Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help with malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: help with malware removal

Unread postby Alander » January 13th, 2012, 2:36 pm

Hi,

Step 1.
Please run the Mcafee Removal tool downloadable from here

Step 2.
ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:

    Code: Select all
    REGLOCK::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    

  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Combofix Log
Thanks
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore
Advertisement
Register to Remove

Re: help with malware removal

Unread postby Chr » January 13th, 2012, 10:22 pm

hello,


here is my latestcombofix log

ComboFix 12-01-12.04 - KidVersatile 01/13/2012 21:09:21.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2449 [GMT -5:00]
Running from: c:\users\KidVersatile\Desktop\ComboFix.exe
Command switches used :: c:\users\KidVersatile\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 02:14 . 2012-01-14 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 02:02 . 2012-01-14 02:02 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-01-11 02:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 02:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 02:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 02:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 04:41 . 2012-01-10 04:41 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-10 04:33 . 2012-01-10 04:33 -------- d-----w- c:\windows\SysWow64\vmm32
2012-01-10 03:56 . 2012-01-10 03:56 -------- d-----w- C:\inetpub
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\system32\Wat
2012-01-09 16:05 . 2012-01-09 16:05 -------- d-----w- C:\122cb0ca4002658f57f250
2012-01-06 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-01-06 12:40 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-01-06 12:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-06 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-06 12:40 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-06 12:40 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-06 12:40 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-06 12:40 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-01-06 12:39 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 12:39 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-01-06 12:39 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-01-06 12:39 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-06 12:39 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-06 12:39 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-06 12:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-06 04:38 . 2012-01-06 04:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-06 03:27 . 2012-01-06 03:27 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-06 03:24 . 2012-01-06 03:25 -------- d-----w- c:\programdata\PCDr
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-06 01:01 . 2012-01-06 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 23:31 . 2012-01-05 23:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-01-05 11:09 . 2012-01-05 11:12 -------- d-----w- c:\programdata\Apple
2012-01-05 10:55 . 2012-01-05 10:55 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 11:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-05 10:47 . 2012-01-05 22:29 -------- d-----w- c:\program files\Symantec
2012-01-05 10:47 . 2012-01-05 22:29 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 23:59 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-01-05 10:47 . 2012-01-06 01:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-01-05 10:45 . 2012-01-06 01:56 -------- d-----w- c:\programdata\Norton
2012-01-05 10:39 . 2012-01-05 10:39 -------- d-----w- c:\programdata\IsolatedStorage
2012-01-05 10:38 . 2011-07-05 15:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-01-05 10:38 . 2011-07-05 15:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-01-05 10:38 . 2011-07-05 15:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-01-05 10:38 . 2011-07-05 15:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-01-05 10:38 . 2011-07-05 15:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-01-05 10:38 . 2011-07-05 15:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-01-05 10:38 . 2009-06-12 21:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\programdata\GID
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\program files (x86)\SFT
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\programdata\White Sky, Inc
2012-01-05 10:36 . 2012-01-05 10:36 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- C:\FIND_EULA_PATH
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2012-01-05 09:57 . 2012-01-14 01:57 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-01-05 09:56 . 2012-01-05 09:59 -------- d-----w- c:\users\KidVersatile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 09:57 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-19 14:48 . 2011-10-19 14:48 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-10-19 14:48 . 2011-10-19 14:48 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-10-19 14:48 . 2011-10-19 14:48 4719168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-10-19 14:48 . 2011-10-19 14:48 3900416 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-10-19 14:48 . 2011-10-19 14:48 3566080 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-10-19 14:40 . 2011-10-19 14:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-19 14:40 . 2011-10-19 14:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-19 14:40 . 2011-10-19 14:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-19 14:40 . 2011-10-19 14:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-19 14:40 . 2011-10-19 14:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-19 14:40 . 2011-10-19 14:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-19 14:40 . 2011-10-19 14:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-19 14:40 . 2011-10-19 14:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-19 14:40 . 2011-10-19 14:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-19 14:40 . 2011-10-19 14:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-19 14:40 . 2011-10-19 14:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-19 14:40 . 2011-10-19 14:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-19 14:40 . 2011-10-19 14:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-19 14:40 . 2011-10-19 14:40 448512 ----a-w- c:\windows\system32\html.iec
2011-10-19 14:40 . 2011-10-19 14:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-19 14:40 . 2011-10-19 14:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-19 14:40 . 2011-10-19 14:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-19 14:40 . 2011-10-19 14:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-19 14:40 . 2011-10-19 14:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-19 14:40 . 2011-10-19 14:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-19 14:40 . 2011-10-19 14:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-19 14:40 . 2011-10-19 14:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-19 14:40 . 2011-10-19 14:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-19 14:40 . 2011-10-19 14:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-19 14:40 . 2011-10-19 14:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-19 14:40 . 2011-10-19 14:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-19 14:40 . 2011-10-19 14:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-19 14:40 . 2011-10-19 14:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-19 14:40 . 2011-10-19 14:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-19 14:40 . 2011-10-19 14:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-19 14:40 . 2011-10-19 14:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-19 14:40 . 2011-10-19 14:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-19 14:40 . 2011-10-19 14:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-19 14:40 . 2011-10-19 14:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-19 14:35 . 2011-10-19 14:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-19 14:35 . 2011-10-19 14:35 525544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_01.16.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-01-14 02:05 45030 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-14 02:05 38470 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-05 11:15 . 2011-07-06 17:44 34288 c:\windows\system32\drivers\GEARAspiWDM.sys
- 2012-01-05 09:56 . 2012-01-12 00:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-05 09:56 . 2012-01-12 01:54 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-05 09:56 . 2012-01-12 01:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-05 09:56 . 2012-01-12 00:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-12 01:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-12 19:47 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-05 09:58 . 2012-01-14 02:05 8096 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-617796265-1180705624-484042273-1001_UserData.bin
- 2012-01-12 01:15 . 2012-01-12 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-14 02:03 . 2012-01-14 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 01:15 . 2012-01-12 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-14 02:03 . 2012-01-14 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-14 02:00 . 2012-01-14 02:00 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
- 2009-07-14 04:54 . 2012-01-12 01:06 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-14 02:06 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-14 02:00 . 2012-01-14 02:00 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-01-14 02:00 . 2012-01-14 02:00 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
- 2012-01-05 10:41 . 2012-01-12 01:15 277320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-05 10:41 . 2012-01-14 02:03 277320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-01-14 02:03 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-12 01:15 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-01-12 01:06 6635520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-14 02:06 6635520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-05 10:22 . 2012-01-14 02:03 1674288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-617796265-1180705624-484042273-1001-8192.dat
- 2009-07-14 04:54 . 2012-01-12 01:06 10108928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-14 02:06 10108928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-12-17 4689992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120111.003\IDSvia64.sys [2012-01-04 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-12-17 63048]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-04 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001Core.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001UA.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-01-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
Completion time: 2012-01-13 21:15:48
ComboFix-quarantined-files.txt 2012-01-14 02:15
ComboFix2.txt 2012-01-12 01:19
.
Pre-Run: 580,653,445,120 bytes free
Post-Run: 580,476,612,608 bytes free
.
- - End Of File - - BED078A4B22739C21C5AFBA316EDF369

thanks,

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Chr » January 13th, 2012, 10:29 pm

Not sure if mcafee completely removed? Is this reflected in the log?
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 14th, 2012, 11:42 pm

Hi, dont worry about Mcafee for now, we will deal with your root kit first

Is norton still detecting any more trojan which does not has a .vir extension?

Please download Junction.zip and save it to your desktop.

  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (C:) > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish

    Click Start > Run. Copy and paste the contents of the codebox below into the run box.
    (Do Not include Code:) Then click OK:
Code: Select all
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt
  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 15th, 2012, 1:44 pm

Hi!


I'm having trouble running this program.

After selecting local C; in the destination box and clicking ok, I went back to the extraction wizard, but it does not say next, rather it says extract. I unclicked "show extracted files" and then clicked extract; finish tab did not appear in wizard box.

