Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got startsear.ch from vshare


  • This topic is locked This topic is locked
4 replies to this topic

#1 phsteve

phsteve

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 01 January 2012 - 07:54 PM

The problem and some background:

I installed the vshare.exe plugin (in retrospect a bad idea) in order to watch live streaming TV, and noticed now that when I open Chrome it goes straight to the startsear.ch site. At this point it's mostly an annoyance, and I haven't noticed any other signs of malware but I gather that problems with startsear.ch are not immediately obvious. I'm running Windows 7 Ultimate on a mid-2009 MacBook (2.4 GHz Core 2 Duo) using Boot Camp on a 50 GB partition of a 640 GB internal drive. I have Microsoft Security Essentials, the built-in firewall and Windows Defender. I generally use Chrome as my main browser. I'm a Windows noob and have been on a Mac for the past ten years.

What I've done so far:

I deleted the Chrome vshare extension and the downloaded .exe file. I haven't done any deep digging in the file system to find any related bits, mostly because I'm not as comfortable with Windows as I am with OS X. After some quick Googling I ran Combofix, which after more research I realized I should've waited until one of you instructed me to do so. Apologies. Then I wised up and read the entire Preparation Guide by Grinler. I ran DDS and GMER and appended the log files. I've also attached the Combofix log for good measure, even though I probably shouldn't have run it.

My questions:

I'd like to fix the startsear.ch problem and repair any damage or remove any malware that was installed. Also, are any of the files on my OS X partition at risk? I would assume that any problems would be limited to the Bootcamp Windows partition and in the worst case I could wipe and reinstall Windows. Thank you in advance for all your help.

DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.1
Run by Steve at 19:37:38 on 2012-01-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2013.1281 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=980a556b-34a9-11e1-9740-001f5b707048
mStart Page = hxxp://startsear.ch/?aff=1&cf=980a556b-34a9-11e1-9740-001f5b707048
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DEE2C161-8A61-45A4-BC28-0CD411C30E55} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DEE2C161-8A61-45A4-BC28-0CD411C30E55}\D4F657E6473596E616967457563747 : DhcpNameServer = 146.203.143.15 146.203.143.16
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;c:\windows\system32\drivers\AppleHFS.sys [2009-7-22 48000]
R0 AppleMNT;AppleMNT;c:\windows\system32\drivers\AppleMNT.sys [2009-7-22 5120]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsld4597319;MpKsld4597319;c:\programdata\microsoft\microsoft antimalware\definition updates\{0c63227b-77c7-4605-a204-ad83d2497ad2}\MpKsld4597319.sys [2012-1-1 29904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2009-7-22 136496]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2009-7-22 99632]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2009-7-22 5760]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2009-7-22 8576]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-8-12 87040]
R3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\drivers\aapltctp.sys [2011-12-23 4224]
R3 aapltp;Apple Trackpad;c:\windows\system32\drivers\aapltp.sys [2011-12-23 33280]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [2011-12-23 9088]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2011-12-23 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2011-12-23 23552]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [2011-12-23 7424]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 iSightUpdate;iSight Update Driver;c:\windows\system32\drivers\iSightUP.sys [2011-12-23 17664]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-23 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-23 52224]
.
=============== Created Last 30 ================
.
2012-01-02 00:37:17 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0c63227b-77c7-4605-a204-ad83d2497ad2}\MpKsld4597319.sys
2012-01-02 00:37:14 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0c63227b-77c7-4605-a204-ad83d2497ad2}\offreg.dll
2012-01-01 23:15:32 -------- d--h--w- c:\windows\PIF
2012-01-01 22:25:19 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0c63227b-77c7-4605-a204-ad83d2497ad2}\mpengine.dll
2012-01-01 22:17:46 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-01 22:17:43 -------- d-----w- c:\users\steve\appdata\local\temp
2012-01-01 22:07:25 98816 ----a-w- c:\windows\sed.exe
2012-01-01 22:07:25 518144 ----a-w- c:\windows\SWREG.exe
2012-01-01 22:07:25 256000 ----a-w- c:\windows\PEV.exe
2012-01-01 22:07:25 208896 ----a-w- c:\windows\MBR.exe
2011-12-28 22:04:55 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-28 06:51:36 -------- d-----w- c:\users\steve\appdata\roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-12-27 17:44:53 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{28f5c130-468c-4135-9948-877ee98593bd}\gapaengine.dll
2011-12-27 17:41:46 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 17:39:58 -------- d-----w- c:\users\steve\appdata\local\Htc
2011-12-27 17:36:45 -------- d-----w- c:\users\steve\appdata\roaming\HTC
2011-12-27 17:35:02 -------- d-----w- c:\users\steve\appdata\local\Downloaded Installations
2011-12-27 17:34:20 -------- d-----w- c:\program files\Spirent Communications
2011-12-27 17:33:51 -------- d-----w- c:\program files\HTC
2011-12-27 17:33:42 -------- d-----w- c:\users\steve\appdata\local\Adobe
2011-12-27 17:32:47 -------- d-----w- c:\program files\MSXML 4.0
2011-12-27 17:30:04 -------- d-----w- c:\users\steve\.android
2011-12-27 17:29:55 -------- d-----w- c:\program files\Android
2011-12-27 17:24:05 -------- d-----w- c:\program files\Oracle
2011-12-27 17:22:54 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-27 17:22:54 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-24 02:25:09 -------- d-----w- c:\windows\Panther
2011-12-24 02:24:54 -------- d-----w- C:\Boot
2011-12-23 21:12:29 53248 ----a-r- c:\windows\system32\CSVer.dll
2011-12-23 21:12:06 4224 ----a-w- c:\windows\system32\drivers\aapltctp.sys
2011-12-23 21:12:06 33280 ----a-w- c:\windows\system32\drivers\aapltp.sys
2011-12-23 21:12:02 -------- d-----w- c:\program files\Boot Camp
2011-12-23 21:11:52 23552 ----a-w- c:\windows\system32\drivers\KeyMagic.sys
2011-12-23 21:11:35 16512 ----a-w- c:\windows\system32\drivers\IRFilter.sys
2011-12-23 21:11:24 7424 ----a-w- c:\windows\system32\drivers\BthKicker.sys
2011-12-23 21:11:20 -------- d-----w- c:\program files\Motorola
2011-12-23 21:11:08 -------- d-----w- c:\windows\system32\RTCOM
2011-12-23 21:09:51 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-12-23 21:08:57 -------- d-----w- C:\Intel
2011-12-23 21:08:26 87280 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-12-23 21:08:26 1331192 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-12-23 21:08:25 3809280 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-12-23 21:08:25 3502080 ----a-w- c:\windows\system32\bcmihvui.dll
2011-12-23 21:08:04 9088 ----a-w- c:\windows\system32\drivers\applebt.sys
2011-12-23 21:07:30 7680 ----a-w- c:\windows\system32\drivers\iSightFT.sys
2011-12-23 21:07:30 41984 ----a-w- c:\windows\system32\iSightCI.dll
2011-12-23 21:07:30 17664 ----a-w- c:\windows\system32\drivers\iSightUP.sys
2011-12-23 21:07:30 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-23 21:06:23 -------- d-----w- c:\users\steve\appdata\local\Apple
2011-12-23 20:48:39 -------- d-sh--w- c:\windows\Installer
2011-12-23 20:41:44 -------- d-----w- c:\users\steve\appdata\local\Google
2011-12-23 20:41:39 -------- d-----w- c:\users\steve\appdata\local\Deployment
2011-12-23 20:41:39 -------- d-----w- c:\users\steve\appdata\local\Apps
2011-12-23 19:56:58 -------- d-----w- c:\windows\system32\SPReview
2011-12-23 19:56:17 -------- d-----w- c:\windows\system32\EventProviders
2011-12-23 19:53:59 811520 ----a-w- c:\windows\system32\user32.dll
2011-12-23 19:52:49 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-12-23 19:52:49 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-23 19:52:49 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2011-12-23 19:52:47 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-23 19:41:58 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-12-23 19:41:58 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-12-23 19:41:58 219648 ----a-w- c:\windows\system32\fsquirt.exe
2011-12-23 19:33:35 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2011-12-23 19:33:35 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2011-12-23 19:33:35 -------- d-----w- c:\windows\system32\Lang
2011-12-23 19:18:40 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-12-23 19:18:40 -------- d-----w- c:\windows\system32\x64
2011-12-23 19:15:55 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-12-23 19:15:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-12-23 19:15:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-12-23 19:15:54 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-12-23 19:15:53 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 19:15:52 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-23 19:15:52 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-23 19:15:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-23 19:15:45 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-12-23 19:15:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-12-23 19:15:45 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-12-23 19:15:44 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-12-23 19:13:26 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-23 19:13:26 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-23 19:13:25 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-23 19:13:25 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-12-23 19:13:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-23 19:13:23 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-12-23 19:13:03 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-23 19:13:03 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-23 19:13:03 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-23 19:13:01 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-12-23 19:12:58 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-23 19:12:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-23 19:12:53 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-12-23 19:12:53 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-12-23 19:12:53 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-12-23 19:12:53 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-12-23 19:12:53 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-12-23 19:12:53 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-12-23 19:12:48 802304 ----a-w- c:\windows\system32\WFS.exe
2011-12-23 19:12:48 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-12-23 18:58:40 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3a49e5dd-abf5-4db6-bb70-121db02eb95f}\mpengine.dll
2011-12-23 18:58:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-23 18:44:22 -------- d-----w- c:\windows\system32\wbem\Performance
2011-12-23 18:35:52 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2011-12-23 20:07:46 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 19:39:03.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:23 PM

Posted 07 January 2012 - 08:17 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 phsteve

phsteve
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 January 2012 - 10:32 AM

Thanks for getting back to me. I think I partially fixed the problem, but I'm not sure if there are any lingering issues. I changed the homepage back to google.com from startsear.ch and I removed startsear.ch from the list of search engines in Settings in both Chrome and IE. So now I don't notice any symptoms (i.e. all the searches now work properly in Google rather than being hijacked by startsear.ch), but like I said I don't know Windows very well and I want to make sure nothing else was damaged/infected or if there is any other malware that vshare or startsear.ch installed.

I'm running 32-bit Windows 7 Ultimate on a mid-2009 MacBook using BootCamp.

