:00

Bad processes : 0

Registry Entries : 7
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

Infection :

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: OCZ-VERTEX2 ATA Device +++++
--- User ---
[MBR] e9071c5de772bdb6b4e291ec7e3dd42b
[BSP] cba23c0cee1029b72f24f63787afa7ad : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EARS-00Y5B1 ATA Device +++++
--- User ---
[MBR] 48c5a561da66ad938c0ba0f7c9dd335a
[BSP] 0b1b924e1440c7a0d3144081af3afd28 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST31000333AS ATA Device +++++
--- User ---
[MBR] bf739acf52d9828e87b20f4ed3752916
[BSP] 220a1d11a436a7e4718f6d27ef5e5c67 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 353296 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 723551535 | Size: 600570 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 PM

Posted 17 September 2012 - 08:18 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 September 2012 - 09:34 AM

ComboFix 12-09-18.04 - Kimmo 09/18/2012 7:47.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1923 [GMT -5:00]
Running from: d:\setup\Combofix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\users\Kimmo\AppData\Local\{88E033F7-2BAD-4EFE-929C-28950E882BB4}
c:\users\Kimmo\AppData\Local\{88E033F7-2BAD-4EFE-929C-28950E882BB4}\chrome.manifest
c:\users\Kimmo\AppData\Local\{88E033F7-2BAD-4EFE-929C-28950E882BB4}\chrome\content\overlay.xul
c:\users\Kimmo\AppData\Local\{88E033F7-2BAD-4EFE-929C-28950E882BB4}\install.rdf
c:\users\Kimmo\AppData\Local\Windows Server
c:\users\Kimmo\AppData\Local\Windows Server\server.dat
c:\users\Kimmo\AppData\Roaming\BB9109
c:\users\Kimmo\AppData\Roaming\Company\Product
c:\users\Kimmo\AppData\Roaming\Company\Product\settings.xml
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 12:52 . 2012-09-18 12:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-17 23:31 . 2012-09-17 23:31 -------- d-----w- c:\users\Kimmo\AppData\Roaming\SUPERAntiSpyware.com
2012-09-17 23:31 . 2012-09-17 23:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-17 23:31 . 2012-09-17 23:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-17 03:50 . 2007-02-16 21:40 11264 ----a-w- c:\windows\system32\relog_ap.dll
2012-09-17 03:43 . 2012-09-17 03:43 -------- d-----w- c:\program files (x86)\DaRO Uninstaller
2012-09-17 03:22 . 2012-09-17 04:08 155272 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-09-17 02:42 . 2012-08-23 06:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{503EA801-6002-446B-B7B9-BBEB15DE49D9}\mpengine.dll
2012-09-17 02:34 . 2012-08-23 06:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-17 02:13 . 2012-09-17 02:13 -------- d-----w- c:\program files\Microsoft Device Center
2012-09-17 02:11 . 2012-09-17 02:11 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-17 02:10 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-17 02:10 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-17 02:10 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-17 02:10 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-17 02:10 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-17 02:10 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-17 02:10 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-17 02:05 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-09-17 02:04 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-09-17 02:03 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-17 02:03 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-17 02:03 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-09-17 02:03 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-09-17 02:03 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-09-17 02:03 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-09-17 02:03 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-09-17 02:02 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-09-17 02:02 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-09-17 02:02 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-09-17 02:01 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-09-17 02:01 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-09-17 02:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-09-17 02:01 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-09-17 02:01 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-09-17 02:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-09-17 02:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-09-17 02:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-09-17 00:17 . 2012-09-17 00:17 -------- d-----w- c:\programdata\EA Logs
2012-09-17 00:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-17 00:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-09-17 00:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-17 00:15 . 2012-09-17 00:15 -------- d-----w- c:\program files (x86)\AMD APP
2012-09-17 00:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-17 00:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-17 00:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-17 00:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-17 00:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-17 00:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-17 00:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-17 00:13 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-17 00:13 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-17 00:12 . 2012-09-17 00:12 -------- d-----w- C:\AMD
2012-09-16 23:58 . 2012-09-16 23:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06CE0D96-30F1-40D2-B79C-44FBE581B333}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-17 07:52 . 2011-05-31 02:44 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-17 03:54 . 2009-11-26 17:53 81952 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-09-07 22:04 . 2010-03-05 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 05:43 . 2010-03-01 06:31 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-28 03:44 . 2012-07-28 03:44 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-28 03:44 . 2012-07-28 03:44 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-07-28 21:39 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2011-07-28 21:20 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2010-10-27 02:13 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-27 02:38 . 2012-06-27 02:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-17 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 941440]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6010264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
"AcronisTimounterMonitor"=c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
.
R2 AsSysCtrlService;ASUS System Control Service; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2009-08-09 20480]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-14 136176]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-19 7017888]
R3 atillk64;atillk64; [x]
R3 GamingMsFltr;HP HDX Mouse;c:\windows\system32\drivers\gamingms.sys [2009-12-07 11520]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-14 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 pwdrvio;pwdrvio; [x]
R3 pwdspio;pwdspio; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1255736]