I proceeded to start/run and entered code, but a command window did not open so I don't think anything was scanned.


as far as detection by Norton, I did not receive any virus alerts in the short while I was logged onto the Internet(about 30 min) I have not done a virus scan yet per your instructions.

thanks

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 16th, 2012, 6:16 am

Hi, lets do this to fix junction..

Extract junction from the zip file into the root of C:\ drive
So it appears as C:\junction.exe.

  • Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0
  • Save it to your desktop as File name: junc.bat.
  • Save as type: All Files.
    Image
    junc.bat<<------------- you should see this on your desktop.
  • Right click on junc.bat and select " Run as administrator " to execute it.
    A black CMD window will open, and then disappear after the scan is complete...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 16th, 2012, 11:20 am

hello,

still having problems..I think I now have duplicate files in Junction folder preventing proper execution



Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Recovery: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00c84d6fca95754d245647557acd6cf7_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\040e4afb6b3e77206af610cd6eb3e6d9_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\047ee688222e01000d3ffe45d819c6d4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0946c65c45fa895d42249d5c96609dd2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\16ca38202236f9820078e4aac47ddd56_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\16edb4191113d9ff0a1d3b98affdf2f4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1797a764fd816c4b7c6ff28d41adaad1_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1ac6d755252cadbacc3da89ff4ce6f4e_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1bd7220cca85123bc3d2acd49fd46328_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28014ab29819dd8cfc77e89b859fa8b4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a59fa9c787a9cd6f3a15e65a609944c_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d707413a16249776bf696af6f4fef90_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d916abd4b928761b0d12bfe1d709ef3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\315e934af481fd0ca7d0834b5cbd1b20_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37cdc916ce2ebf292cb015b8d9ae8726_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3986ba2b2d38c0e221bb07378ea1e4e3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ccacd92b2b8ed3c8148396fe1220753_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4836d4fb2003b479e79e2b94694eea14_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\483c12b2f3d40e1fe89643f5b15c821f_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b33abae388b00d5fcde2096e7609bc2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d06c197637dfdc088648640025ffc23_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\53afe2a52fa6ad3b81aacd9e8999527c_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55ff1d1e45ba4d1fdf199ce250481ea4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5772df4de3438d0aa1c91c8b48173a80_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57d3397e5c255c3e258119fe18b6eaf2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\58ca1df0f4c01394d9d2299fb3805319_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5dc42293dc969af11e0732a85cf2e9bb_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e0f9b74ed9e52100a217dc7df0f0c61_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\614d39f3f4ef290fe96edf7b3799725c_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\61e4c4e17d68cb0e17ac5f673764096b_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\700965cf04167e66db8a51c667ac2963_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82b010884d0f3c35dd94cbbfd7b0cc2d_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84004d69503f7640624cf340094281ce_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8748b28494577ac01adeb5a53e91acf2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a84f335b14e5547502022de1e080111_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b686d27d5184ad5534b0c97a776f02b_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90fa52bea3b21d9b67bbee4a734842a3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9bd2a2d74b6ebb7d00878fb2f86143d5_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1a08a436e456784a2db866cc76d635d_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abdedb4ae679d720db1686a43269d286_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ad7fa2b567a5ac02bd8c7899939de996_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b1ee31ea2a6994fecc09f6dca101380f_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5d2ec543314b392565030eb25227336_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b649b7eced59ef08ac3bf25717ab3e7e_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c399d7422a4602289cc69a2beca22c50_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cadd809b7115bf8f152db607c7c0b408_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb422ff734b5836d8aaaa6aa36049468_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdde67b50e34082cd457715775d5c444_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdf5d456d83f2ccfa12ca41a1f861517_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7a2a0893ef9d6e1ec48d43c5b3e992a_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f15dd0290d312272cc72e55c91507068_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2378b2e10f90ad62d7768c4c0dd4c7e_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f401079360ce95365b584e2cd26443f4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f59113bbab4575d6848428081b2afb82_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f8d2474a1743c465fa9786e71d069cc2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa368832f9280008a6b2d20a1c194c39_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd0c4c2d48f2cea5380eace2318913e3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.




...
Failed to open \\?\c:\\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.



Failed to open \\?\c:\\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.




...


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.



Failed to open \\?\c:\\System Volume Information\WindowsImageBackup: Access is denied.



Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{416b3f31-37fb-11e1-9789-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{60964f44-3b3e-11e1-a9eb-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{ca6525d6-3782-11e1-a235-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{cb8aac53-3b43-11e1-a8b4-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{cf57223e-381b-11e1-9d4d-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{d7452f2b-3789-11e1-948b-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{e7125f90-3ada-11e1-b369-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{f3436f34-3e53-11e1-ad49-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{fab94856-3bfe-11e1-9f6d-18037398de2f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.


\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\00c84d6fca95754d245647557acd6cf7_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\040e4afb6b3e77206af610cd6eb3e6d9_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\047ee688222e01000d3ffe45d819c6d4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0946c65c45fa895d42249d5c96609dd2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\16ca38202236f9820078e4aac47ddd56_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\16edb4191113d9ff0a1d3b98affdf2f4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1797a764fd816c4b7c6ff28d41adaad1_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1ac6d755252cadbacc3da89ff4ce6f4e_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1bd7220cca85123bc3d2acd49fd46328_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\28014ab29819dd8cfc77e89b859fa8b4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a59fa9c787a9cd6f3a15e65a609944c_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2d707413a16249776bf696af6f4fef90_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2d916abd4b928761b0d12bfe1d709ef3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\315e934af481fd0ca7d0834b5cbd1b20_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\37cdc916ce2ebf292cb015b8d9ae8726_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3986ba2b2d38c0e221bb07378ea1e4e3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3ccacd92b2b8ed3c8148396fe1220753_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4836d4fb2003b479e79e2b94694eea14_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\483c12b2f3d40e1fe89643f5b15c821f_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4b33abae388b00d5fcde2096e7609bc2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4d06c197637dfdc088648640025ffc23_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\53afe2a52fa6ad3b81aacd9e8999527c_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\55ff1d1e45ba4d1fdf199ce250481ea4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5772df4de3438d0aa1c91c8b48173a80_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\57d3397e5c255c3e258119fe18b6eaf2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\58ca1df0f4c01394d9d2299fb3805319_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5dc42293dc969af11e0732a85cf2e9bb_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5e0f9b74ed9e52100a217dc7df0f0c61_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\614d39f3f4ef290fe96edf7b3799725c_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\61e4c4e17d68cb0e17ac5f673764096b_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\700965cf04167e66db8a51c667ac2963_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\82b010884d0f3c35dd94cbbfd7b0cc2d_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\84004d69503f7640624cf340094281ce_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8748b28494577ac01adeb5a53e91acf2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8a84f335b14e5547502022de1e080111_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b686d27d5184ad5534b0c97a776f02b_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\90fa52bea3b21d9b67bbee4a734842a3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9bd2a2d74b6ebb7d00878fb2f86143d5_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a1a08a436e456784a2db866cc76d635d_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\abdedb4ae679d720db1686a43269d286_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ad7fa2b567a5ac02bd8c7899939de996_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b1ee31ea2a6994fecc09f6dca101380f_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b5d2ec543314b392565030eb25227336_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b649b7eced59ef08ac3bf25717ab3e7e_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c399d7422a4602289cc69a2beca22c50_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cadd809b7115bf8f152db607c7c0b408_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cb422ff734b5836d8aaaa6aa36049468_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cdde67b50e34082cd457715775d5c444_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cdf5d456d83f2ccfa12ca41a1f861517_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d7a2a0893ef9d6e1ec48d43c5b3e992a_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f15dd0290d312272cc72e55c91507068_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f2378b2e10f90ad62d7768c4c0dd4c7e_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f401079360ce95365b584e2cd26443f4_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f59113bbab4575d6848428081b2afb82_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f8d2474a1743c465fa9786e71d069cc2_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fa368832f9280008a6b2d20a1c194c39_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fd0c4c2d48f2cea5380eace2318913e3_83d90a4a-5d1d-4769-9618-a20674991a41: Access is denied.


..