Here are the logs you requested:


OTL logfile created on: 1/9/2012 10:03:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 63.48% Memory free
3.93 Gb Paging File | 2.83 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47.30 Gb Total Space | 29.62 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive E: | 548.55 Gb Total Space | 132.72 Gb Free Space | 24.20% Space Free | Partition Type: HFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 10:02:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2011/11/01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/22 10:16:52 | 000,431,408 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\Bootcamp.exe
PRC - [2009/07/22 10:16:50 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\AppleTimeSrv.exe
PRC - [2009/07/22 10:16:48 | 000,136,496 | ---- | M] () -- C:\Windows\System32\AppleOSSMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 02:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/12/28 00:14:29 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/12/28 00:13:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/12/28 00:13:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/12/28 00:13:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/28 00:13:13 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/11/01 12:22:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/11/01 12:22:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/11/01 12:22:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/11/01 12:22:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/11/01 12:22:00 | 000,380,928 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/11/01 12:22:00 | 000,163,840 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/11/01 12:22:00 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/11/01 12:22:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/22 10:16:50 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2009/07/22 10:16:48 | 000,136,496 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/01/07 17:04:31 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1D1BEC7-3C99-4B98-956E-DDFB9F6AD5A0}\MpKslca7ae98f.sys -- (MpKslca7ae98f)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/22 10:11:58 | 000,017,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSightUP.sys -- (iSightUpdate)
DRV - [2009/07/22 10:11:58 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iSightFT.sys -- (DevUpper)
DRV - [2009/07/22 10:11:53 | 000,033,280 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aapltp.sys -- (aapltp)
DRV - [2009/07/22 10:11:52 | 000,004,224 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aapltctp.sys -- (aapltctp)
DRV - [2009/07/22 10:11:44 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/07/22 10:11:38 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2009/07/22 10:11:20 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009/07/22 10:11:18 | 000,048,000 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2009/07/22 10:11:18 | 000,005,120 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2009/07/22 10:11:14 | 000,008,576 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2009/07/22 10:10:59 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applebt.sys -- (applebt)
DRV - [2009/07/22 10:10:54 | 000,007,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthKicker.sys -- (BthKicker)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=980a556b-34a9-11e1-9740-001f5b707048