R4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\Drivers\Achernar.sys [2007-06-26 33080]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-09-17 155272]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2011-02-09 181040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2012-09-17 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-17 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2012-09-17 166024]
S1 dk2drv;DK2 WindowsNT Driver;c:\windows\SYSTEM32\Drivers\dk2drv64.sys [2011-04-11 59192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-17 140672]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-17 3696632]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 Hauppauge WinTV Extender;Hauppauge WinTV Extender;c:\program files (x86)\WinTV\Extend\WinTVExtender.exe [2011-02-25 69120]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [2011-04-15 562176]
S2 SSPORT;SSPORT; [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-17 367200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2010-09-01 1883264]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2009-05-13 02:59]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-14 03:33]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-14 03:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 06:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FantomDVDService"="c:\program files\CopyStar\FantomDVD\FantomDVDSrcX64.exe" [2007-07-24 33840]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {74ECAE4B-9D95-4652-9EE9-001030000018} - hxxp://www.online.gamesweet.com/VGT_Releases/GAMESweet_Player.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Random House Webster's Unabridged Dictionary - c:\program files (x86)\Random House
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2833316789-2205010112-753538935-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2e,64,64,4e,f9,28,67,91,06,3c,aa,c0,ee,27,a4,87,6d,96,fa,de,15,71,fd,
a3,6d,e8,20,86,b7,cd,40,cb,95,0b,c2,31,e1,88,af,fe,ba,4b,6d,4b,98,6e,3e,d3,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2833316789-2205010112-753538935-1000\Software\SecuROM\License information*]
"datasecu"=hex:90,7c,f8,68,4e,bf,e0,1b,7d,51,d5,7e,53,84,49,e7,fb,95,a0,66,02,
2b,a7,66,e3,78,aa,0f,40,55,61,37,38,a8,35,31,af,26,97,4f,c3,de,34,c6,5b,f8,\
"rkeysecu"=hex:81,af,81,a5,5c,02,20,40,67,91,a6,5a,53,58,ea,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\097E1FDABB0E0EF458D9926F9EAA8D1C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10041"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0AFCA973A77A2C543BAE12408F1A0199\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasicDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10037"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0B150AC107B12D11A9DD0006794C4E25\577E93D3ADDD72347B74B0CDF5913113]
@DACL=(02 0000)
"ComponentVersion"="6.0.8797.0"
"File"="Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24"
"IsFullFile"="0"
"MediaCabinet"=""
"PatchAttributes"="0"
"PatchGUID"=""
"PatchSequence"="0"
"PatchSize"="0"
"ProductVersion"="7.1.30"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\136B994B6D65083479E856E667B1BCFE\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10075"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1725847E5C9F6D4499B5B830029EFA67\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10083"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\185ECBCE8AF31294CB7614C0A7A81D42\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10013"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1922F833A0A7F41419BF67AA64479329\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10063"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\194936851411508448D50E240BD3FBDE\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10062"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1A1E2F81317534F4FA9D05416508EFEA\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"=""
"File"="manifestXML"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10077"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1AFE8719FF6235849A1744CC3333FE86\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10017"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1C867EA60B9851648B54D8790CD08714\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="systemDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10067"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1DF9B3C82FAC321449E55897CF6DE81F\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10085"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1F49A4EE40BC1BA4EA3BFE2C8E0CE7E1\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="ctrlResourceDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10055"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\20BB88B0412A1814DB0068BB56403669\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10021"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2251AA40435B91A4AB8F2D9441B30B27\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10096"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\259B831DE9F83624FA0E5F584F3BCA56\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10009"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\26E28D6BC6B5BAE4FA5D65AEFC95DEF0\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"=""
"File"="manifestXML"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10026"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\27584AB91CF6A334E8A98D4602606D66\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10038"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\28D47580E23868B4BB10C38D7EDA007F\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="ctrlDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10054"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2C3B357BD30C12A458AFCFD2D72DE03F\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlibDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10057"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\301020E2102E7B64B82DE43E78C5443C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10033"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\31387D1C22167A9429F136FA7765FE1A\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrcDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10027"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\318CF97A5CF1E6449926716A29EDEB96\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10024"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\34743A576CF6BCB49BCAA9917F16A0A9\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="coreclrDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10056"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\35AD1A0BDDA6F9D4F9A4B0384FDFAA1D\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10023"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\35AFC80B317F925489B98329D3D6A3A8\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10011"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\36A2AFA736D079E4B8A9DF72C06A1E30\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10091"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3909FDA6AB83DEC458C06AC7ACBF4031\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="systemnetDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10048"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3A4487808434D884B88A1BC627A608BB\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlibDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10006"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