.
Failed to open \\?\c:\\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine: Access is denied.



Failed to open \\?\c:\\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.


..

...\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\KidVersatile\Application Data: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming
Substitute Name: C:\Users\KidVersatile\AppData\Roaming

\\?\c:\\Users\KidVersatile\Cookies: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\KidVersatile\Local Settings: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Local
Substitute Name: C:\Users\KidVersatile\AppData\Local

\\?\c:\\Users\KidVersatile\My Documents: JUNCTION
Print Name : C:\Users\KidVersatile\Documents
Substitute Name: C:\Users\KidVersatile\Documents

\\?\c:\\Users\KidVersatile\NetHood: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\KidVersatile\PrintHood: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\KidVersatile\Recent: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\KidVersatile\SendTo: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\KidVersatile\Start Menu: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\KidVersatile\Templates: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\KidVersatile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\KidVersatile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Local
Substitute Name: C:\Users\KidVersatile\AppData\Local

\\?\c:\\Users\KidVersatile\AppData\Local\History: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\KidVersatile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\KidVersatile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\KidVersatile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\KidVersatile\AppData\Local\Microsoft\Windows\Temporary Internet Files



...

.\\?\c:\\Users\KidVersatile\Documents\My Music: JUNCTION
Print Name : C:\Users\KidVersatile\Music
Substitute Name: C:\Users\KidVersatile\Music

\\?\c:\\Users\KidVersatile\Documents\My Pictures: JUNCTION
Print Name : C:\Users\KidVersatile\Pictures
Substitute Name: C:\Users\KidVersatile\Pictures

\\?\c:\\Users\KidVersatile\Documents\My Videos: JUNCTION
Print Name : C:\Users\KidVersatile\Videos
Substitute Name: C:\Users\KidVersatile\Videos

.\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

.

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7880c867-3815-11e1-a36a-18037398de2f}.TM.blf: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7880c867-3815-11e1-a36a-18037398de2f}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{7880c867-3815-11e1-a36a-18037398de2f}.TMContainer00000000000000000002.regtrans-ms: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 17th, 2012, 12:54 am

Hi

Step 1
Update Java SE Runtime Environment (JRE).
Uninstall old java
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Java(TM) 6 Update 27


Please download the latest Java Runtime Ennvironment from HERE
  • Find Java SE 7u2.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 17th, 2012, 11:24 pm

hello alander,

here's my eset logfile

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\Users\KidVersatile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\13eb6b6b-1b9210c9 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\KidVersatile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\304979ff-54ca4021 multiple threats
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan

thanks,

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 18th, 2012, 2:39 pm

Step 1.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    KILLALL::
    
    ClearJavaCache:: 
    
    File::
    C:\Windows\assembly\temp\U\80000032.@
    
    Folder::
    C:\Windows\assembly\temp\U
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Step 2.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Combofix Log
  3. How is the computer behaving?
Thanks
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 18th, 2012, 11:49 pm

hello Alander,

I'm communicating to you from another computer as I 'm unable to load any programs from the desktop of the compuetr we are trying to fix. For eaxmple when I try to load internet explorer I receive an error message that states, the item is not available it has been moved, renamed or removed -- followed by do I want to remove it from the list? please advise
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Chr » January 19th, 2012, 12:13 am

I rebooted the computer and appear to have regained access to the internet. Here is my combo logfile:


ComboFix 12-01-18.04 - KidVersatile 01/18/2012 22:17:04.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2237 [GMT -5:00]
Running from: c:\users\KidVersatile\Desktop\ComboFix.exe
Command switches used :: c:\users\KidVersatile\Desktop\cfscript..txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\temp\U\80000032.@"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 03:21 . 2012-01-19 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 02:12 . 2012-01-18 02:12 -------- d-----w- c:\program files (x86)\ESET
2012-01-18 02:06 . 2012-01-18 02:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-18 02:06 . 2012-01-18 02:06 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-01-18 02:06 . 2012-01-18 02:06 -------- d-----w- c:\program files (x86)\Java
2012-01-14 02:02 . 2012-01-14 02:02 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-01-11 02:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 02:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 02:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 02:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 02:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 02:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 02:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 04:41 . 2012-01-10 04:41 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-10 04:33 . 2012-01-10 04:33 -------- d-----w- c:\windows\SysWow64\vmm32
2012-01-10 03:56 . 2012-01-10 03:56 -------- d-----w- C:\inetpub
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-09 16:08 . 2012-01-09 16:08 -------- d-----w- c:\windows\system32\Wat
2012-01-09 16:05 . 2012-01-09 16:05 -------- d-----w- C:\122cb0ca4002658f57f250
2012-01-06 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-01-06 12:40 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-01-06 12:40 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-01-06 12:40 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-06 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-06 12:40 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-06 12:40 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-01-06 12:40 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-06 12:40 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-01-06 12:40 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-01-06 12:39 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 12:39 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-01-06 12:39 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-01-06 12:39 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-01-06 12:39 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-06 12:39 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-06 12:39 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-06 12:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-06 04:38 . 2012-01-06 04:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-06 03:27 . 2012-01-06 03:27 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-06 03:24 . 2012-01-06 03:25 -------- d-----w- c:\programdata\PCDr
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-06 01:56 . 2012-01-06 01:56 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-06 01:01 . 2012-01-06 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 23:31 . 2012-01-05 23:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-01-05 11:09 . 2012-01-05 11:12 -------- d-----w- c:\programdata\Apple
2012-01-05 10:55 . 2012-01-05 10:55 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 11:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-05 10:47 . 2012-01-05 22:29 -------- d-----w- c:\program files\Symantec
2012-01-05 10:47 . 2012-01-05 22:29 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-01-05 10:47 . 2012-01-05 23:59 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-01-05 10:47 . 2012-01-05 10:47 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-01-05 10:47 . 2012-01-06 01:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-01-05 10:45 . 2012-01-06 01:56 -------- d-----w- c:\programdata\Norton
2012-01-05 10:39 . 2012-01-05 10:39 -------- d-----w- c:\programdata\IsolatedStorage
2012-01-05 10:38 . 2011-07-05 15:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-01-05 10:38 . 2011-07-05 15:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-01-05 10:38 . 2011-07-05 15:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-01-05 10:38 . 2011-07-05 15:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-01-05 10:38 . 2011-07-05 15:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-01-05 10:38 . 2011-07-05 15:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-01-05 10:38 . 2009-06-12 21:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\programdata\GID
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\program files (x86)\SFT
2012-01-05 10:37 . 2012-01-05 10:38 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-01-05 10:37 . 2012-01-05 10:37 -------- d-----w- c:\programdata\White Sky, Inc
2012-01-05 10:36 . 2012-01-05 10:36 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- C:\FIND_EULA_PATH
2012-01-05 10:02 . 2012-01-05 10:02 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2012-01-05 09:57 . 2012-01-19 03:09 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-01-05 09:56 . 2012-01-05 09:59 -------- d-----w- c:\users\KidVersatile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 02:06 . 2011-10-19 14:35 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-15 17:32 . 2010-09-07 20:39 150392 ----a-w- C:\junction.exe
2012-01-05 09:57 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_01.16.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-01-19 03:11 45198 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-19 03:11 38892 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-05 11:15 . 2011-07-06 17:44 34288 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2012-01-05 09:56 . 2012-01-14 02:19 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-05 09:56 . 2012-01-12 00:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-05 09:56 . 2012-01-14 02:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-05 09:56 . 2012-01-12 00:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 00:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-14 02:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-12 19:47 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-18 03:17 . 2012-01-18 03:17 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\5b39108886107f654624373c54000e3c\dfsvc.ni.exe
+ 2012-01-18 03:16 . 2012-01-18 03:16 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\41d4534c5a98fd1bc7edc2f73cd41a0a\Accessibility.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\1c177e9aa7a1661ddec16c2f9f30947c\UIAutomationProvider.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\5489f3d82b02843c58a4942afd3807e6\System.Xaml.Hosting.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\e4f0e0d45a1739bad6cc96377c9dd7f2\System.Windows.Presentation.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\dcb1470c8023acb632bcfcbfc59ec414\System.Web.Routing.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\55b0452fe2e58293dfd0f6e76c69521f\System.Web.DynamicData.Design.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\385b56be2d617548e4b731dd050a1f32\System.Web.ApplicationServices.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\746c855ad48e4617be760a79dac159b8\System.Web.Abstractions.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e6b2baae6e7f7ce6d4686c2a0ae21417\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e08ecf530f270cd45c72318b67826cb1\System.ServiceModel.Channels.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\117b65133fc00228bc249d1c61c387ea\System.AddIn.Contract.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6d611400f2dcc8cf1be7bc0040911cd4\Microsoft.Workflow.Compiler.ni.exe
+ 2012-01-18 02:22 . 2012-01-18 02:22 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\432eb09604ab71ee1aa4622bfbc4afee\Microsoft.VisualC.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\06ac8d640d2dfa7d4bb23c03584304ef\Accessibility.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\0d036f215cfdf37305d84ac680e19413\System.Windows.Presentation.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\3a5529f1de05952773c725a6ff2e07fb\PresentationFontCache.ni.exe
+ 2012-01-18 03:09 . 2012-01-18 03:09 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\c066431266a5b4c8326779d12542161c\PresentationCFFRasterizer.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\621b2f176909228deae402a6031e7420\Microsoft.WSMan.Runtime.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\ecd29eb2eda46acfda1229f8362f60e9\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\d77eafc89b58f5466b7555d89a293c50\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\c1e58a266d600248f08dca600457e346\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\9f1ca68fbcefac4ef4f13e5f5604ad82\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8260ae5a7d4a7e7cd907c958858da284\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\371120a0816ba5ce909b8e1341da376f\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\866c57c6e58cbe8249b36f21ec8ac18a\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\584f193ae53236bf55cd78b246214d83\LoadMxf.ni.exe
+ 2012-01-18 02:51 . 2012-01-18 02:51 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\50cda8ab4cd566b222342c3da14302d3\ehiUPnP.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\fae9950502b5464108feda9d64ebea78\ehiTVMSMusic.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\7de9a8137a33d06dad01c8405d960037\dfsvc.ni.exe
+ 2012-01-18 02:21 . 2012-01-18 02:21 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\de6cc37afc2bb3ea973c29211f0b21d8\System.Windows.Presentation.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2012-01-05 09:58 . 2012-01-19 03:11 8402 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-617796265-1180705624-484042273-1001_UserData.bin
+ 2012-01-19 03:22 . 2012-01-19 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 01:15 . 2012-01-12 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-19 03:22 . 2012-01-19 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-12 01:15 . 2012-01-12 01:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-18 02:37 . 2012-01-18 02:37 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\3a2ab56bb224b871516526753985ff69\System.Xml.Serialization.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\5cc246adea1b07b9c2a76bbe86fbfe2e\dfsvc.ni.exe
+ 2012-01-18 02:06 . 2012-01-18 02:06 223112 c:\windows\SysWOW64\javaws.exe
+ 2012-01-18 02:06 . 2012-01-18 02:06 173960 c:\windows\SysWOW64\javaw.exe