IE - HKU\S-1-5-21-1354182761-4086768543-2085065995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1354182761-4086768543-2085065995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1354182761-4086768543-2085065995-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E EA C9 FD B0 C1 CC 01 [binary data]
IE - HKU\S-1-5-21-1354182761-4086768543-2085065995-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Steve\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.0.26_0\
CHR - Extension: Gmail = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/01 17:15:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1354182761-4086768543-2085065995-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1354182761-4086768543-2085065995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEE2C161-8A61-45A4-BC28-0CD411C30E55}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 18:17:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/01/01 18:15:32 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/01/01 17:17:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/01 17:17:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/01 17:17:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\temp
[2012/01/01 17:07:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/01 17:07:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/01 17:07:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/01 17:05:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/01 17:04:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/01 16:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/01 16:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/29 13:37:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Ebony
[2011/12/29 13:29:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\My Photos
[2011/12/29 13:29:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\My Documents
[2011/12/28 01:51:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/12/27 12:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/27 12:39:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Htc
[2011/12/27 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\HTC
[2011/12/27 12:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011/12/27 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Downloaded Installations
[2011/12/27 12:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011/12/27 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011/12/27 12:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011/12/27 12:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/12/27 12:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/27 12:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/27 12:33:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Adobe
[2011/12/27 12:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/12/27 12:30:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\.android
[2011/12/27 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2011/12/27 12:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Android
[2011/12/27 12:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/12/27 12:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/12/27 12:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/27 12:22:54 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2011/12/27 12:22:54 | 000,567,184 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/12/27 12:22:54 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/12/27 12:22:54 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/27 12:22:54 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/12/27 12:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/23 21:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/12/23 21:27:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/12/23 21:26:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/12/23 21:25:09 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/12/23 21:24:54 | 000,000,000 | ---D | C] -- C:\Boot
[2011/12/23 16:12:29 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011/12/23 16:12:06 | 000,033,280 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\aapltp.sys
[2011/12/23 16:12:06 | 000,004,224 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\aapltctp.sys
[2011/12/23 16:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Boot Camp
[2011/12/23 16:11:52 | 000,023,552 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\KeyMagic.sys
[2011/12/23 16:11:35 | 000,016,512 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\IRFilter.sys
[2011/12/23 16:11:24 | 000,007,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\BthKicker.sys
[2011/12/23 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/12/23 16:11:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/12/23 16:10:56 | 002,525,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011/12/23 16:10:56 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2011/12/23 16:10:56 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2011/12/23 16:10:56 | 001,003,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011/12/23 16:10:56 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2011/12/23 16:10:56 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/12/23 16:10:56 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2011/12/23 16:10:56 | 000,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll
[2011/12/23 16:10:56 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011/12/23 16:10:56 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011/12/23 16:10:56 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2011/12/23 16:10:56 | 000,159,232 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2011/12/23 16:10:56 | 000,143,360 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2011/12/23 16:10:56 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/12/23 16:10:56 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2011/12/23 16:10:56 | 000,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2011/12/23 16:10:56 | 000,046,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2011/12/23 16:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011/12/23 16:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/12/23 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/12/23 16:10:55 | 000,540,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/12/23 16:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/12/23 16:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/12/23 16:09:51 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2011/12/23 16:08:57 | 000,000,000 | ---D | C] -- C:\Intel
[2011/12/23 16:08:26 | 000,087,280 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmwlcoi.dll
[2011/12/23 16:08:25 | 003,809,280 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvsrv.dll
[2011/12/23 16:08:25 | 003,502,080 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvui.dll
[2011/12/23 16:08:04 | 000,009,088 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\applebt.sys
[2011/12/23 16:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/12/23 16:07:30 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2011/12/23 16:07:30 | 000,041,984 | ---- | C] (Apple Inc.) -- C:\Windows\System32\iSightCI.dll
[2011/12/23 16:07:30 | 000,017,664 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\iSightUP.sys
[2011/12/23 16:07:30 | 000,007,680 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\iSightFT.sys
[2011/12/23 16:06:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apple
[2011/12/23 16:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/23 16:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/23 15:48:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/12/23 15:43:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Macromedia
[2011/12/23 15:43:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Adobe
[2011/12/23 15:42:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/23 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Google
[2011/12/23 15:41:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Deployment
[2011/12/23 15:41:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apps
[2011/12/23 15:24:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/12/23 15:24:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/23 15:24:23 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/23 15:24:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/12/23 15:24:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/23 15:24:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/12/23 15:24:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/23 15:24:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/23 15:24:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/12/23 15:24:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/23 15:24:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/12/23 15:24:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/12/23 15:24:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/12/23 15:24:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/12/23 15:24:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/12/23 15:24:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/12/23 15:24:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/23 15:24:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/12/23 15:24:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/12/23 15:24:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/12/23 15:24:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/23 15:24:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/23 15:24:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/23 15:24:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/12/23 15:24:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/23 15:24:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/23 15:24:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/23 15:24:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/23 15:24:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/23 15:24:22 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/23 15:24:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/12/23 15:24:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/12/23 15:24:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/23 15:24:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/23 15:24:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/12/23 15:24:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/12/23 15:24:22 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/12/23 14:56:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/12/23 14:56:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/12/23 14:54:23 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LSCSHostPolicy.dll
[2011/12/23 14:54:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011/12/23 14:54:23 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/12/23 14:54:21 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/12/23 14:54:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/12/23 14:54:20 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/12/23 14:54:20 | 000,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2011/12/23 14:54:20 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tssrvlic.dll
[2011/12/23 14:54:19 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/12/23 14:54:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/12/23 14:54:18 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/12/23 14:54:17 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/12/23 14:54:17 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/12/23 14:54:16 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/12/23 14:54:15 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/12/23 14:54:14 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/12/23 14:54:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/12/23 14:54:13 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/12/23 14:54:13 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/12/23 14:54:11 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/12/23 14:54:11 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/12/23 14:54:11 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/12/23 14:54:10 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/12/23 14:54:09 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011/12/23 14:54:08 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2011/12/23 14:54:07 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/12/23 14:54:06 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/12/23 14:54:06 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/12/23 14:54:06 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/12/23 14:54:05 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/12/23 14:54:04 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/12/23 14:54:04 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/12/23 14:54:04 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/12/23 14:54:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2011/12/23 14:54:03 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011/12/23 14:54:03 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/12/23 14:54:02 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/12/23 14:54:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011/12/23 14:54:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/12/23 14:54:01 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011/12/23 14:54:01 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/12/23 14:54:01 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011/12/23 14:54:00 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/12/23 14:54:00 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/12/23 14:53:59 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/12/23 14:53:59 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2011/12/23 14:53:59 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/12/23 14:53:59 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2011/12/23 14:53:58 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/12/23 14:53:58 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011/12/23 14:53:58 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/12/23 14:53:57 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/12/23 14:53:57 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011/12/23 14:53:57 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/12/23 14:53:57 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/12/23 14:53:57 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/12/23 14:53:57 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/12/23 14:53:56 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/12/23 14:53:56 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/12/23 14:53:56 