3ABFA23040AEF4D4297BDA976E8994A3\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10010"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3C8C880127B68C4478E53AA5C0ADDDBB\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10059"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\42F7155C84FAB974B9B9D4CE8FE1ED08\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10092"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\443F9F9087FF2F14FB71F1C0D67B09AF\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="systemDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10016"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4758AB448E0881947A08FB92646E79B2\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10028"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4912EB373D3630F43B39827401375C1C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10012"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\49B9AC256FD90DB49874B4F9D477212D\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="systemservicemodelwebDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10101"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4A8D9774F80FE0443B54E2A28F76F2E9\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="systemxmlDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10087"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4ACA1A4C25ED2084AB78C3D639D8CB15\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10034"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4AF3E748CDC71944A8CD131271ED6C5E\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10069"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4C780D5173E45664481020D642D02159\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10070"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\4CEFC6B6E7E16574C96EC7C1614206DD\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="silverlightconfigurationEXE"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10051"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5075DB61276930447BE03DA07448922C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10035"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\50821897FA1ED3644ACC5EBCE3781A10\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="systemservicemodelwebDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10050"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\56599A73F76AAF64B9F73F64C2B09703\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10064"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5AC6FDB8A3D60FF42AEC572FCC46C493\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10022"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5B37226366569044482C0B22074CDE28\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10043"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5F3F1B3989FFAB74496BFE207C518E33\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10040"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\616B49FFA4B611A4F9EB8B8078BEDCA0\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10020"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\650D2A005F5B62042941C94E861F4AD9\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="silverlightconfigurationEXE"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10000"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\65AA91F1D27D0384E947734622844A10\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10095"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6766BD1BBB8AE21439F78C7727B4E5A3\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="coreclrDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10005"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6B150AC107B12D11A9DD0006794C4E25\577E93D3ADDD72347B74B0CDF5913113]
@DACL=(02 0000)
"ComponentVersion"="6.0.8972.0"
"File"="Global_VC_CPPRT60_f0.51D569E3_8A28_11D2_B962_006097C4DE24"
"IsFullFile"="0"
"MediaCabinet"=""
"PatchAttributes"="0"
"PatchGUID"=""
"PatchSequence"="0"
"PatchSize"="0"
"ProductVersion"="7.1.30"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6B150AC107B12D11A9DD0006794C4E25\9040820900063D11C8EF00054038389C]
@DACL=(02 0000)
"ComponentVersion"="6.0.8168.0"
"File"="MSVCP60.DLL"
"IsFullFile"="0"
"MediaCabinet"=""
"PatchAttributes"="0"
"PatchGUID"=""
"PatchSequence"="0"
"PatchSize"="0"
"ProductVersion"="10.0.2627"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\711CBA68B62FFBF409F7C2DCDA44008C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="systemcoreDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10097"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\71CBE457AF4AF4E4F942F603A558C318\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrcDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10078"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\72AB62E1E52FF804D85CA4ED0E9ADBD0\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="silverlightconfigurationuiDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10001"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\73F1C3D66399D7A4A98BCA88C76985DB\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10093"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\79FA738D0B5080945B58BF9F16240049\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="systemruntimeserializationDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10098"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7B1FCDA16C66580429C210BB6A819B8E\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10061"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7DD7603498CE90E459C6915366D07120\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10031"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7EC85A40D2B66474283FF4F864CD6271\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10018"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\810AAF87A2D51434882254872B65E97D\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10086"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\82440BF1585BD5E4C8C87C5994783F30\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="systemservicemodelDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10100"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\82CC4C2A79F31CB43AB7EADBA272890A\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10090"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\84E78324C653ABD4D888C54128B07625\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10072"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8B769FD2D9D0B974D93EFB8D906D966D\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="ctrlResourceDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10004"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8FFC93CE8285D7B488AF5EFA9F5D801D\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10068"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9583874A04DECA844BD83D89B6BEAD86\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10094"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98E0214C80E903343A9B896727075FA6\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasicDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10088"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9C984A5840AC5E849A29DCE9591D04BA\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10082"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A323006DFF219554