+ 2012-01-18 02:06 . 2012-01-18 02:06 173960 c:\windows\SysWOW64\java.exe
+ 2012-01-14 02:00 . 2012-01-14 02:00 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
- 2009-07-14 04:54 . 2012-01-12 01:06 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-19 03:11 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-14 02:00 . 2012-01-14 02:00 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-01-14 02:00 . 2012-01-14 02:00 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2012-01-05 10:41 . 2012-01-19 03:21 396448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-01-19 03:21 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-12 01:15 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-18 02:06 . 2012-01-18 02:06 179200 c:\windows\Installer\faac7.msi
+ 2012-01-18 02:06 . 2012-01-18 02:06 941568 c:\windows\Installer\faac2.msi
+ 2012-01-18 03:17 . 2012-01-18 03:17 462336 c:\windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\23080c9d63ee42eae5ac396c264e495a\WsatConfig.ni.exe
+ 2012-01-18 03:17 . 2012-01-18 03:17 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\b94e86c584564773de3fe2b4b3b8ecbb\System.Security.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\55ac95edd96a5e6b675bb9b42d460b0b\System.Numerics.ni.dll
+ 2012-01-18 03:18 . 2012-01-18 03:18 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\86913afe1c8f5138c9ba36fdf6603bf8\System.Dynamic.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\bf456f7f6470250f58b92158aefdc008\SMSvcHost.ni.exe
+ 2012-01-18 03:17 . 2012-01-18 03:17 364544 c:\windows\assembly\NativeImages_v4.0.30319_64\MSBuild\4dcb4a50313669fd0fd695618ade63bb\MSBuild.ni.exe
+ 2012-01-18 03:18 . 2012-01-18 03:18 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\694c3f74f790e2c327f114dfbe4983c2\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\564ac3c43476b8ab10b6cb58796050b1\Microsoft.Build.Framework.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\39973e3573bd27e6897e631ac1570c85\CustomMarshalers.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 661504 c:\windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\09cc3399142a93d77f317dda8c18a346\ComSvcConfig.ni.exe
+ 2012-01-18 02:37 . 2012-01-18 02:37 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\7e0d2d75413d4a9e9bd8c0f4247cb5ad\XamlBuildTask.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\33da753d82a6197d0d509a201bbfc852\WsatConfig.ni.exe
+ 2012-01-18 02:37 . 2012-01-18 02:37 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\962b04386ebf18f5871d5ceefa83ba4b\WindowsFormsIntegration.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5b96ee4992d9559ba5483c769bc5c889\UIAutomationTypes.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1c29539a07226b411e0a1a47aed57183\UIAutomationClient.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\bd729791a7504ef9ecb4ad6ebfd94935\System.Xml.Linq.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\dcad72e49476386b76a81d2df187c32c\System.Windows.Input.Manipulations.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\61d167ccb39883e299dc77f063ab2e12\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\ca9836cb3b95554e43f7f19aeec0b828\System.Web.RegularExpressions.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\c4688bf6b864e76fbd936a7fdd5f0748\System.Web.Extensions.Design.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 335360 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\8614eb36d94b640ab78ca4b7165f08f8\System.Web.Entity.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\8e2860651899e90f4de23486fbd5be87\System.Web.Entity.Design.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 712192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\b1c10c1591154f94a93dad7bb306f3ed\System.Web.DynamicData.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\17f371e10888ff6fdee8274a11f2605a\System.Web.DataVisualization.Design.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\caf1d94cb89859c72d6c8cd8774068d3\System.Transactions.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd104bb2f798661c5a972249582b5441\System.ServiceModel.Routing.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 432640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b998d241c567915a2069d0c790dd6c53\System.ServiceModel.Activation.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\bed774dde4b62ed1d2d55c2d1769d600\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b209c76b6b03bee6deedfa3e1a8c4290\System.Runtime.Remoting.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\6df772247e44fc7cdaba2a87318ded7a\System.Runtime.Caching.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\56fe9070b1d56613fd5cf7c73ec3b26f\System.Net.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\420c9d9b271bc26d1b6f437f1f4913a9\System.Messaging.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\b71ea67c5bfa5b660efc12eb1c6ea4af\System.Management.Instrumentation.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\267d7dbdbe126590fba4a11c1ab12926\System.IO.Log.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\4ca1f130cbacf72beedf13da42b93e75\System.IdentityModel.Selectors.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.Wrapper.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd4f85af43b2c177c8d085a8ba3f4993\System.EnterpriseServices.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\4178d8536c67896ab77af36a48ee7ec4\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\324617c0a492d6acc64325c836553f2c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\ca25f888c067fa170d8bba824efa2ca8\System.Device.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 508928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\8feecdcd543403861ae71d1c7c37a67b\System.Data.Services.Design.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\282487a15f595c199b6cc640ea8995e8\System.Data.DataSetExtensions.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\06f71e66b9913a24c22f85a0caef3ae4\System.Configuration.Install.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\fa608e0882b98981cb6fd6e0754bdff8\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\f407937d4694c46537c470007a1df957\System.AddIn.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\80347a66af30b5c14c0114baee4c64f8\System.Activities.DurableInstancing.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\fcbb4a33ebdc8562603bc7f725a088ce\SMSvcHost.ni.exe
+ 2012-01-18 02:22 . 2012-01-18 02:22 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\398a52caf1e9fd1a6ea9dd589b0f6e68\SMDiagnostics.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\ce052e5d9cce0ad70641f6acb224c1f7\MSBuild.ni.exe
+ 2012-01-18 02:22 . 2012-01-18 02:22 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edec5402d5424967ba20de137835ed2a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\f4ab32c177d931f26072a14c27efc3b5\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 631808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\ae452aa8f848e88d0421eecc170480ef\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\9a104cc9f3595d573c157c26302d62f0\Microsoft.Build.Framework.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 136192 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\cbedef8393b2e7ef4115db1576296212\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\48ad8351ab66166c853d410d3282a408\CustomMarshalers.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 475136 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\c6a7103a6ee46deb73a7343bd7e71e61\ComSvcConfig.ni.exe
+ 2012-01-18 02:21 . 2012-01-18 02:21 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\453bbfe8e7f07f9be9fe1c690687e15b\AspNetMMCExt.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\756011e2290f779331336b1659d804e9\WsatConfig.ni.exe
+ 2012-01-18 03:16 . 2012-01-18 03:16 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\bdf567eb555bffe4d9f4383b6b97832b\WindowsFormsIntegration.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\344ac206baaadddc6f7c5fb8ae189b1a\UIAutomationTypes.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\7a61dc7e8c606d1ed2c703cbeae2f8ef\UIAutomationProvider.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\93585639099b0e1b8280eb528fb12c0b\UIAutomationClient.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\da4abebb1b165f2d27c5fe5bc6e9ed71\TaskScheduler.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\2b9253e5a2818152f9f1a3b9d7c7ee60\System.Xml.Linq.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\d78f9ad8894e441f38d96697bee1d6fa\System.Web.RegularExpressions.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\8428a82fd82a1ef1d3dab07be67dd78f\System.ServiceProcess.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b3b42692707c0f555807def0c4acefe3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\1d7d8aef36a4181c824e7b19a5717181\System.Net.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\7b701647e76dc015ef7574b789abac7b\System.Messaging.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\515b6d806d49ee9f3a0c4777c313c5a9\System.Management.Instrumentation.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 569856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\09e99130b92146abae3d4c9b5c8bb116\System.IO.Log.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ab72e394c92f57172be9a9d29be90e90\System.IdentityModel.Selectors.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ea326d1e49d4824358eb5826fe52921a\System.DirectoryServices.Protocols.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 629760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a342b0087027682df86caa73cf0dc223\System.Data.Services.Design.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\0749a52124e604d5104322fd60606810\System.Data.DataSetExtensions.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\7d99138fb23b6c17aa205d49c6bfce9e\System.Configuration.Install.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\63c8a0af333eb6fa7d73d5b30c9acb38\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\3867b72f0fdef0241a18f0c6767ecf05\System.AddIn.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\edf038eef2dc9f21b13da8bdc046a834\System.AddIn.Contract.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\0ba53d547dabd039b0cfc9ce52fa6c57\sysglobl.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\ce64633f4e4ba6f3c45ad5ad6a35d736\SMSvcHost.ni.exe