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/12/23 14:53:56 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/12/23 14:53:56 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/12/23 14:53:55 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011/12/23 14:53:55 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/12/23 14:53:55 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011/12/23 14:53:54 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011/12/23 14:53:54 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/12/23 14:53:54 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011/12/23 14:53:53 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/12/23 14:53:53 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011/12/23 14:53:53 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/12/23 14:53:53 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/12/23 14:53:53 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/12/23 14:53:53 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2011/12/23 14:53:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011/12/23 14:53:53 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/12/23 14:53:52 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/12/23 14:53:51 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/12/23 14:53:51 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/12/23 14:53:51 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/12/23 14:53:51 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/12/23 14:53:51 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011/12/23 14:53:51 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/12/23 14:53:51 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/12/23 14:53:51 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2011/12/23 14:53:51 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/12/23 14:53:50 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/12/23 14:53:50 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/12/23 14:53:50 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011/12/23 14:53:49 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/12/23 14:53:49 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011/12/23 14:53:49 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011/12/23 14:53:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2011/12/23 14:53:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011/12/23 14:53:47 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/12/23 14:53:47 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/12/23 14:53:47 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/12/23 14:53:47 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011/12/23 14:53:47 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/12/23 14:53:47 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2011/12/23 14:53:47 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/12/23 14:53:47 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/12/23 14:53:47 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011/12/23 14:53:46 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/12/23 14:53:46 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/12/23 14:53:46 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/12/23 14:53:46 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011/12/23 14:53:46 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/12/23 14:53:46 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/12/23 14:53:45 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/12/23 14:53:45 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/12/23 14:53:45 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/12/23 14:53:45 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011/12/23 14:53:45 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/12/23 14:53:45 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011/12/23 14:53:45 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2011/12/23 14:53:45 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011/12/23 14:53:45 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011/12/23 14:53:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/12/23 14:53:45 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/12/23 14:53:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011/12/23 14:53:44 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011/12/23 14:53:44 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/12/23 14:53:44 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011/12/23 14:53:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/12/23 14:53:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/12/23 14:53:43 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011/12/23 14:53:43 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2011/12/23 14:53:43 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/12/23 14:53:43 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011/12/23 14:53:43 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/12/23 14:53:43 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011/12/23 14:53:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011/12/23 14:53:43 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/12/23 14:53:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2011/12/23 14:53:42 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011/12/23 14:53:42 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/12/23 14:53:42 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011/12/23 14:53:41 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011/12/23 14:53:41 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011/12/23 14:53:41 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/12/23 14:53:41 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/12/23 14:53:41 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011/12/23 14:53:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/12/23 14:53:41 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011/12/23 14:53:41 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011/12/23 14:53:41 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/12/23 14:53:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/12/23 14:53:41 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/12/23 14:53:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/12/23 14:53:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/12/23 14:53:40 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/12/23 14:53:40 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/12/23 14:53:40 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/12/23 14:53:40 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/12/23 14:53:40 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/12/23 14:53:40 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/12/23 14:53:40 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/12/23 14:53:39 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/12/23 14:53:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/12/23 14:53:39 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011/12/23 14:53:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/12/23 14:53:39 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011/12/23 14:53:39 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011/12/23 14:53:39 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/12/23 14:53:39 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011/12/23 14:53:38 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/12/23 14:53:38 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/12/23 14:53:38 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011/12/23 14:53:38 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/12/23 14:53:38 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/12/23 14:53:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011/12/23 14:53:37 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011/12/23 14:53:37 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/12/23 14:53:37 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/12/23 14:53:37 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/12/23 14:53:36 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011/12/23 14:53:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/12/23 14:53:36 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011/12/23 14:53:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011/12/23 14:53:36 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011/12/23 14:53:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/12/23 14:53:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/12/23 14:53:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2011/12/23 14:53:35 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011/12/23 14:53:35 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/12/23 14:53:35 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011/12/23 14:53:35 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011/12/23 14:53:35 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011/12/23 14:53:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/12/23 14:53:35 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/12/23 14:53:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011/12/23 14:53:35 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011/12/23 14:53:35 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011/12/23 14:53:35 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/12/23 14:53:35 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2011/12/23 14:53:35 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2011/12/23 14:53:35 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2011/12/23 14:53:34 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011/12/23 14:53:34 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/12/23 14:53:34 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/12/23 14:53:34 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/12/23 14:53:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011/12/23 14:53:33 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011/12/23 14:53:33 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/12/23 14:53:33 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/12/23 14:53:33 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/12/23 14:53:33 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/12/23 14:53:33 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011/12/23 14:53:33 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/12/23 14:53:33 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/12/23 14:53:33 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/12/23 14:53:33 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011/12/23 14:53:33 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011/12/23 14:53:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011/12/23 14:53:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011/12/23 14:53:33 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/12/23 14:53:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/12/23 14:53:32 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/12/23 14:53:32 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/12/23 14:53:32 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/12/23 14:53:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/12/23 14:53:32 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011/12/23 14:53:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/12/23 14:53:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011/12/23 14:53:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011/12/23 14:53:32 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011/12/23 14:53:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/12/23 14:53:31 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/12/23 14:53:31 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011/12/23 14:53:31 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011/12/23 14:53:31 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/12/23 14:53:31 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/12/23 14:53:31 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011/12/23 14:53:31 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011/12/23 14:53:31 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/12/23 14:53:31 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011/12/23 14:53:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011/12/23 14:53:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/12/23 14:53:30 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/12/23 14:53:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011/12/23 14:53:30 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011/12/23 14:53:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/12/23 14:53:30 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011/12/23 14:53:30 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/12/23 14:53:30 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011/12/23 14:53:30 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011/12/23 14:53:30 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/12/23 14:53:30 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011/12/23 14:53:29 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011/12/23 14:53:29 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/12/23 14:53:29 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/12/23 14:53:29 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011/12/23 14:53:29 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/12/23 14:53:29 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011/12/23 14:53:29 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011/12/23 14:53:29 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011/12/23 14:53:29 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011/12/23 14:53:29 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011/12/23 14:53:29 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011/12/23 14:53:29 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011/12/23 14:53:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2011/12/23 14:53:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/12/23 14:53:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/12/23 14:53:29 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/12/23 14:53:29 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011/12/23 14:53:28 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/12/23 14:53:28 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011/12/23 14:53:28 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011/12/23 14:53:28 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/12/23 14:53:28 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/12/23 14:53:28 