F893AEA9099AA668\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10073"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A3248B73D9F7A2B469A6E8591CD7A698\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="systemxmlDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10036"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A37DA7043EAD64B4D97B98B62863485C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="ctrlDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10003"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A5F0B9EDB312359458225A11993D7D8F\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10029"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A943AC4E6618D3C48AFA3476CCE13B03\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="systemservicemodelDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10049"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ABF1F5B202CB8FB4C91C2198FA7BCC1D\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10042"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AEC49A63A442C7546A73A577EC6C1BC4\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="systemruntimeserializationDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10047"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AECD35B5C29801E49AEC41E481C34CBC\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_zh_hantDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10044"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AEF8025F2BE0B7B4591E65BA000AFF0F\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="systemcoreDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10046"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BBE4FC0B059C9A34C92167332E24D04E\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10074"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BEB03BC8E8C6B8142853DEBA725B620A\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_esDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10084"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BF5A94D34F0B8794FBE550B5ED3F1683\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="microsoftvisualbasic_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10089"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C11E8E88785CF9D47AD22AE9A0BC0625\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="System.WindowsDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10025"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C65B32EE8D57C2144874B0F86E28CFCE\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10008"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\C9170A993C9C6024B97A8C1418E2030D\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10014"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CBCFB52B83444AB48845D1FC6B1E9CC1\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10060"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CFC84380450B2F445B446C6ABEFFD39E\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="8.0.40115.0"
"File"="systemwindowsbrowserDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10066"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D11E5A0C91A1BFD4DB024949DBCE7519\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_zh_hansDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10045"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D33CBA3954D57764FA818BD95BC7C074\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="System.WindowsDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10076"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D50A488FEE5978145942FCB8D2DE0B1E\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="systemnetDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10099"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D53136122F166FA459952D95E33A2E44\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="coreDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10053"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D6D7B6D7307490C4DB771C33036246CB\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="microsoftvisualbasic_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10039"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D8CC28BB50194184E8C8588FC54C359C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10030"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D9CD88018979F074FA1A4E02FC08CF6F\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="system_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10019"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA2E93DB65A24554F94D1089DD5A7428\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="system_itDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10071"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DDD6E22F4A9C74649835DCE05EAD3762\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorlib_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10007"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DE23275590A86EC47BE7E6F9B05CC42A\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10080"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E3C446EB746540145B7821B24B131B5F\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10081"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\EB394F123FFCD784BB2022C51FD395CF\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="8.0.31005.0"
"File"="systemwindowsbrowserDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10015"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F629EFF27E3669843B7B31431974FD4C\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_koDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10065"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F794D51FD6C777A47AEA8391201EABDB\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorrc_jaDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10079"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F7BB5B87DDEE01B44AE7997ED7EBABEC\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="silverlightconfigurationuiDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10052"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F7F880A0F863E414CB391A25FD417205\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="coreDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10002"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F89E5B3DC8D3DF74A8BF0C72E89B60E3\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.40115.0"
"File"="mscorlib_frDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{1DCBF7A7-7735-433B-BAB6-D0194490A38C}"
"PatchSequence"="10058"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FA5D71FA47C610D469197112B56E7120\D7314F9862C648A4DB8BE2A5B47BE100]
@DACL=(02 0000)
"ComponentVersion"="2.0.31005.0"
"File"="mscorrc_deDLL"
"IsFullFile"="1"
"MediaCabinet"="PCW_CAB_Silver"
"PatchAttributes"="0"
"PatchGUID"="{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}"
"PatchSequence"="10032"
"PatchSize"="0"
"ProductVersion"="1.0.0"
"SharedComponent"="0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\WinTV\TVServer\CaptureGenPCI.exe
.
**************************************************************************
.
Completion time: 2012-09-18 07:58:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-18 12:58
.
Pre-Run: 22,843,748,352 bytes free
Post-Run: 23,606,931,456 bytes free
.
- - End Of File - - 3A3FEC13348A58DB6EF6553EDBC174FA