+ 2012-01-18 02:39 . 2012-01-18 02:39 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\d912b15f4aaac2455b690f6e477a67b1\SMDiagnostics.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\d1f466e30784f97cdb0df13554276dd5\napsnap.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\864f48b66cc44fcc43b7a40bc2ccb3cd\napinit.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\fd2464358cddfa04f46d55b9153249e3\naphlpr.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\717cc07bafa8f50a6f87be383fa9018b\napcrypt.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1b9e231c729d1e59a4610531e0314c6d\MSBuild.ni.exe
+ 2012-01-18 03:02 . 2012-01-18 03:02 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\091f53e39941f5371814cc96d71729a3\MMCFxCommon.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 681984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\8f7d31b01ed5d655fd5c48117453f960\Microsoft.WSMan.Management.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\520f7ea348d330647c204acc32afadae\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 657408 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Web.Admin#\f7c1148305df94f8bd73c92b7b1ea3c7\Microsoft.Web.Administration.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\3c37f454edf0064bb10747920ae0be9d\Microsoft.Vsa.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\3bdebcf5831c9f66c55e7b650713b2e9\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\f616652a9327d4f41f9adc33aedd8feb\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\9e3b197d73893a55ec7bf4d4dda692e2\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\7bba925a067b6efc53e6e4ea3c458dc0\Microsoft.PowerShell.Security.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\608d7a44baf1367d7f4b8aa8e96e3d82\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c9b6a9b9a26ac6d9d3575cda488172ce\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c0673b635e9f01e3084c383e1cc689e5\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a743124afb874ab00d713ab50a7d850d\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\a4bde939b3d8da9baf5939b9e62d9ef7\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7de5318ee2be8e2b8fcffde83c79ab7c\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\53074205d60375dc33155586a27d07eb\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\377d824dde728ce28d61ef522c3be808\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\e1b7ce3acfe6f344c39e96d33637c4af\Microsoft.ManagementConsole.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\a1a7ca0c475f607d60d4c8c17b5049af\Microsoft.Build.Utilities.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 244736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\8eda32beeba1d8dff2848edce97f15b3\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\9f5bcff6a0b169efa6b607efd8789ea9\Microsoft.Build.Framework.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 121344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\0ef8fa5e835e9ae9fd9a20e5d5058460\Microsoft.Build.Framework.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\0c7a36fa5c4a99e157201a67c10ba344\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 107008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\77b758c083ce18f7ff9c262e4f6291e4\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\a37f126e2b6bbb6f476c0d14399949b0\Mcx2Dvcs.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\99229f50cf34d755c07c74f5d7e88803\mcupdate.ni.exe
+ 2012-01-18 02:50 . 2012-01-18 02:50 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\22e35c0c53328cbd317a395f81ce7122\mcstoredb.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\4dce2da44e40d021caecb8243667718e\mcplayerinterop.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\9376158dbb6294a55db5b75cf78a06a4\mcGlidHostObj.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\b8735694a594d872e3b89050c3883f5c\MCESidebarCtrl.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\e96db8294b247cffcbd2df3cde0ece40\EventViewer.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\d8fcbbc454183dbd4883686dce6fb198\ehRecObj.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\87f11d95ab10469f888fd76c45f9fceb\ehiWUapi.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\a24c79d19a6d2a3e8ca587ecddd3e735\ehiwmp.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\0de7a02857c6041bc2c86c1db3ca8c23\ehiUserXp.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\421eb174f94249cf6a3b9e517baa82f8\ehiiTv.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d5bf6f8e9e3d08d407ed68b714c268ae\ehiExtens.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\b55c3bb24dda0acda2bc332cc3016f75\ehiBmlDataCarousel.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 125440 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\fa493e64ca63def1a404a0d4b44cdefc\ehiActivScp.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\88c5012f9a84d220dc4d413c7935dd07\ehExtHost.ni.exe
+ 2012-01-18 02:39 . 2012-01-18 02:39 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\574c597861e298e143212535dc1e19ec\ehCIR.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1e040217cf674c6cf528fbfe18c4c2f8\CustomMarshalers.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\0f0e4119556b49e8e2adcd3a441753fc\WsatConfig.ni.exe
+ 2012-01-18 02:19 . 2012-01-18 02:19 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\329019fd5a84e532efc88250db9ed5da\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e63f072f12ca1a4a1a8c99512fa54370\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88356232fa6d15629a0b7224aaa22297\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8041474a243d46b192991297460fb304\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\8c9f15092dab9a5f36d9f160b69d108c\TaskScheduler.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\573003889d88b6c133de7360960c9da0\System.Net.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\2e7668ad46be53fe98c5fbe4b3bf733e\System.Management.Instrumentation.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\ebd645cff62cef59eaf1ef8e3b3c5127\System.IO.Log.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7c86a11e96b7e798d5db164c22ea0268\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 462336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\50da9308aea01ad914cc87509dd968ec\System.Data.Services.Design.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\571bcd3c57411a09469a58c7462a4c8b\sysglobl.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Admin#\a640a7d5cac4cd1f6ca06aba00d1a406\Microsoft.Web.Administration.ni.dll
+ 2009-07-14 04:54 . 2012-01-19 03:11 6635520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 01:06 6635520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-05 10:22 . 2012-01-19 03:21 1846416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-617796265-1180705624-484042273-1001-8192.dat
- 2012-01-05 10:34 . 2012-01-10 04:42 1464404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-617796265-1180705624-484042273-1001-12288.dat
+ 2012-01-05 10:34 . 2012-01-18 03:32 1464404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-617796265-1180705624-484042273-1001-12288.dat
+ 2012-01-18 03:17 . 2012-01-18 03:17 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\9a1aea68b24af9040536b0677c6c35ab\System.Xml.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\e814961ae6ed88dea384d113dca52c04\System.Xaml.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\98dd37909515a67fd621cfafd612c24e\System.Data.SqlXml.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\88d89c2eb5f36a33cec8d1734c311f23\System.Configuration.ni.dll
+ 2012-01-18 03:18 . 2012-01-18 03:18 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\8d82f84f064acfa2e734042c688fd599\Microsoft.VisualBasic.ni.dll
+ 2012-01-18 03:18 . 2012-01-18 03:18 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\72cbd2497c6b84681a6926a84be01f5c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-18 03:18 . 2012-01-18 03:18 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\5776a31cf6c5891f87a52a801f9e1f09\Microsoft.CSharp.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 6004736 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build\f1d04aa2110520e93378c661211c6190\Microsoft.Build.ni.dll
+ 2012-01-18 03:17 . 2012-01-18 03:17 2521088 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Eng#\4822820cf3af306793ecfc6f88d91306\Microsoft.Build.Engine.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 1007104 c:\windows\assembly\NativeImages_v4.0.30319_64\AspNetMMCExt\122733b12d421862dca6ce320ac6b733\AspNetMMCExt.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\ac9379a0db1d8da11fbc46f09da411db\UIAutomationClientsideProviders.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 1223168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\c62d9d8bb2b22f8eaf9d8cbbf6123e47\System.WorkflowServices.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 1971712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\e8804a70f32e7804d259792e7d27b5b8\System.Workflow.Runtime.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 4462080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\f638262978c936c3303c8f23e6da9e13\System.Workflow.ComponentModel.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 2871808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\a0ba653e91dcb6fbbfb94e37e18ed736\System.Workflow.Activities.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e3a0483820fafd51c8cd4576de6eb45f\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\53f1ed558eef032f8678a10b623db2c6\System.Web.Services.ni.dll
+ 2012-01-18 02:37 . 2012-01-18 02:37 2334208 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f2f7d93088dc2d346d680763d464c03f\System.Web.Mobile.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 3126784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\3722b214046f3e48d9e78d9adf233263\System.Web.Extensions.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 4535808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\a439f6190b9ad82d9345292736777c85\System.Web.DataVisualization.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6663f8ba0327399c1a5b313707cff36f\System.Speech.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 1086464 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d40d01d24635877797a3c389510d9c3a\System.ServiceModel.Web.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 1392640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a19563d781ccd0807a41d27701d485c6\System.ServiceModel.Activities.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9be7f7f68d488eb02161d3f0663a61a4\System.ServiceModel.Discovery.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\993f89ba22499c379d2a9dd25d13cd94\System.Runtime.Serialization.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\41a4f6cc5d596e952fd880ae1a47308f\System.Runtime.DurableInstancing.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\0a30a201408744c5315446aef7fb3d5a\System.Printing.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\16c385f23b5e493899f0d206dfb60094\System.IdentityModel.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\83a815291644645a3ab1ce55452e1e61\System.DirectoryServices.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\1c2d038775f2c9d42468261118019e6b\System.Deployment.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 2026496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\66ebacc95030b565991917af67cbd885\System.Data.Services.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 1343488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\c05998cb3411b039bdfb5d852e1413be\System.Data.Services.Client.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\297e20aedbc0abc2711e8f15ae36f335\System.Data.OracleClient.ni.dll