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011/12/23 14:53:28 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011/12/23 14:53:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/12/23 14:53:27 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011/12/23 14:53:27 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/12/23 14:53:27 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011/12/23 14:53:27 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/12/23 14:53:27 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/12/23 14:53:27 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/12/23 14:53:27 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/12/23 14:53:27 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/12/23 14:53:27 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011/12/23 14:53:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2011/12/23 14:53:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/12/23 14:53:27 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/12/23 14:53:27 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011/12/23 14:53:27 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011/12/23 14:53:27 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011/12/23 14:53:27 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/12/23 14:53:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2011/12/23 14:53:26 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/12/23 14:53:26 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011/12/23 14:53:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/12/23 14:53:25 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/12/23 14:53:25 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/12/23 14:53:25 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/12/23 14:53:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/12/23 14:53:25 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011/12/23 14:53:25 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011/12/23 14:53:25 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/12/23 14:53:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011/12/23 14:53:25 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011/12/23 14:53:25 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/12/23 14:53:25 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/12/23 14:53:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/12/23 14:53:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011/12/23 14:53:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/12/23 14:53:25 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011/12/23 14:53:24 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011/12/23 14:53:24 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2011/12/23 14:53:24 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011/12/23 14:53:24 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/12/23 14:53:23 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/12/23 14:53:23 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011/12/23 14:53:23 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011/12/23 14:53:23 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011/12/23 14:53:23 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011/12/23 14:53:23 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011/12/23 14:53:23 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/12/23 14:53:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011/12/23 14:53:23 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/12/23 14:53:23 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/12/23 14:53:23 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011/12/23 14:53:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/12/23 14:53:22 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/12/23 14:53:22 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/12/23 14:53:22 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011/12/23 14:53:22 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/12/23 14:53:22 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011/12/23 14:53:22 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/12/23 14:53:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/12/23 14:53:22 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/12/23 14:53:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011/12/23 14:53:21 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011/12/23 14:53:21 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/12/23 14:53:21 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011/12/23 14:53:21 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/12/23 14:53:21 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011/12/23 14:53:21 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/12/23 14:53:21 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/12/23 14:53:21 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011/12/23 14:53:21 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011/12/23 14:53:21 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011/12/23 14:53:21 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/12/23 14:53:21 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011/12/23 14:53:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/12/23 14:53:21 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/12/23 14:53:21 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011/12/23 14:53:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011/12/23 14:53:20 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011/12/23 14:53:20 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/12/23 14:53:20 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/12/23 14:53:20 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011/12/23 14:53:20 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/12/23 14:53:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/12/23 14:53:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011/12/23 14:53:19 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/12/23 14:53:19 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011/12/23 14:53:19 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011/12/23 14:53:19 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/12/23 14:53:19 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/12/23 14:53:19 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011/12/23 14:53:19 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/12/23 14:53:19 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011/12/23 14:53:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/12/23 14:53:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011/12/23 14:53:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011/12/23 14:53:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011/12/23 14:53:19 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011/12/23 14:53:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011/12/23 14:53:18 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011/12/23 14:53:18 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/12/23 14:53:18 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/12/23 14:53:18 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011/12/23 14:53:18 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011/12/23 14:53:18 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011/12/23 14:53:18 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011/12/23 14:53:18 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/12/23 14:53:18 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011/12/23 14:53:18 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/12/23 14:53:18 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/12/23 14:53:18 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2011/12/23 14:53:18 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011/12/23 14:53:18 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011/12/23 14:53:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/12/23 14:53:18 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011/12/23 14:53:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011/12/23 14:53:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011/12/23 14:53:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/12/23 14:53:18 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/12/23 14:53:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011/12/23 14:53:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011/12/23 14:53:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/12/23 14:53:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011/12/23 14:53:17 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/12/23 14:53:17 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/12/23 14:53:17 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/12/23 14:53:17 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011/12/23 14:53:17 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011/12/23 14:53:17 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/12/23 14:53:17 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011/12/23 14:53:17 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/12/23 14:53:17 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011/12/23 14:53:17 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/12/23 14:53:17 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011/12/23 14:53:17 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/12/23 14:53:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011/12/23 14:53:17 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/12/23 14:53:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011/12/23 14:53:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/12/23 14:53:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011/12/23 14:53:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011/12/23 14:53:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/12/23 14:53:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/12/23 14:53:17 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011/12/23 14:53:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011/12/23 14:53:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/12/23 14:53:16 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011/12/23 14:53:16 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011/12/23 14:53:16 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/12/23 14:53:16 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011/12/23 14:53:16 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011/12/23 14:53:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011/12/23 14:53:16 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/12/23 14:53:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011/12/23 14:53:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011/12/23 14:53:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2011/12/23 14:53:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2011/12/23 14:53:16 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011/12/23 14:53:15 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/12/23 14:53:15 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011/12/23 14:53:15 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011/12/23 14:53:15 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/12/23 14:53:15 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011/12/23 14:53:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/12/23 14:53:15 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeHdCfg.exe
[2011/12/23 14:53:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/12/23 14:53:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/12/23 14:53:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011/12/23 14:53:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011/12/23 14:53:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011/12/23 14:53:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011/12/23 14:53:15 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/12/23 14:53:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011/12/23 14:53:15 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011/12/23 14:53:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011/12/23 14:53:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/12/23 14:53:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/12/23 14:53:15 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2011/12/23 14:53:15 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011/12/23 14:53:15 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011/12/23 14:53:15 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011/12/23 14:53:15 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011/12/23 14:53:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011/12/23 14:53:15 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011/12/23 14:53:15 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011/12/23 14:53:14 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/12/23 14:53:14 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/12/23 14:53:14 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/12/23 14:53:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011/12/23 14:53:14 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/12/23 14:53:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011/12/23 14:53:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/12/23 14:53:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011/12/23 14:53:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/12/23 14:53:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011/12/23 14:53:14 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011/12/23 14:53:14 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011/12/23 14:53:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011/12/23 14:53:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011/12/23 14:53:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011/12/23 14:53:13 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011/12/23 14:53:13 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/12/23 14:53:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011/12/23 14:53:13 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011/12/23 14:53:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2011/12/23 14:53:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011/12/23 14:53:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2011/12/23 14:53:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/12/23 14:53:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011/12/23 14:53:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011/12/23 14:53:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/12/23 14:53:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011/12/23 