#8 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 September 2012 - 09:40 AM

Dear Gringo,

Thanks so much for volunteering to help!

After running ComboFix (log posted above), my computer is again unable to connect to the internet, just like after the first time I ran ComboFix (see my first post). I'm writing this on another computer. Rebooting didn't help.

Before I ran ComboFix, I was very careful to disable all antivirus software.

Is there a way to fix this and get my internet connection back? I do have a backup of my C-drive that I made just before running ComboFix.

Also I'd like to know if you think my computer really was infected with rootkit.0access. Or was this a false alarm?

Best wishes,

MM

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 PM

Posted 18 September 2012 - 11:42 AM

Hello


I do not see zerroaccess in any of the reports

I want you to go to this file C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe right click on the file and select run as admin

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 September 2012 - 01:59 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kimmo :: KIMMO-PC [administrator]

9/16/2012 9:01:28 PM
mbam-log-2012-09-16 (21-04-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194013
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Kimmo\AppData\Roaming\desktop.ini (Rootkit.0access) -> No action taken.

(end)

#11 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 September 2012 - 02:06 PM

Hi Gringo,

ZeroAccess was mentioned in the first Malwarebytes log I had attached, which I have posted above again.

Do you think this was likely a false alarm? Or have you seen ZeroAccess infect only one .ini file like that and nothing else? I have constant monitoring by Microsoft Security Essentials, which should detect ZeroAccess, but Security Essentials didn't detect it.

The reason I'm asking if this was a false alarm is that if there is a risk that it wasn't a false alarm, then I have to change all my passwords.

I will try running the erdnt.exe file when I get home tonight.

Many thanks in advance,

MM

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 PM

Posted 18 September 2012 - 02:41 PM

I can't say if it is a false positive or not - but from what I have seen that location is not normal for ZA

Now the computer losing internet after running combofix seems to happen a lot to computer lately that has ZA


I would change the passwords when you are done just to add an extra layer of safety anyway



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 18 September 2012 - 08:02 PM

Hi Gringo,

I ran erdnt.exe like you suggested and it restored my internet connection.

I also ran a couple of free tools for removal of ZeroAccess. Neither tool reported an infection.

I'd like to add that I never had any symptoms reported by people who have had a ZeroAccess infection.

Many thanks for your help!

MM

Edited by MaskedMarvel, 18 September 2012 - 08:03 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 PM

Posted 19 September 2012 - 12:56 AM

Hello

I want to run one more check before I start to finish up

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MaskedMarvel

MaskedMarvel
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 19 September 2012 - 07:00 PM

OTL logfile created on: 9/19/2012 6:41:15 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = D:\setup\OldTimer
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.07% Memory free
8.00 Gb Paging File | 5.80 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 21.42 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 101.15 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
Drive E: | 277.67 Gb Total Space | 7.56 Gb Free Space | 2.72% Space Free | Partition Type: NTFS
Drive F: | 308.83 Gb Total Space | 84.85 Gb Free Space | 27.48% Space Free | Partition Type: NTFS
Drive H: | 3.01 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 345.02 Gb Total Space | 79.56 Gb Free Space | 23.06% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 557.42 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
Drive N: | 465.76 Gb Total Space | 66.51 Gb Free Space | 14.28% Space Free | Partition Type: NTFS
Drive O: | 931.48 Gb Total Space | 30.21 Gb Free Space | 3.24% Space Free | Partition Type: NTFS