+ 2012-01-18 02:35 . 2012-01-18 02:35 1424384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\3713bc9e571e75a2f26a3b082b3f2609\System.Data.Entity.Design.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\e69e487d338ceb3883b7d175885f0794\System.Activities.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\cc25c620acedf02fd6b5c46238643cab\System.Activities.Presentation.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\49577d8acbf16b6091f5466feae43403\System.Activities.Core.Presentation.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 2907136 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\2d23bb6dd81b41002c8f927b95b7b226\ReachFramework.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\ec64d7c99f7e030d39c355ce7a968600\PresentationUI.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1479168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\77c9bb5aaa8ade0210be1b82157d229c\PresentationBuildTasks.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c7dd3d91f33a79c70db8bd805a483f4b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7f04ac71484ee71aa7fc4af63df8d146\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\51df2ad80d91a7669dd1856a9c1061f9\Microsoft.VisualBasic.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\477c9b916a9aee0a8beb041ee00a5fcb\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\614f6f698d269e2c56bf23feba58551c\Microsoft.JScript.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 4247552 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\cb596713b318ca6084459706ee3509d6\Microsoft.Build.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\a7dc4a3464c06fafd377f691b7be47ea\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1931264 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\6b394cc83afec2d8a4baf7bad5c17bb5\Microsoft.Build.Engine.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 1459712 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\888e738b2d4904fc2193ea2237acb01e\UIAutomationClientsideProviders.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 2727936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Speech\8e2d63ddf8223dab939bbdf5a9a51185\System.Speech.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 3073536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\1377c29b871c7eb768769b5f4bdbb15d\System.Runtime.Serialization.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\ea01287229d87b63089ee4fa545d70a3\System.Printing.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 1472000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2fb0402632ad5e804276ac653a95ef80\System.Management.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 1230848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\ece506e2c1e0a1bde755dd7d652b5325\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\9c394336e3ce35330907d1c51c47951c\System.Deployment.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-18 03:16 . 2012-01-18 03:16 1868288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\55c030c014a9cd3ce63b1ce30722b6d7\System.Data.Services.Client.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 1506816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\03c0fa3f53e9ddf45a7dce06ae740de8\System.Data.OracleClient.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\6d2a8c2d751cb29ecdbc8a20aac2dd1e\System.Data.Linq.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 3315200 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\eed0dd8cdc46206a76e8c23872fc0787\System.Core.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\c9ead0d73ee0c798c1509479797611d8\ReachFramework.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\fd07cec48ab260c1a27c19b37466369f\PresentationUI.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 1884160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\efa575767e695618224d140941250d8b\PresentationBuildTasks.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\8eb00c2e6ad95f84704a73c15934ad64\Narrator.ni.exe
+ 2012-01-18 03:15 . 2012-01-18 03:15 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\487581cba0779ee130e354096f40edd1\MMCEx.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\014c1c5365a633b4202b23ed09f7599c\Microsoft.Transactions.Bridge.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d980c42341a396f0980115c80d18ab57\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 1131008 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6f0bbc912ec21fad139214ca4578a7ed\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-01-18 03:09 . 2012-01-18 03:09 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\0bffc2eeaf9544a9ea24691e9d572438\Microsoft.PowerShell.Editor.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ae64957bd11cb42df95fb949e690980c\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-18 02:51 . 2012-01-18 02:51 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\70a990f97a3295782d195bcb052eb69f\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 3213312 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\b733f33cc6a07e4cd5bed494cf536af1\Microsoft.JScript.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\ea8f48f12613578b64bd9077bdae4c31\Microsoft.Ink.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\f298e576c8e06073fe2310ccf0756396\Microsoft.Build.Tasks.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\9f6d2a67a43f90c37d475d9eb433e98b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 1137152 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\c8205ffff2cc4dea7093b8c59c3b5a3a\Microsoft.Build.Engine.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 2544640 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\a288688a887e392b713bb459110507c1\Microsoft.Build.Engine.ni.dll
+ 2012-01-18 02:40 . 2012-01-18 02:40 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\9fb794b6ac9dc760681ba3b485996b97\mcstore.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:40 4088320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\2980298bb4b3f3c844523562d74b0854\mcepg.ni.dll
+ 2012-01-18 02:50 . 2012-01-18 02:50 2165248 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\e6a702f8ccd27dcdcf09008531ab40e5\ehiVidCtl.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\17d0b71391bf67c5a663b140b9a7a936\ehiProxy.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf97fca65714c5ce6abf41a66559a5a4\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cc5644c899b46fe24cac51d1f4be33\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\650f98b105afd8e1f75baaf6bd53050e\UIAutomationClientsideProviders.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\0b5017932511872e37f6da04ef4f44b3\System.Speech.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-18 02:21 . 2012-01-18 02:21 1378816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\91ee2a5b20d39be70a1d4e39ca9e23bf\System.Data.Services.Client.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9d9e419b7157083a5a246768b29dd92f\System.Data.Linq.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 9921536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\de785592a16c949cfb67da6781acd156\System.Data.Entity.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-18 02:20 . 2012-01-18 02:20 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
- 2009-07-14 04:54 . 2012-01-12 01:06 10108928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-19 03:11 10108928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-18 03:17 . 2012-01-18 03:17 10439168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\06e5638d1925f6cf87ff8fad1ef06d75\System.Core.ni.dll
+ 2012-01-18 02:22 . 2012-01-18 02:22 12079104 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\c775972c9a15169ac27abb027154c1fd\System.Web.ni.dll
+ 2012-01-18 02:36 . 2012-01-18 02:36 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\559ebac0a85ae55da09827b8048f77bd\System.ServiceModel.ni.dll
+ 2012-01-18 02:35 . 2012-01-18 02:35 13346816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\78afce4e1bd3d345ef1fff004659191c\System.Data.Entity.ni.dll
+ 2012-01-18 02:38 . 2012-01-18 02:38 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
- 2012-01-12 01:15 . 2012-01-12 01:15 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-18 02:39 . 2012-01-18 02:39 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-18 03:08 . 2012-01-18 03:08 11900928 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\2cafbf62a43038d57239173614435a88\System.Management.Automation.ni.dll
+ 2012-01-18 03:15 . 2012-01-18 03:15 13760000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\2d06fb193634c8d3951a01878f7d3297\System.Data.Entity.ni.dll
+ 2012-01-18 03:02 . 2012-01-18 03:02 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-18 02:19 . 2012-01-18 02:19 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-12-17 4689992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120117.002\IDSvia64.sys [2012-01-04 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-12-17 63048]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-04 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001Core.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-617796265-1180705624-484042273-1001UA.job
- c:\users\KidVersatile\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-05 19:41]
.
2012-01-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-01-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\SFT\GuardedID\gidd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-01-18 22:25:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 03:25
ComboFix2.txt 2012-01-14 02:15
ComboFix3.txt 2012-01-12 01:19
.
Pre-Run: 583,701,544,960 bytes free
Post-Run: 583,393,431,552 bytes free
.
- - End Of File - - EE940B16E87F02A948F5A65F0FCC443C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 19th, 2012, 2:27 pm