14:53:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011/12/23 14:53:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/12/23 14:53:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011/12/23 14:53:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011/12/23 14:53:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011/12/23 14:53:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011/12/23 14:53:12 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/12/23 14:53:12 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011/12/23 14:53:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011/12/23 14:53:12 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2011/12/23 14:53:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011/12/23 14:53:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/12/23 14:53:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/12/23 14:53:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011/12/23 14:53:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/12/23 14:53:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011/12/23 14:53:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011/12/23 14:53:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011/12/23 14:53:11 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011/12/23 14:53:11 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011/12/23 14:53:11 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011/12/23 14:53:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011/12/23 14:53:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011/12/23 14:53:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011/12/23 14:53:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011/12/23 14:53:10 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011/12/23 14:53:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011/12/23 14:53:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011/12/23 14:53:09 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/12/23 14:53:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/12/23 14:53:09 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/12/23 14:53:09 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2011/12/23 14:53:09 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011/12/23 14:53:09 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011/12/23 14:53:08 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011/12/23 14:53:07 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2011/12/23 14:53:07 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2011/12/23 14:53:07 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2011/12/23 14:53:07 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2011/12/23 14:53:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011/12/23 14:53:07 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/12/23 14:53:07 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/12/23 14:53:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2011/12/23 14:53:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011/12/23 14:53:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011/12/23 14:53:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/12/23 14:53:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/12/23 14:53:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/12/23 14:53:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/12/23 14:53:05 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011/12/23 14:53:05 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011/12/23 14:53:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011/12/23 14:53:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011/12/23 14:53:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011/12/23 14:53:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011/12/23 14:53:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011/12/23 14:53:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011/12/23 14:53:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011/12/23 14:53:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2011/12/23 14:53:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011/12/23 14:53:05 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011/12/23 14:53:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/12/23 14:52:49 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011/12/23 14:52:47 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011/12/23 14:41:58 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2011/12/23 14:33:35 | 000,398,336 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\TVWizudlg.exe
[2011/12/23 14:33:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/12/23 14:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/12/23 14:18:40 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2011/12/23 14:18:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/12/23 14:16:30 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/12/23 14:16:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/12/23 14:16:30 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/12/23 14:16:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/12/23 14:16:29 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/12/23 14:16:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/23 14:16:06 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/12/23 14:16:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/12/23 14:16:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/12/23 14:16:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/12/23 14:16:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/23 14:16:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/23 14:16:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/23 14:16:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/12/23 14:16:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/12/23 14:16:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/23 14:16:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/23 14:16:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/12/23 14:16:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/12/23 14:16:02 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/12/23 14:15:54 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/12/23 14:15:54 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/12/23 14:15:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/12/23 14:15:53 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/23 14:15:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/23 14:15:45 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/12/23 14:15:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/12/23 14:15:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/12/23 14:13:26 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/23 14:13:26 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/23 14:13:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/12/23 14:13:23 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/12/23 14:13:01 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/12/23 14:12:54 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/23 14:12:53 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/12/23 14:12:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/12/23 14:12:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/12/23 14:12:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/12/23 14:12:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/12/23 14:12:48 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011/12/23 14:12:48 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/12/23 13:58:39 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/12/23 13:40:41 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/12/23 13:40:41 | 000,000,000 | R--D | C] -- C:\Users\Steve\Searches
[2011/12/23 13:40:41 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/12/23 13:40:40 | 000,000,000 | -H-D | C] -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/12/23 13:40:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Identities
[2011/12/23 13:40:28 | 000,000,000 | R--D | C] -- C:\Users\Steve\Contacts
[2011/12/23 13:40:15 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\VirtualStore
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\AppData\Local\Temporary Internet Files
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Templates
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Start Menu
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\SendTo
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Recent
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\PrintHood
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\NetHood
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Documents\My Videos
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Documents\My Pictures
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Documents\My Music
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\My Documents
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Local Settings
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\AppData\Local\History
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Cookies
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Application Data
[2011/12/23 13:40:01 | 000,000,000 | -HSD | C] -- C:\Users\Steve\AppData\Local\Application Data
[2011/12/23 13:40:00 | 000,000,000 | --SD | C] -- C:\Users\Steve\AppData\Roaming\Microsoft
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Videos
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Saved Games
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Pictures
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Music
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Links
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Favorites
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Downloads
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Documents
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\Desktop
[2011/12/23 13:40:00 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/12/23 13:40:00 | 000,000,000 | -H-D | C] -- C:\Users\Steve\AppData
[2011/12/23 13:40:00 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Microsoft
[2011/12/23 13:40:00 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Media Center Programs
[2011/12/23 13:35:52 | 000,000,000 | ---D | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/01/09 10:01:39 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354182761-4086768543-2085065995-1000Core.job
[2012/01/09 09:51:58 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354182761-4086768543-2085065995-1000UA.job
[2012/01/09 09:51:55 | 000,002,401 | ---- | M] () -- C:\Users\Steve\Desktop\Google Chrome.lnk
[2012/01/09 09:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/07 17:00:05 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 17:00:05 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 16:56:13 | 000,617,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/07 16:56:13 | 000,104,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/07 16:51:26 | 1582,874,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 18:23:46 | 000,302,592 | ---- | M] () -- C:\Users\Steve\Desktop\gmer.exe
[2012/01/01 18:17:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/01/01 18:16:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/01 18:16:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/01/01 17:15:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/29 13:20:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/29 13:20:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/12/27 12:42:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/27 12:36:12 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/12/27 12:22:42 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/12/27 12:22:42 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/12/23 21:31:12 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/12/23 21:24:57 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/12/23 15:25:11 | 000,001,411 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/23 15:24:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/12/23 15:24:23 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/23 15:24:23 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/23 15:24:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/12/23 15:24:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/23 15:24:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/12/23 15:24:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/23 15:24:23 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/23 15:24:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/12/23 15:24:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/23 15:24:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/12/23 15:24:23 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/12/23 15:24:23 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/12/23 15:24:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/12/23 15:24:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/12/23 15:24:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/12/23 15:24:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/23 15:24:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/12/23 15:24:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/12/23 15:24:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/12/23 15:24:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/23 15:24:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/23 15:24:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/12/23 15:24:23 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/23 15:24:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/12/23 15:24:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/23 15:24:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/23 15:24:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/23 15:24:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/23 15:24:22 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/23 15:24:22 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/23 15:24:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/12/23 15:24:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/12/23 15:24:22 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/23 15:24:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/23 15:24:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/12/23 15:24:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/12/23 15:24:22 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/12/23 15:14:22 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/23 15:07:46 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/12/23 13:36:53 | 000,171,136 | RHS- | M] () -- C:\w7ldr

========== Files Created - No Company Name ==========

[2012/01/01 18:16:30 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/01 18:16:30 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/01/01 17:07:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/01 17:07:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/01 17:07:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/01 17:07:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/01 17:07:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/29 13:20:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/12/29 13:20:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/12/27 12:42:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/27 12:41:48 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/27 12:36:12 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/12/23 21:31:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/23 21:30:54 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/23 21:26:22 | 1582,874,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/23 21:24:57 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/12/23 21:24:55 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2011/12/23 16:06:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/23 15:42:22 | 000,002,401 | ---- | C] () -- C:\Users\Steve\Desktop\Google Chrome.lnk
[2011/12/23 15:41:46 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354182761-4086768543-2085065995-1000UA.job
[2011/12/23 15:41:45 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1354182761-4086768543-2085065995-1000Core.job
[2011/12/23 15:24:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/12/23 15:21:05 | 000,001,411 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/23 14:54:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/23 14:54:08 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/12/23 14:53:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/12/23 14:53:11 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/12/23 14:53:04 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/12/23 14:33:35 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/12/23 14:33:35 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2011/12/23 13:40:46 | 000,001,417 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/23 13:40:00 | 000,000,290 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/23 13:40:00 | 000,000,272 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/23 13:36:53 | 000,171,136 | RHS- | C] () -- C:\w7ldr
[2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/22 10:16:48 | 000,136,496 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,617,460 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,104,702 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\ERDNT\cache\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >




OTL Extras logfile created on: 1/9/2012 10:03:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 63.48% Memory free
3.93 Gb Paging File | 2.83 Gb Available in Paging File | 72.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47.30 Gb Total Space | 29.62 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive E: | 548.55 Gb Total Space | 132.72 Gb Free Space | 24.20% Space Free | Partition Type: HFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"0A86889A63334895E2898E1C618451C13E8BEC74" = Windows Driver Package - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"2A220AD1D71245D60F803E0D8C463ABFFE7C6244" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"3A712FAD839A90C4CD37CE06FA695DCC4E91A52F" = Windows Driver Package - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5A42EC04483B9307C1A29CDA2199268A7A8FA52D" = Windows Driver Package - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows Driver Package - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Android SDK Tools" = Android SDK Tools
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"D7BD0CDD4F84752390916F44F40574507E36FE5E" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (01/19/2009 2.1.2.1)
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
"DD660B87FBFA46A1E99C15466EA26AA41E678250" = Windows Driver Package - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"TVWiz" = Intel® TV Wizard

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1354182761-4086768543-2085065995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2011 4:18:19 PM | Computer Name = Steve-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - The process cannot
access the file because it is being used by another process. for C:\Users\Steve\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error - 12/23/2011 4:18:19 PM | Computer Name = Steve-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The process cannot
access the file because it is being used by another process.

[ System Events ]
Error - 12/28/2011 1:20:07 AM | Computer Name = Steve-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 12/29/2011 2:45:47 PM | Computer Name = Steve-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 1/1/2012 6:08:24 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/1/2012 6:12:55 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/1/2012 6:15:59 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/1/2012 7:36:26 PM | Computer Name = Steve-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2012 4:20:58 PM | Computer Name = Steve-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 1/7/2012 5:51:38 PM | Computer Name = Steve-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:00:47 PM on ?1/?5/?2012 was unexpected.

Error - 1/7/2012 6:22:46 PM | Computer Name = Steve-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 1/9/2012 10:50:24 AM | Computer Name = Steve-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:23 PM

Posted 09 January 2012 - 06:15 PM

Hi,

your log is looking good :) No traces to be seen, I think you remoevd it all.

Just to be safe please run a scan with Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:23 PM

Posted 17 January 2012 - 10:36 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users