Computer Name: KIMMO-PC | User Name: Kimmo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\setup\OldTimer\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works, Inc)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Hauppauge WinTV Extender) -- C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works, Inc)
SRV - (getPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DTBService) -- C:\Program Files (x86)\DVRMSToolbox\DTBFWService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (tib_mounter) -- C:\Windows\SysNative\drivers\tib_mounter.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt) -- C:\Windows\SysNative\drivers\vidsflt.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (dk2drv) -- C:\Windows\SysNative\drivers\dk2drv64.sys (Data Encryption Systems Limited)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (GamingMsFltr) -- C:\Windows\SysNative\drivers\gamingms.sys (Primax Ltd)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (AnchorFree Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.)
DRV:64bit: - (Achernar) -- C:\Windows\SysNative\drivers\Achernar.sys (An Chen Computer Co., Ltd.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV:64bit: - (BT) -- C:\Windows\SysNative\drivers\BtNetDrv.sys (IVT Corporation.)
DRV:64bit: - (BTHidMgr) -- C:\Windows\SysNative\drivers\BTHidMgr.sys (IVT Corporation.)
DRV:64bit: - (BTHidEnum) -- C:\Windows\SysNative\drivers\VBTEnum.sys (IVT Corporation.)
DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\drivers\VcommMgr.sys (IVT Corporation.)
DRV:64bit: - (VComm) -- C:\Windows\SysNative\drivers\VComm.sys (IVT Corporation.)
DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\drivers\blueletaudio.sys (IVT Corporation.)
DRV:64bit: - (slabser) -- C:\Windows\SysNative\drivers\slabser.sys (MCCI Corporation)
DRV:64bit: - (slabbus) -- C:\Windows\SysNative\drivers\slabbus.sys (MCCI Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 5A 25 28 C1 D1 C9 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {729F6562-CB19-45CD-B6B4-F7CF8A6C7737}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{729F6562-CB19-45CD-B6B4-F7CF8A6C7737}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-offrhap
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2010/02/28 23:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{88E033F7-2BAD-4EFE-929C-28950E882BB4}: C:\Users\Kimmo\AppData\Local\{88E033F7-2BAD-4EFE-929C-28950E882BB4}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/05/29 14:38:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/05/29 14:38:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.0.10\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins [2011/05/29 14:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011/01/30 12:28:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2011/05/29 14:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/11 19:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/28 15:01:06 | 000,000,000 | ---D | M]

[2012/09/16 19:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmo\AppData\Roaming\Mozilla\Extensions
[2010/06/27 14:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kimmo\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/27 22:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/30 21:49:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/02/28 23:43:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/11 19:50:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/30 21:49:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/09 21:42:59 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2011/09/11 19:50:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Kimmo\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Kimmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: DivX HiQ = C:\Users\Kimmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Nokia Drop = C:\Users\Kimmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gedcgkfpfhaambmgpanmohakkgbcnegi\1.3_0\
CHR - Extension: avast! WebRep = C:\Users\Kimmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Ovi Maps 3D browser plugin = C:\Users\Kimmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lilolcmoknakbgobboojdpbnggkhkibk\5.2.7.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Kimmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/09/18 07:56:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [FantomDVDService] C:\Program Files\CopyStar\FantomDVD\FantomDVDSrcx64.exe (An Chen Computer Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {74ECAE4B-9D95-4652-9EE9-001030000018} http://www.online.gamesweet.com/VGT_Releases/GAMESweet_Player.cab (GAMESweet Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://utswra.swmed.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44729426-D11D-41A1-904E-371F56C2595E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C3963A-B8C2-4C4B-9274-F1D795C9D3C1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/01/01 00:57:58 | 000,001,958 | ---- | M] () - E:\AUTOEXEC.ALS -- [ NTFS ]
O32 - AutoRun File - [1999/01/01 21:10:06 | 000,000,230 | ---- | M] () - E:\autoexec.atc -- [ NTFS ]
O32 - AutoRun File - [2007/01/12 14:08:35 | 000,002,503 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/01/01 00:03:24 | 000,001,103 | ---- | M] () - E:\AUTOEXEC.CMI -- [ NTFS ]
O32 - AutoRun File - [1999/01/01 21:56:22 | 000,002,391 | ---- | M] () - E:\AUTOEXEC.CSM -- [ NTFS ]
O32 - AutoRun File - [1999/01/01 12:54:16 | 000,000,817 | ---- | M] () - E:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [1999/01/01 16:43:14 | 000,000,299 | ---- | M] () - E:\AUTOEXEC.ORG -- [ NTFS ]
O32 - AutoRun File - [1999/01/01 00:35:42 | 000,002,492 | ---- | M] () - E:\AUTOEXEC.PSS -- [ NTFS ]
O32 - AutoRun File - [1999/01/01 06:34:44 | 000,000,060 | ---- | M] () - E:\AUTOEXEC.VIA -- [ NTFS ]
O32 - AutoRun File - [2005/09/02 14:21:51 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/18 19:38:03 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/09/18 07:56:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/18 07:46:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/18 07:46:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/18 07:46:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/18 07:46:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/18 07:46:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/17 18:31:27 | 000,000,000 | ---D | C] -- C:\Users\Kimmo\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/17 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/17 18:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/17 18:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/17 03:26:44 | 000,000,000 | ---D | C] -- C:\Users\Kimmo\AppData\Roaming\Acronis
[2012/09/17 03:26:18 | 000,367,200 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2012/09/17 03:26:12 | 001,340,040 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpman.sys
[2012/09/17 03:26:11 | 000,000,000 | ---D | C] -- C:\Users\Kimmo\AppData\Roaming\98D68F38-B9D4-479A-9EB7-53579ACE8272
[2012/09/17 03:26:08 | 000,340,104 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012/09/17 03:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012/09/17 03:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2012/09/17 02:52:30 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/17 02:43:27 | 000,000,000 | ---D | C] -- C:\Users\Kimmo\Desktop\RK_Quarantine
[2012/09/16 23:08:22 | 001,093,256 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tib_mounter.sys
[2012/09/16 23:08:22 | 000,228,488 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys
[2012/09/16 23:08:22 | 000,000,000 | ---D | C] -- C:\Users\Kimmo\AppData\Roaming\B7F9F0AA-E817-461E-A5EC-64562F5C8C3E
[2012/09/16 23:08:21 | 000,166,024 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\vidsflt.sys
[2012/09/16 23:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012/09/16 23:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2012/09/16 22:50:51 | 000,011,264 | ---- | C] (Acronis) -- C:\Windows\SysNative\relog_ap.dll
[2012/09/16 22:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DaRO Uninstaller
[2012/09/16 22:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DaRO Software
[2012/09/16 22:22:43 | 000,155,272 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2012/09/16 21:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/09/16 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/09/16 21:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/16 21:10:31 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/09/16 21:10:30 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/09/16 21:10:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/09/16 21:06:16 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/16 21:06:14 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/16 21:06:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/16 21:06:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/16 21:06:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/16 21:06:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/16 21:06:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/16 21:06:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/09/16 21:06:09 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/09/16 21:06:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/09/16 21:06:09 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/09/16 21:06:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/09/16 21:05:52 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/09/16 21:05:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/09/16 21:05:47 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/09/16 21:05:47 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/09/16 21:05:46 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/16 21:05:46 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/16 21:05:44 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/09/16 21:05:43 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/09/16 21:05:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/09/16 21:05:42 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/09/16 21:05:37 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/09/16 21:05:37 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/09/16 21:05:35 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/09/16 21:05:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/09/16 21:05:31 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/09/16 21:05:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/09/16 21:05:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/09/16 21:05:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/09/16 21:05:30 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/09/16 21:05:27 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/16 21:05:27 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/16 21:05:27 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/16 21:05:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/09/16 21:05:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/09/16 21:05:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/09/16 21:05:26 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/09/16 21:05:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/09/16 21:05:25 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/09/16 21:05:25 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/09/16 21:05:24 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/09/16 21:05:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/09/16 21:05:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/16 21:05:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/09/16 21:05:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/09/16 21:05:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/09/16 21:05:22 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/16 21:05:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/09/16 21:05:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/09/16 21:05:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/09/16 21:05:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/09/16 21:04:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/09/16 21:04:23 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/09/16 21:04:01 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/09/16 21:02:57 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/09/16 21:02:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/09/16 21:02:33 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/09/16 21:01:43 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/09/16 21:01:42 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/09/16 21:01:42 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/09/16 21:01:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/09/16 21:01:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/09/16 19:20:08 | 000,000,000 | ---D | C] -- C:\Users\Kimmo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nokia
[2012/09/16 19:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/09/16 19:16:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/09/16 19:16:29 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/09/16 19:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/09/16 19:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/09/16 19:13:11 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/09/16 19:13:11 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/09/16 19:13:11 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/09/16 19:13:08 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/09/16 19:13:08 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/09/16 19:13:08 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/09/16 19:13:06 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/09/16 19:13:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/09/16 19:12:31 | 000,000,000 | ---D | C] -- C:\AMD
[2011/05/30 21:50:22 | 000,079,232 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Kimmo\arh.exe
[2011/05/19 21:36:09 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Users\Kimmo\FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/19 17:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 02:57:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/18 19:50:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/18 19:49:48 | 000,023,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 19:49:48 | 000,023,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 19:47:32 | 002,476,340 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/18 19:47:32 | 000,740,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/18 19:47:32 | 000,006,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/18 19:42:45 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/09/18 19:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/18 19:38:03 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/09/18 18:52:03 | 004,980,736 | ---- | M] () -- C:\Users\Kimmo\ntuser.bak
[2012/09/18 08:20:27 | 000,002,052 | ---- | M] () -- C:\Users\Kimmo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/18 07:56:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/18 07:43:12 | 000,001,265 | ---- | M] () -- C:\Users\Kimmo\Desktop\True Image.lnk
[2012/09/17 18:31:12 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/17 03:26:18 | 000,367,200 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2012/09/17 03:26:12 | 001,340,040 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpman.sys
[2012/09/17 03:26:08 | 000,340,104 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012/09/17 03:26:06 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\True Image 2013.lnk
[2012/09/17 02:52:30 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/17 02:52:30 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/17 02:49:03 | 000,001,066 | ---- | M] () -- C:\Users\Kimmo\Desktop\Glary Utilities.lnk
[2012/09/16 23:08:23 | 001,093,256 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tib_mounter.sys
[2012/09/16 23:08:22 | 000,228,488 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys
[2012/09/16 23:08:21 | 000,166,024 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\vidsflt.sys
[2012/09/16 23:08:17 | 000,155,272 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2012/09/16 22:54:45 | 000,081,952 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tifsfilt.sys
[2012/09/16 21:39:32 | 000,324,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/16 21:11:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/16 21:11:12 | 000,006,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/16 19:21:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/16 18:54:45 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/21 04:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/18 07:46:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/18 07:46:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/18 07:46:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/18 07:46:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/18 07:46:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/18 07:43:12 | 000,001,265 | ---- | C] () -- C:\Users\Kimmo\Desktop\True Image.lnk
[2012/09/18 02:46:33 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/18 02:46:33 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/17 18:31:12 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/16 23:08:15 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\True Image 2013.lnk
[2012/09/16 19:21:52 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 20:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 20:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/05 12:30:08 | 000,704,000 | ---- | C] () -- C:\Windows\is-D9DS8.exe
[2011/06/03 20:59:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/22 19:51:29 | 000,009,658 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/05/19 22:12:01 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/05/19 21:45:46 | 000,704,000 | ---- | C] () -- C:\Windows\is-K8HUH.exe
[2011/04/10 23:33:37 | 002,366,000 | ---- | C] () -- C:\Windows\SysWow64\DK2INST.DLL
[2011/01/25 21:02:19 | 000,006,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/01 15:35:20 | 000,709,456 | ---- | C] () -- C:\Windows\is-LUTSK.exe
[2010/12/29 02:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/12/18 17:40:20 | 000,673,280 | ---- | C] () -- C:\Windows\is-GL85H.exe
[2010/10/13 22:08:26 | 000,673,280 | ---- | C] () -- C:\Windows\is-8PP19.exe
[2010/10/02 01:52:34 | 000,000,141 | ---- | C] () -- C:\Windows\disney.ini
[2010/10/02 01:52:22 | 000,000,188 | ---- | C] () -- C:\Windows\disneysy.ini
[2010/09/24 23:27:55 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/09/23 19:36:57 | 000,000,009 | ---- | C] () -- C:\Windows\Sierra.ini
[2010/07/04 14:15:54 | 000,000,120 | ---- | C] () -- C:\Users\Kimmo\AppData\Local\Dkaxiqatariveha.dat
[2010/07/04 14:15:54 | 000,000,000 | ---- | C] () -- C:\Users\Kimmo\AppData\Local\Szeli.bin
[2010/04/11 19:24:04 | 000,000,600 | ---- | C] () -- C:\Users\Kimmo\AppData\Local\PUTTY.RND
[2010/04/11 13:59:37 | 000,008,192 | ---- | C] () -- C:\Users\Kimmo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 21:06:59 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/02/28 23:36:38 | 004,980,736 | ---- | C] () -- C:\Users\Kimmo\ntuser.bak
[2009/05/31 14:59:04 | 000,006,656 | ---- | C] () -- C:\Program Files (x86)\avivo_divx.GRF
[2009/05/31 14:59:04 | 000,005,120 | ---- | C] () -- C:\Program Files (x86)\avivo_generic.GRF
[2009/05/31 14:59:04 | 000,004,096 | ---- | C] () -- C:\Program Files (x86)\avivo.GRF
[2009/05/29 08:17:02 | 000,870,128 | ---- | C] () -- C:\Users\Kimmo\AppData\Roaming\mcs.rma
[2009/05/10 19:45:22 | 000,006,526 | ---- | C] () -- C:\Users\Kimmo\AppData\Roaming\PrimoPDFSet.xml

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users