Chr wrote:hello Alander,

I'm communicating to you from another computer as I 'm unable to load any programs from the desktop of the compuetr we are trying to fix. For eaxmple when I try to load internet explorer I receive an error message that states, the item is not available it has been moved, renamed or removed -- followed by do I want to remove it from the list? please advise

Hi, Are you still having this issue?

Step 1.
SC Reset:
  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad:
Code: Select all
net stop winmgmt
rd %systemroot%\system32\wbem\repository
net start winmgmt
  • Go to File >> Save As
  • Save File name as "reset.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.

Double click on reset.bat. A command window will open, when prompted type in Y then hit the enter/return key.

When completed the command window will close. Reboot your computer. <-- Make sure you do this.


Step 2.
DDS Scan
    Disable any script blocking software you have running before running DDS.
  • Please double click dds.com to run the tool. (File name will be different if alternate download used).
    Vista - W7 users: You must right click on the file above and select "Run As Administrator" to run the tool.
    A black window will open with some instructions/comments...
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved... you must save them to your desktop.
  • Please post both the DDS.txt and Attach.txt files in your next reply.

Step 3.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. DDS.txt and attach.txt
  3. EsetOnlineScanner log
  4. Any other problems with your computer
Thanks
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: help with malware removal

Unread postby Chr » January 19th, 2012, 5:07 pm

Hello,

here are the latest logs from Jan 19

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by KidVersatile at 13:55:24 on 2012-01-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2410 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D1E831F-7892-4A0E-A0F0-9F35393CC2F5} : DhcpNameServer = 172.7.1.161
TCP: Interfaces\{9882AC33-8110-4F8F-B99A-8B61A25E7914} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\windows\system32\drivers\SMR210.SYS --> C:\windows\system32\drivers\SMR210.SYS [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-11-30 1157240]
R1 GIDv2;GIDv2;C:\windows\system32\drivers\GIDv2.sys --> C:\windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120117.002\IDSviA64.sys [2012-1-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-19 89600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-19 13336]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-12-17 63048]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2012-1-5 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-19 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-19 2533400]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-5 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-19 03:22:39 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-19 03:15:49 98816 ----a-w- C:\windows\sed.exe
2012-01-19 03:15:49 518144 ----a-w- C:\windows\SWREG.exe
2012-01-19 03:15:49 256000 ----a-w- C:\windows\PEV.exe
2012-01-19 03:15:49 208896 ----a-w- C:\windows\MBR.exe
2012-01-18 02:12:36 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-18 02:06:39 637848 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-01-14 02:02:09 -------- d-s---w- C:\windows\SysWow64\Microsoft
2012-01-11 02:56:03 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 02:56:03 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 02:56:03 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 02:56:03 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 02:56:01 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 02:56:01 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 02:56:00 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 02:56:00 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-10 04:41:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-10 04:33:43 45056 ----a-r- C:\Users\KidVersatile\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-01-10 04:33:40 -------- d-----w- C:\windows\SysWow64\vmm32
2012-01-10 03:56:52 -------- d-----w- C:\inetpub
2012-01-09 16:08:39 -------- d-----w- C:\windows\SysWow64\Wat
2012-01-09 16:08:39 -------- d-----w- C:\windows\System32\Wat
2012-01-09 16:05:53 -------- d-----w- C:\122cb0ca4002658f57f250
2012-01-06 12:40:10 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-01-06 12:40:10 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-01-06 12:40:08 142336 ----a-w- C:\windows\System32\poqexec.exe
2012-01-06 12:40:08 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2012-01-06 12:40:07 43520 ----a-w- C:\windows\System32\csrsrv.dll
2012-01-06 12:40:04 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2012-01-06 12:40:04 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-01-06 12:40:04 1465344 ----a-w- C:\windows\System32\XpsPrint.dll
2012-01-06 12:40:01 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2012-01-06 12:40:01 613888 ----a-w- C:\windows\System32\psisdecd.dll
2012-01-06 12:40:01 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2012-01-06 12:40:01 108032 ----a-w- C:\windows\System32\psisrndr.ax
2012-01-06 12:39:54 3145216 ----a-w- C:\windows\System32\win32k.sys
2012-01-06 12:39:53 861696 ----a-w- C:\windows\System32\oleaut32.dll
2012-01-06 12:39:53 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2012-01-06 12:39:53 331776 ----a-w- C:\windows\System32\oleacc.dll
2012-01-06 12:39:53 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2012-01-06 12:39:52 723456 ----a-w- C:\windows\System32\EncDec.dll
2012-01-06 12:39:52 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2012-01-06 12:39:46 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-01-06 12:39:46 2048 ----a-w- C:\windows\System32\tzres.dll
2012-01-06 04:38:27 388096 ----a-r- C:\Users\KidVersatile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-06 04:38:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-06 04:15:00 -------- d-----w- C:\Users\KidVersatile\AppData\Local\CrashDumps
2012-01-06 03:27:47 96376 ----a-w- C:\windows\System32\drivers\SMR210.SYS
2012-01-06 03:25:23 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\PCDr
2012-01-06 03:24:32 -------- d-----w- C:\ProgramData\PCDr
2012-01-06 02:22:04 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Roxio Burn
2012-01-06 01:56:04 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64\0401000.00F
2012-01-06 01:56:04 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64
2012-01-06 01:56:02 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-06 01:02:04 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Malwarebytes
2012-01-06 01:01:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-05 23:52:51 -------- d-----w- C:\Users\KidVersatile\AppData\Local\NPE
2012-01-05 22:29:13 912504 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2012-01-05 22:29:13 744568 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2012-01-05 22:29:13 450680 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2012-01-05 22:29:13 40568 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2012-01-05 22:29:13 386168 ----a-w- C:\windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2012-01-05 22:29:12 171128 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2012-01-05 22:28:50 -------- d-----w- C:\windows\System32\drivers\N360x64\0501000.01D
2012-01-05 20:17:18 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Macrovision
2012-01-05 19:41:22 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Google
2012-01-05 19:41:06 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Deployment
2012-01-05 19:41:06 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Apps
2012-01-05 18:20:35 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Adobe
2012-01-05 11:16:34 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Apple Computer
2012-01-05 11:15:57 34288 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-01-05 11:15:57 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-01-05 11:15:57 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-01-05 11:15:05 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-05 11:15:05 -------- d-----w- C:\Program Files\iTunes
2012-01-05 11:15:05 -------- d-----w- C:\Program Files\iPod
2012-01-05 11:15:05 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-05 11:12:33 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Apple
2012-01-05 11:10:46 -------- d-----w- C:\Program Files\Bonjour
2012-01-05 11:10:46 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-05 10:55:23 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-05 10:48:06 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Tific
2012-01-05 10:48:05 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Symantec
2012-01-05 10:47:35 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-05 10:47:35 -------- d-----w- C:\Program Files\Symantec
2012-01-05 10:47:35 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-01-05 10:47:14 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-01-05 10:47:13 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-01-05 10:47:05 -------- d-----w- C:\ProgramData\NortonInstaller
2012-01-05 10:47:05 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-01-05 10:45:37 -------- d-----w- C:\ProgramData\Norton
2012-01-05 10:39:04 -------- d-----w- C:\Users\KidVersatile\AppData\Local\ID Vault
2012-01-05 10:39:04 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-01-05 10:38:20 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\ID Vault
2012-01-05 10:38:05 65816 ------w- C:\windows\System32\GIDLogonCP64.dll
2012-01-05 10:38:05 467224 ------w- C:\windows\System32\GIDHOOK64.DLL
2012-01-05 10:38:05 446752 ------w- C:\windows\System32\GIDHookLogon64.dll
2012-01-05 10:38:05 29288 ------w- C:\windows\System32\drivers\gidv2.sys
2012-01-05 10:38:05 206608 ------w- C:\windows\System32\GIDBIN1.DLL
2012-01-05 10:38:05 109064 ------w- C:\windows\System32\EasyHook64.dll
2012-01-05 10:38:05 102160 ------w- C:\windows\System32\GIDBIN3.DLL
2012-01-05 10:37:54 -------- d-----w- C:\ProgramData\GID
2012-01-05 10:37:53 -------- d-----w- C:\Program Files (x86)\SFT
2012-01-05 10:37:43 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-01-05 10:37:31 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-01-05 10:36:34 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-01-05 10:02:25 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2012-01-05 10:02:25 -------- d-----w- C:\FIND_EULA_PATH
2012-01-05 10:00:52 -------- d-----w- C:\Users\KidVersatile\AppData\Local\Dell
2012-01-05 10:00:17 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Fingertapps
2012-01-05 10:00:16 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Dell
2012-01-05 10:00:12 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Dell Touch Zone
2012-01-05 10:00:08 -------- d-----w- C:\Users\KidVersatile\AppData\Roaming\Intel Corporation
2012-01-05 09:59:38 -------- d-----w- C:\Users\KidVersatile\AppData\Local\VirtualStore
2012-01-05 09:57:07 -------- d-----w- C:\Users\KidVersatile\AppData\Local\SoftThinks
.
==================== Find3M ====================
.
2012-01-18 02:06:31 567184 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-01-15 17:32:19 150392 ----a-w- C:\junction.exe
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:56:32.12 ===============

DDS attach

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2012 4:56:45 AM
System Uptime: 1/19/2012 1:49:44 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 024DTD
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU 1 | 2249/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 543.461 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP5: 1/5/2012 7:18:00 PM - Norton_Power_Eraser_20120105191758691
RP6: 1/5/2012 11:38:06 PM - Installed HiJackThis
RP7: 1/9/2012 11:03:13 AM - Windows Update
RP8: 1/9/2012 10:56:18 PM - Windows Modules Installer
RP9: 1/9/2012 11:41:18 PM - Windows Update
RP10: 1/10/2012 10:08:47 PM - Windows Update
RP11: 1/13/2012 9:07:58 PM - ComboFix created restore point
RP12: 1/17/2012 8:52:31 PM - Removed Java(TM) 6 Update 27
RP13: 1/17/2012 9:05:10 PM - Removed Java(TM) 6 Update 27 (64-bit)
RP14: 1/17/2012 9:06:20 PM - Installed Java(TM) 7 Update 2
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Constant Guard Protection Suite
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Resource CD
Dell Stage
Dell VideoStage
Dell Webcam Central
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Dora's World Adventure
eBay
Escape Whisper Valley (TM)
Farm Frenzy
FATE
Final Drive Fury
Final Drive Nitro
Google Chrome
GuardedID
HiJackThis
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 7 Update 2
Jewel Quest
Jewel Quest Solitaire 2
Junk Mail filter update
Luxor
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namco All-Stars PAC-MAN
Norton Bootable Recovery Tool Wizard
Norton Security Suite
Penguins!
PhotoShowExpress
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samantha Swift
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.6
Sonic CinePlayer Decoder Pack
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wedding Dash - Ready, Aim, Love!
WildTangent Games
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/19/2012 1:51:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
1/19/2012 1:50:29 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/19/2012 1:50:26 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/19/2012 1:50:07 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
1/18/2012 10:21:15 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/18/2012 10:20:45 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

eset scan

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251


thanks

C
Chr
Regular Member
 
Posts: 24
Joined: January 6th, 2012, 2:17 am

Re: help with malware removal

Unread postby Alander » January 20th, 2012, 8:50 pm

You didn't answer my question, are you still having this issue with your computer as described below?
Chr wrote:I'm communicating to you from another computer as I 'm unable to load any programs from the desktop of the compuetr we are trying to fix. For eaxmple when I try to load internet explorer I receive an error message that states, the item is not available it has been moved, renamed or removed -- followed by do I want to remove it from the list? please advise


ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    DDS::  
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper - No File
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Constant Guard Protection Suite (COM) - No File
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Poker sites
Online Poker sites are well known for placing all manner of Internet parasites on their visitors' computers and continue to do so. In a lot of cases, these Poker plugins are also getting installed without your asking for it. You can read Poker gamers targeted by a rootkit backdoor regarding the risk involved with visiting the Poker games web sites. Some Poker sites are related to criminal offense, you can read them Sites charged with gambling offenses A safe alternatives is Pogo.com.

Optional Fix
This is a optional fix, please read the information carefully. If you are happy to uninstall Wild Tangent, please follow the instructions below.
I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it is not technically considered spyware, it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version Location that the Web Driver was installed from
  • It is also a MAJOR resource hog.
For more information,see WildTangent Removal Instructions and Help AND Inside Wild Tangent-Delivering High-End 3-D Content To A Web SiteNear You.

Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent:

Uninstall Programs:
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following if present.
Poker Superstars III
Update Installer for WildTangent Games App (optional)
WildTangent Games (optional)
WildTangent Games App (Dell Games)(optional)

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware