Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ping.exe and IE re-directs


  • This topic is locked This topic is locked
48 replies to this topic

#1 dan360

dan360

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 04 January 2012 - 11:30 PM

When all else fails I have come you you fine folk.
ping.exe continuously re-appears in the task manager and drives up memory usage to 100%. In IE google searches re-direct and popups are created i new tabs when firefox is started. A Malwarebyes scan has concluded with no threats. I'm Running a 64 bit system with Windows Vista home premium, thus the GMER log is not included. This problem still persists. Thanks.

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_17
Run by Owner at 23:14:15 on 2012-01-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3963.2036 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.63\npchrome_frame.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [AdobeBridge]
uRun: [<NO NAME>]
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoRealMode = 0 (0x0)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9462A263-61EA-41C1-A9B5-C52FA210ECE6} : DhcpNameServer = 192.168.0.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.63\npchrome_frame.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.63\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.ca/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-8-9 366152]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S2 !SASCORE;SAS Core Service;"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" --> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-11 135664]
S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-11 135664]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-12-23 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-05 03:49:31 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-04 05:04:23 -------- d-----we C:\Windows\system64
2012-01-03 21:51:53 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BCECA3E-F24E-4F68-BC7E-1287ECBCA5EF}\mpengine.dll
2011-12-25 18:27:57 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-12-25 18:27:57 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-12-25 00:44:59 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2011-12-25 00:44:58 -------- d-----w- C:\Program Files\Windows Portable Devices
2011-12-24 18:04:01 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2011-12-24 18:04:01 369664 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2011-12-24 18:04:01 3584 ----a-w- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
2011-12-24 17:36:12 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2011-12-24 17:36:12 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2011-12-24 17:36:11 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-12-24 17:36:11 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-12-24 17:36:11 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-12-24 17:36:11 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-12-24 02:01:44 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-12-24 02:01:38 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-12-24 02:01:38 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-12-24 02:01:37 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-12-24 02:01:36 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-12-24 02:01:36 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-12-24 02:00:45 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-24 02:00:30 316928 ----a-w- C:\Windows\System32\msshsq.dll
2011-12-24 02:00:30 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2011-12-24 01:59:38 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-12-24 01:59:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-24 01:59:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-24 01:57:49 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-12-24 01:57:49 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-12-24 01:57:49 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-12-24 01:57:49 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-12-24 01:57:48 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-12-24 01:57:48 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-12-24 01:57:48 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-12-24 01:57:48 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-12-24 01:57:00 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-24 01:57:00 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-24 01:53:30 695296 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-12-24 01:53:30 35328 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-12-24 01:52:20 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-12-24 01:51:36 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-12-24 01:51:36 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-12-24 01:51:28 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-12-24 01:51:15 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-24 01:51:14 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-12-24 01:51:14 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-12-24 01:50:24 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-12-24 01:50:24 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-12-24 01:50:24 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-12-24 01:50:24 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-12-24 01:50:24 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-12-24 01:50:24 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-12-24 01:50:23 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-12-24 01:50:23 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-12-24 01:50:14 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-24 01:50:14 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-12-23 20:23:38 -------- d-----w- C:\Windows\SysWow64\vi-VN
2011-12-23 20:23:38 -------- d-----w- C:\Windows\SysWow64\eu-ES
2011-12-23 20:23:38 -------- d-----w- C:\Windows\SysWow64\ca-ES
2011-12-23 20:23:38 -------- d-----w- C:\Windows\System32\vi-VN
2011-12-23 20:23:38 -------- d-----w- C:\Windows\System32\eu-ES
2011-12-23 20:23:38 -------- d-----w- C:\Windows\System32\ca-ES
2011-12-23 20:19:59 -------- d-----w- C:\Windows\System32\SPReview
2011-12-23 19:58:11 946688 ----a-w- C:\Windows\System32\scavenge.dll
2011-12-23 19:57:56 56320 ----a-w- C:\Windows\System32\compcln.exe
2011-12-23 19:57:53 3584 ----a-w- C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2011-12-23 19:57:41 7680 ----a-w- C:\Windows\System32\drivers\en-US\bthport.sys.mui
2011-12-23 19:45:59 717312 ----a-w- C:\Windows\System32\netlogon.dll
2011-12-23 19:44:55 98816 ----a-w- C:\Windows\System32\drivers\dxg.sys
2011-12-23 19:43:59 886784 ----a-w- C:\Windows\System32\sysmain.dll
2011-12-23 19:42:59 1575936 ----a-w- C:\Windows\SysWow64\WMVENCOD.DLL
2011-12-23 19:41:52 936448 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-12-15 23:24:13 605968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-13 00:51:41 -------- d-----w- C:\Program Files (x86)\Empire Earth Gold Edition
2011-12-10 15:36:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\Crayon Physics Deluxe
.
==================== Find3M ====================
.
2012-01-04 06:07:31 7010 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-11-11 19:44:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-03 06:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
2011-11-03 06:50:15 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-03 06:49:54 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-03 06:49:36 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-11-03 06:49:36 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-11-03 06:22:04 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-11-03 05:54:27 479232 ----a-w- C:\Windows\System32\html.iec
2011-11-03 05:22:43 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-03 05:11:55 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-11-03 05:10:39 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 04:45:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-01 21:09:18 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-01 21:09:18 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-22 16:20:25 11136744 ----a-w- C:\Spartan.exe
2011-10-22 16:20:16 81998 ----a-w- C:\RockallDLL.dll
2011-10-22 16:20:16 746496 ----a-w- C:\granny2.dll
2011-10-22 16:20:14 173408 ----a-w- C:\pw32b.dll
2011-10-22 16:20:14 139496 ----a-w- C:\eulax.dll
2011-10-22 16:20:12 152848 ----a-w- C:\AOEOnlineReplace.exe
2011-10-22 16:20:11 2984680 ----a-w- C:\AOEOnline.exe
2010-07-28 16:27:23 1228424 ----a-w- C:\Program Files (x86)\ProductionPremium_CS5_LS7.exe
.
============= FINISH: 23:16:18.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:54 AM

Posted 05 January 2012 - 02:04 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Please let me know how the above scans go.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 dan360

dan360
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 05 January 2012 - 11:06 AM

TDSSKiller came up with no threats.

10:50:59.0980 4432 usbuhci - ok
10:51:00.0246 4432 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:51:00.0303 4432 usbvideo - ok
10:51:00.0452 4432 UVCFTR (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
10:51:00.0461 4432 UVCFTR - ok
10:51:00.0651 4432 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:51:00.0731 4432 vga - ok
10:51:00.0856 4432 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:51:00.0918 4432 VgaSave - ok
10:51:01.0228 4432 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:51:01.0258 4432 viaide - ok
10:51:01.0525 4432 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:51:01.0537 4432 volmgr - ok
10:51:01.0790 4432 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:51:01.0842 4432 volmgrx - ok
10:51:02.0034 4432 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:51:02.0075 4432 volsnap - ok
10:51:02.0416 4432 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:51:02.0432 4432 vsmraid - ok
10:51:02.0601 4432 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:51:02.0748 4432 WacomPen - ok
10:51:02.0978 4432 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:03.0007 4432 Wanarp - ok
10:51:03.0041 4432 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:51:03.0067 4432 Wanarpv6 - ok
10:51:03.0381 4432 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:51:03.0415 4432 Wd - ok
10:51:03.0650 4432 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:51:03.0696 4432 Wdf01000 - ok
10:51:03.0961 4432 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:51:04.0022 4432 WmiAcpi - ok
10:51:04.0320 4432 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:51:04.0372 4432 ws2ifsl - ok
10:51:04.0527 4432 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:51:04.0578 4432 WUDFRd - ok
10:51:04.0633 4432 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
10:51:05.0102 4432 \Device\Harddisk0\DR0 - ok
10:51:05.0149 4432 Boot (0x1200) (a5c808d90a06f7e4fe052f919f259b24) \Device\Harddisk0\DR0\Partition0
10:51:05.0188 4432 \Device\Harddisk0\DR0\Partition0 - ok
10:51:05.0222 4432 Boot (0x1200) (f0dacf1aad2e81a8e430546f78447104) \Device\Harddisk0\DR0\Partition1
10:51:05.0223 4432 \Device\Harddisk0\DR0\Partition1 - ok
10:51:05.0224 4432 ============================================================
10:51:05.0224 4432 Scan finished
10:51:05.0224 4432 ============================================================
10:51:05.0240 4400 Detected object count: 0
10:51:05.0240 4400 Actual detected object count: 0

and the OTL

OTL logfile created on: 05/01/2012 10:52:31 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.46% Memory free
7.92 Gb Paging File | 6.03 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.54 Gb Total Space | 75.79 Gb Free Space | 26.92% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 10:50:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/04 01:04:22 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
PRC - [2011/12/13 15:54:34 | 004,757,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/13 19:51:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/01/29 11:16:26 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/10/22 09:43:58 | 002,548,056 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
PRC - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 01:04:22 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2010/07/27 19:18:44 | 005,537,232 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/04/24 18:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/12/13 16:49:47 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/13 19:51:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/10 00:03:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 18:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/11 23:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/30 20:27:14 | 000,508,928 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/08 20:14:24 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2009/04/01 07:56:08 | 000,189,440 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcwhdpvr.sys -- (hcwhdpvr)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/12 05:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/27 17:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 21:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/02 19:27:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 05:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/08/31 17:34:10 | 000,581,120 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2007/08/31 14:13:48 | 000,054,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/12/18 09:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
IE - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.ca/"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/01/29 11:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/04 01:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/04 01:04:26 | 000,000,000 | ---D | M]

[2010/01/26 18:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/01/04 18:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions
[2010/08/06 20:44:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/22 10:19:46 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/08/22 10:19:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/22 10:19:49 | 000,000,000 | ---D | M] ("Flash Video Downloader Youtube Downloader Facebook") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\artur.dubovoy@gmail.com
[2011/07/27 16:38:48 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\autofillForms@blueimp.net
[2012/01/04 01:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/29 11:13:41 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

Hosts file not found
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.63\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0 File not found
O4 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O7 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-3279217432-494864419-1238032467-1000\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9462A263-61EA-41C1-A9B5-C52FA210ECE6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cf - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.63\npchrome_frame.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\new york wallpaper fog.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\new york wallpaper fog.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3c34cf6e-b7ee-11dd-836b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3c34cf6e-b7ee-11dd-836b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Setup.exe
O33 - MountPoints2\{5747b2af-b7db-11dd-92b0-00215d761712}\Shell\AutoRun\command - "" = F:\ConnectProSST.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 10:50:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/05 10:45:10 | 001,073,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp64.exe
[2012/01/05 00:06:54 | 004,757,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp.exe
[2012/01/04 23:10:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/04 10:37:09 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/04 10:15:41 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2012/01/04 00:04:23 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/25 13:27:57 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/12/25 13:27:57 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/12/24 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2011/12/24 19:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/12/24 13:04:01 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2011/12/24 13:04:01 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2011/12/24 13:03:59 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2011/12/24 13:03:59 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2011/12/24 13:03:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2011/12/24 13:03:59 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2011/12/24 13:03:59 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2011/12/24 13:03:59 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2011/12/24 13:03:59 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2011/12/24 13:03:59 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2011/12/24 13:03:59 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2011/12/24 13:03:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2011/12/24 13:03:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2011/12/24 13:03:06 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2011/12/24 13:03:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2011/12/24 13:03:04 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2011/12/24 13:03:04 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2011/12/24 13:03:04 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2011/12/24 13:03:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2011/12/24 13:03:04 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2011/12/24 13:03:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2011/12/24 13:03:03 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2011/12/24 13:03:03 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2011/12/24 13:03:03 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2011/12/24 13:03:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2011/12/24 13:03:03 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2011/12/24 13:03:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2011/12/24 13:03:03 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2011/12/24 12:36:12 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2011/12/24 12:36:12 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2011/12/24 12:36:11 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011/12/24 12:36:11 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011/12/24 12:36:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011/12/24 12:36:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011/12/23 21:01:38 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/12/23 21:01:38 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/12/23 21:01:36 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/12/23 21:00:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/23 21:00:30 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2011/12/23 20:59:38 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/12/23 20:58:51 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011/12/23 20:58:51 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2011/12/23 20:58:51 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/12/23 20:58:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/12/23 20:58:50 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/12/23 20:58:50 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2011/12/23 20:58:50 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011/12/23 20:58:50 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011/12/23 20:58:50 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/12/23 20:58:50 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2011/12/23 20:58:50 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/12/23 20:58:49 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011/12/23 20:58:49 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011/12/23 20:58:49 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2011/12/23 20:58:49 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011/12/23 20:58:49 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2011/12/23 20:58:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2011/12/23 20:58:49 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/12/23 20:58:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/12/23 20:58:48 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/12/23 20:58:48 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011/12/23 20:58:48 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2011/12/23 20:58:48 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011/12/23 20:58:48 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/12/23 20:58:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2011/12/23 20:58:48 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/12/23 20:58:47 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/12/23 20:58:47 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011/12/23 20:58:47 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011/12/23 20:58:47 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2011/12/23 20:58:47 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2011/12/23 20:58:47 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/12/23 20:58:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011/12/23 20:58:46 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2011/12/23 20:58:46 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2011/12/23 20:57:49 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/12/23 20:57:49 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/12/23 20:57:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/12/23 20:57:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/12/23 20:57:48 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/12/23 20:57:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/12/23 20:57:31 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/12/23 20:57:00 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/23 20:57:00 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/23 20:56:56 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/12/23 20:56:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/23 20:56:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/23 20:56:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/12/23 20:56:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/12/23 20:56:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/23 20:56:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/23 20:56:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/12/23 20:56:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/12/23 20:56:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/12/23 20:56:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/23 20:56:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/23 20:56:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/23 20:56:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/23 20:56:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/12/23 20:56:53 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/23 20:56:53 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/23 20:56:52 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/23 20:56:52 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/12/23 20:56:51 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/23 20:56:50 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/23 20:56:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/23 20:56:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/23 20:56:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/23 20:56:48 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/23 20:56:45 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/12/23 20:56:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/12/23 20:56:45 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/12/23 20:56:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/12/23 20:51:28 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/12/23 20:50:24 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/12/23 20:50:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/12/23 20:50:24 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/12/23 20:50:24 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/12/23 20:50:24 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/12/23 20:50:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/12/23 20:50:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/12/23 20:50:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2011/12/23 15:19:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/12/23 14:58:11 | 000,946,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavenge.dll
[2011/12/23 14:57:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\compcln.exe
[2011/12/23 14:46:04 | 002,247,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2011/12/23 14:46:03 | 003,341,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2011/12/23 14:46:03 | 003,235,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2011/12/23 14:46:03 | 003,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2011/12/23 14:46:03 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2011/12/23 14:46:03 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2011/12/23 14:46:03 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2011/12/23 14:46:03 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2011/12/23 14:46:03 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2011/12/23 14:46:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2011/12/23 14:46:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkitemfactory.dll
[2011/12/23 14:46:02 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2011/12/23 14:46:02 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0007.dll
[2011/12/23 14:46:02 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0009.dll
[2011/12/23 14:46:02 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxbde40.dll
[2011/12/23 14:46:02 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlhtml.dll
[2011/12/23 14:46:02 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2011/12/23 14:46:01 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswdat10.dll
[2011/12/23 14:46:01 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswstr10.dll
[2011/12/23 14:46:01 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2011/12/23 14:46:01 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2011/12/23 14:45:59 | 000,717,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2011/12/23 14:45:59 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2011/12/23 14:45:59 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp60.dll
[2011/12/23 14:45:59 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp60.dll
[2011/12/23 14:45:59 | 000,347,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/12/23 14:45:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msutb.dll
[2011/12/23 14:45:59 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2011/12/23 14:45:54 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2011/12/23 14:45:53 | 002,420,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2011/12/23 14:45:53 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetProjW.dll
[2011/12/23 14:45:53 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2011/12/23 14:45:53 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2011/12/23 14:45:53 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2011/12/23 14:45:53 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NcdProp.dll
[2011/12/23 14:45:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NcdProp.dll
[2011/12/23 14:45:52 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2011/12/23 14:45:52 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2011/12/23 14:45:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2011/12/23 14:45:52 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2011/12/23 14:45:51 | 001,444,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2011/12/23 14:45:51 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2011/12/23 14:45:51 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2011/12/23 14:45:51 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2011/12/23 14:45:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2011/12/23 14:45:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2011/12/23 14:45:50 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaui.dll
[2011/12/23 14:45:50 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pcaui.dll
[2011/12/23 14:45:50 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2011/12/23 14:45:49 | 002,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2011/12/23 14:45:49 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2011/12/23 14:45:49 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpui.dll
[2011/12/23 14:45:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2011/12/23 14:45:49 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PNPXAssoc.dll
[2011/12/23 14:45:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2011/12/23 14:45:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPutil.exe
[2011/12/23 14:45:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PJLMON.DLL
[2011/12/23 14:45:48 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2011/12/23 14:45:48 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2011/12/23 14:45:48 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpsetup.dll
[2011/12/23 14:45:48 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnpsetup.dll
[2011/12/23 14:45:47 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pidgenx.dll
[2011/12/23 14:45:46 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pidgenx.dll
[2011/12/23 14:45:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2011/12/23 14:45:45 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2011/12/23 14:45:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2011/12/23 14:45:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2011/12/23 14:45:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2011/12/23 14:45:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2011/12/23 14:45:44 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/12/23 14:45:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2011/12/23 14:45:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2011/12/23 14:45:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2011/12/23 14:45:43 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntmarta.dll
[2011/12/23 14:45:42 | 002,438,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oobefldr.dll
[2011/12/23 14:45:42 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oobefldr.dll
[2011/12/23 14:45:42 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\P2PGraph.dll
[2011/12/23 14:45:42 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\P2PGraph.dll
[2011/12/23 14:45:42 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2011/12/23 14:45:42 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2011/12/23 14:45:41 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offfilt.dll
[2011/12/23 14:45:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2011/12/23 14:45:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/12/23 14:45:40 | 001,740,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2011/12/23 14:45:39 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2011/12/23 14:45:39 | 001,499,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2011/12/23 14:45:39 | 001,040,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2011/12/23 14:45:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfp.dll
[2011/12/23 14:45:39 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleprn.dll
[2011/12/23 14:45:39 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfui.dll
[2011/12/23 14:45:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleprn.dll
[2011/12/23 14:45:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfui.dll
[2011/12/23 14:45:39 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfp.dll
[2011/12/23 14:45:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsCtfMonitor.dll
[2011/12/23 14:45:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsCtfMonitor.dll
[2011/12/23 14:45:38 | 000,727,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtcprx.dll
[2011/12/23 14:45:38 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2011/12/23 14:45:38 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexch40.dll
[2011/12/23 14:45:38 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexcl40.dll
[2011/12/23 14:45:36 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2011/12/23 14:45:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2011/12/23 14:45:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2011/12/23 14:45:35 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2011/12/23 14:45:35 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2011/12/23 14:45:34 | 003,108,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2011/12/23 14:45:34 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2011/12/23 14:45:33 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2011/12/23 14:45:31 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2011/12/23 14:45:31 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2011/12/23 14:45:31 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2011/12/23 14:45:31 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2011/12/23 14:45:31 | 000,073,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2011/12/23 14:45:30 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe
[2011/12/23 14:45:30 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mspbde40.dll
[2011/12/23 14:45:30 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscandui.dll
[2011/12/23 14:45:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscandui.dll
[2011/12/23 14:45:30 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2011/12/23 14:45:30 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/12/23 14:45:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/12/23 14:45:29 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrepl40.dll
[2011/12/23 14:45:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2011/12/23 14:45:29 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd3x40.dll
[2011/12/23 14:45:29 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd2x40.dll
[2011/12/23 14:45:29 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjtes40.dll
[2011/12/23 14:45:29 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msltus40.dll
[2011/12/23 14:45:29 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/12/23 14:45:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjter40.dll
[2011/12/23 14:45:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/12/23 14:45:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscb.dll
[2011/12/23 14:45:29 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2011/12/23 14:45:28 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjet40.dll
[2011/12/23 14:45:28 | 000,796,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/12/23 14:45:28 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2VDEC.DLL
[2011/12/23 14:45:28 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/12/23 14:45:28 | 000,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2011/12/23 14:45:28 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2VDEC.DLL
[2011/12/23 14:45:28 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2011/12/23 14:45:28 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstext40.dll
[2011/12/23 14:45:28 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2011/12/23 14:45:28 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2011/12/23 14:45:28 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2011/12/23 14:45:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstlsapi.dll
[2011/12/23 14:45:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstlsapi.dll
[2011/12/23 14:45:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjint40.dll
[2011/12/23 14:45:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msisip.dll
[2011/12/23 14:45:27 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/12/23 14:45:27 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2011/12/23 14:45:27 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2011/12/23 14:45:27 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2011/12/23 14:45:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2011/12/23 14:45:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2011/12/23 14:45:26 | 002,280,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/12/23 14:45:26 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/12/23 14:45:26 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/12/23 14:45:26 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/12/23 14:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msstrc.dll
[2011/12/23 14:45:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2011/12/23 14:45:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2011/12/23 14:45:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimtf.dll
[2011/12/23 14:45:24 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2011/12/23 14:45:24 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2011/12/23 14:45:24 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msisip.dll
[2011/12/23 14:45:22 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2011/12/23 14:45:22 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2011/12/23 14:45:22 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scksp.dll
[2011/12/23 14:45:22 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2011/12/23 14:45:22 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2011/12/23 14:45:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scksp.dll
[2011/12/23 14:45:20 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/12/23 14:45:19 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdohlp.dll
[2011/12/23 14:45:19 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2011/12/23 14:45:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/12/23 14:45:15 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiapi.dll
[2011/12/23 14:45:14 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2011/12/23 14:45:14 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2011/12/23 14:45:14 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011/12/23 14:45:14 | 000,055,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSHED.DLL
[2011/12/23 14:45:13 | 002,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2011/12/23 14:45:13 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2011/12/23 14:45:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasapi32.dll
[2011/12/23 14:45:13 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2011/12/23 14:45:13 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2011/12/23 14:45:13 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2011/12/23 14:45:13 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2011/12/23 14:45:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2011/12/23 14:45:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdial.exe
[2011/12/23 14:45:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdial.exe
[2011/12/23 14:45:12 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2011/12/23 14:45:12 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2011/12/23 14:45:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2011/12/23 14:45:12 | 000,123,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2011/12/23 14:45:12 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2011/12/23 14:45:11 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2011/12/23 14:45:11 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2011/12/23 14:45:11 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2011/12/23 14:45:11 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2011/12/23 14:45:11 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2011/12/23 14:45:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powrprof.dll
[2011/12/23 14:45:10 | 001,165,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2011/12/23 14:45:10 | 000,923,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2011/12/23 14:45:10 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnntfy.dll
[2011/12/23 14:45:10 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnntfy.dll
[2011/12/23 14:45:10 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propdefs.dll
[2011/12/23 14:45:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2011/12/23 14:45:09 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2011/12/23 14:45:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2011/12/23 14:45:09 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2011/12/23 14:45:09 | 000,289,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2011/12/23 14:45:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2011/12/23 14:45:09 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationSettings.exe
[2011/12/23 14:45:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2011/12/23 14:45:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2011/12/23 14:45:09 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2011/12/23 14:45:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rshx32.dll
[2011/12/23 14:45:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2011/12/23 14:45:08 | 000,671,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2011/12/23 14:45:08 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2011/12/23 14:45:08 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2011/12/23 14:45:08 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2011/12/23 14:45:08 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2011/12/23 14:45:08 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2011/12/23 14:45:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtffilt.dll
[2011/12/23 14:45:08 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2011/12/23 14:45:07 | 000,911,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdlg.dll
[2011/12/23 14:45:07 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdlg.dll
[2011/12/23 14:45:07 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2011/12/23 14:45:07 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasgcw.dll
[2011/12/23 14:45:07 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2011/12/23 14:45:07 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RelMon.dll
[2011/12/23 14:45:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasplap.dll
[2011/12/23 14:45:07 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasplap.dll
[2011/12/23 14:45:07 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RelMon.dll
[2011/12/23 14:45:07 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2011/12/23 14:45:07 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2011/12/23 14:45:07 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmontr.dll
[2011/12/23 14:45:07 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmontr.dll
[2011/12/23 14:45:07 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2011/12/23 14:45:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastapi.dll
[2011/12/23 14:45:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2011/12/23 14:45:06 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2011/12/23 14:45:06 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2011/12/23 14:45:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2011/12/23 14:45:06 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2011/12/23 14:45:06 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2011/12/23 14:45:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2011/12/23 14:45:06 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2011/12/23 14:45:06 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2011/12/23 14:45:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reg.exe
[2011/12/23 14:45:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2011/12/23 14:45:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2011/12/23 14:45:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\reg.exe
[2011/12/23 14:45:06 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2011/12/23 14:45:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rekeywiz.exe
[2011/12/23 14:45:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2011/12/23 14:45:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rekeywiz.exe
[2011/12/23 14:45:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/12/23 14:45:05 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2011/12/23 14:45:05 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2011/12/23 14:45:05 | 001,185,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2011/12/23 14:45:05 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2011/12/23 14:45:05 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapimig.exe
[2011/12/23 14:45:05 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsound.dll
[2011/12/23 14:45:05 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2011/12/23 14:45:05 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2011/12/23 14:45:05 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapimig.exe
[2011/12/23 14:45:05 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2011/12/23 14:45:05 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2011/12/23 14:45:05 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2011/12/23 14:45:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2011/12/23 14:45:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2011/12/23 14:45:05 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/12/23 14:45:05 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsprop.dll
[2011/12/23 14:45:05 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsprop.dll
[2011/12/23 14:45:05 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmsynth.dll
[2011/12/23 14:45:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmusic.dll
[2011/12/23 14:45:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2011/12/23 14:45:05 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskadp.dll
[2011/12/23 14:45:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskmon.dll
[2011/12/23 14:45:05 | 000,029,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys
[2011/12/23 14:45:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceEject.exe
[2011/12/23 14:45:04 | 001,930,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2011/12/23 14:45:04 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2011/12/23 14:45:04 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devmgr.dll
[2011/12/23 14:45:04 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devmgr.dll
[2011/12/23 14:45:04 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2011/12/23 14:45:04 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2011/12/23 14:45:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2011/12/23 14:45:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/12/23 14:45:04 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingWizard.exe
[2011/12/23 14:45:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2011/12/23 14:45:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingProxy.dll
[2011/12/23 14:45:04 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingProxy.dll
[2011/12/23 14:45:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dataclen.dll
[2011/12/23 14:45:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2011/12/23 14:45:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2011/12/23 14:45:03 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2011/12/23 14:45:03 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBth.dll
[2011/12/23 14:45:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBth.dll
[2011/12/23 14:45:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdSSDP.dll
[2011/12/23 14:45:03 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingWizard.exe
[2011/12/23 14:45:03 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdSSDP.dll
[2011/12/23 14:45:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2011/12/23 14:45:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2011/12/23 14:45:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fc.exe
[2011/12/23 14:45:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fc.exe
[2011/12/23 14:45:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBthProxy.dll
[2011/12/23 14:45:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBthProxy.dll
[2011/12/23 14:45:02 | 003,079,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/12/23 14:45:02 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/12/23 14:45:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2011/12/23 14:45:02 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fundisc.dll
[2011/12/23 14:45:02 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2011/12/23 14:45:02 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2011/12/23 14:45:02 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2011/12/23 14:45:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\f3ahvoas.dll
[2011/12/23 14:45:02 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2011/12/23 14:45:02 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/12/23 14:45:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\f3ahvoas.dll
[2011/12/23 14:45:01 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FunctionDiscoveryFolder.dll
[2011/12/23 14:45:01 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FunctionDiscoveryFolder.dll
[2011/12/23 14:45:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2011/12/23 14:45:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWSD.dll
[2011/12/23 14:45:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\feclient.dll
[2011/12/23 14:45:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdWSD.dll
[2011/12/23 14:45:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\feclient.dll
[2011/12/23 14:45:01 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2011/12/23 14:45:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2011/12/23 14:44:55 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2011/12/23 14:44:55 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2011/12/23 14:44:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll
[2011/12/23 14:44:55 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2011/12/23 14:44:55 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2011/12/23 14:44:55 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys
[2011/12/23 14:44:55 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2011/12/23 14:44:54 | 002,506,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/12/23 14:44:54 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/12/23 14:44:54 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2011/12/23 14:44:54 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2011/12/23 14:44:54 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2011/12/23 14:44:54 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2011/12/23 14:44:54 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll
[2011/12/23 14:44:54 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2011/12/23 14:44:54 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2011/12/23 14:44:54 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorShell.dll
[2011/12/23 14:44:54 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2011/12/23 14:44:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorPwdMgr.dll
[2011/12/23 14:44:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorPwdMgr.dll
[2011/12/23 14:44:53 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2011/12/23 14:44:53 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2011/12/23 14:44:53 | 000,153,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2011/12/23 14:44:53 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2011/12/23 14:44:52 | 001,418,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2011/12/23 14:44:52 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2011/12/23 14:44:52 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2011/12/23 14:44:52 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2011/12/23 14:44:52 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2011/12/23 14:44:52 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2011/12/23 14:44:52 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2011/12/23 14:44:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsigd.dll
[2011/12/23 14:44:51 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\brcpl.dll
[2011/12/23 14:44:51 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2011/12/23 14:44:51 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2011/12/23 14:44:51 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2011/12/23 14:44:51 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2011/12/23 14:44:51 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2011/12/23 14:44:51 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2011/12/23 14:44:51 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayDriverLib.dll
[2011/12/23 14:44:51 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2011/12/23 14:44:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\btpanui.dll
[2011/12/23 14:44:51 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthudtask.exe
[2011/12/23 14:44:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthudtask.exe
[2011/12/23 14:44:50 | 001,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2011/12/23 14:44:50 | 001,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2011/12/23 14:44:50 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthci.dll
[2011/12/23 14:44:49 | 002,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apds.dll
[2011/12/23 14:44:49 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apds.dll
[2011/12/23 14:44:49 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2011/12/23 14:44:48 | 002,272,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2011/12/23 14:44:48 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2011/12/23 14:44:48 | 000,734,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2011/12/23 14:44:48 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2011/12/23 14:44:48 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2011/12/23 14:44:48 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2011/12/23 14:44:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2011/12/23 14:44:48 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authz.dll
[2011/12/23 14:44:48 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\audiodg.exe
[2011/12/23 14:44:47 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2011/12/23 14:44:47 | 000,123,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2011/12/23 14:44:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmmon32.exe
[2011/12/23 14:44:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmmon32.exe
[2011/12/23 14:44:46 | 000,521,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmdial32.dll
[2011/12/23 14:44:46 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmdial32.dll
[2011/12/23 14:44:45 | 000,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2011/12/23 14:44:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2011/12/23 14:44:44 | 001,691,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\connect.dll
[2011/12/23 14:44:44 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2011/12/23 14:44:44 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2011/12/23 14:44:44 | 001,259,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2011/12/23 14:44:44 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2011/12/23 14:44:44 | 001,035,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2011/12/23 14:44:44 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comuid.dll
[2011/12/23 14:44:44 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comuid.dll
[2011/12/23 14:44:44 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2011/12/23 14:44:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conime.exe
[2011/12/23 14:44:44 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\conime.exe
[2011/12/23 14:44:44 | 000,039,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2011/12/23 14:44:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2011/12/23 14:44:43 | 001,748,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2011/12/23 14:44:43 | 001,658,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2011/12/23 14:44:43 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2011/12/23 14:44:43 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\console.dll
[2011/12/23 14:44:42 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2011/12/23 14:44:42 | 000,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnrollUI.dll
[2011/12/23 14:44:42 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnrollUI.dll
[2011/12/23 14:44:42 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certreq.exe
[2011/12/23 14:44:42 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certreq.exe
[2011/12/23 14:44:42 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cbsra.exe
[2011/12/23 14:44:41 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2011/12/23 14:44:41 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2011/12/23 14:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2011/12/23 14:44:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cipher.exe
[2011/12/23 14:44:40 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2011/12/23 14:44:40 | 000,164,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2011/12/23 14:44:40 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cipher.exe
[2011/12/23 14:44:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CHxReadingStringIME.dll
[2011/12/23 14:44:39 | 006,100,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chtbrkr.dll
[2011/12/23 14:44:39 | 000,380,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2011/12/23 14:44:39 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2011/12/23 14:44:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CHxReadingStringIME.dll
[2011/12/23 14:44:38 | 001,676,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chsbrkr.dll
[2011/12/23 14:44:38 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2011/12/23 14:44:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2011/12/23 14:44:38 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2011/12/23 14:44:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2011/12/23 14:44:37 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2011/12/23 14:44:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\korwbrkr.dll
[2011/12/23 14:44:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2011/12/23 14:44:37 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2011/12/23 14:44:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logagent.exe
[2011/12/23 14:44:37 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2011/12/23 14:44:37 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2011/12/23 14:44:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2011/12/23 14:44:36 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2011/12/23 14:44:36 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2011/12/23 14:44:36 | 000,171,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2011/12/23 14:44:36 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2011/12/23 14:44:36 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2011/12/23 14:44:36 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\l2nacp.dll
[2011/12/23 14:44:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\l2nacp.dll
[2011/12/23 14:44:36 | 000,046,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardcpl.cpl
[2011/12/23 14:44:35 | 000,620,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2011/12/23 14:44:35 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2011/12/23 14:44:35 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2011/12/23 14:44:35 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2011/12/23 14:44:35 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2011/12/23 14:44:35 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2011/12/23 14:44:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2011/12/23 14:44:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2011/12/23 14:44:34 | 000,935,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsecsnp.dll
[2011/12/23 14:44:34 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsecsnp.dll
[2011/12/23 14:44:34 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2011/12/23 14:44:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipconfig.exe
[2011/12/23 14:44:33 | 002,715,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2011/12/23 14:44:33 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\milcore.dll
[2011/12/23 14:44:33 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\milcore.dll
[2011/12/23 14:44:33 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2011/12/23 14:44:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2011/12/23 14:44:33 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2011/12/23 14:44:32 | 003,263,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2011/12/23 14:44:32 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2011/12/23 14:44:32 | 001,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2011/12/23 14:44:32 | 001,060,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2011/12/23 14:44:32 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2011/12/23 14:44:32 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2011/12/23 14:44:32 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2011/12/23 14:44:32 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpr.dll
[2011/12/23 14:44:32 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmci.dll
[2011/12/23 14:44:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcico.dll
[2011/12/23 14:44:31 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2011/12/23 14:44:31 | 000,967,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2011/12/23 14:44:31 | 000,403,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2011/12/23 14:44:31 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2011/12/23 14:44:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\modemui.dll
[2011/12/23 14:44:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\modemui.dll
[2011/12/23 14:44:31 | 000,223,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2011/12/23 14:44:31 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mdminst.dll
[2011/12/23 14:44:23 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hdwwiz.exe
[2011/12/23 14:44:23 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hdwwiz.exe
[2011/12/23 14:44:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2011/12/23 14:44:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2011/12/23 14:44:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2011/12/23 14:44:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2011/12/23 14:44:19 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpedit.dll
[2011/12/23 14:44:19 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpedit.dll
[2011/12/23 14:44:19 | 000,779,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2011/12/23 14:44:19 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2011/12/23 14:44:19 | 000,166,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2011/12/23 14:44:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2011/12/23 14:44:18 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpresult.exe
[2011/12/23 14:44:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2011/12/23 14:44:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2011/12/23 14:44:18 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpupdate.exe
[2011/12/23 14:44:15 | 001,019,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2011/12/23 14:44:15 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2011/12/23 14:44:15 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2011/12/23 14:44:15 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2011/12/23 14:44:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imm32.dll
[2011/12/23 14:44:14 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2011/12/23 14:44:14 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2011/12/23 14:44:13 | 001,381,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2011/12/23 14:44:13 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2011/12/23 14:44:13 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifmon.dll
[2011/12/23 14:44:13 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifmon.dll
[2011/12/23 14:44:13 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2011/12/23 14:44:13 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2011/12/23 14:44:12 | 001,146,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2011/12/23 14:44:12 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2011/12/23 14:44:12 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2011/12/23 14:44:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2011/12/23 14:44:12 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi.dll
[2011/12/23 14:44:12 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi.dll
[2011/12/23 14:44:11 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsdyn.dll
[2011/12/23 14:44:11 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2011/12/23 14:44:11 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2011/12/23 14:44:11 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2011/12/23 14:44:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2011/12/23 14:44:11 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/12/23 14:44:11 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2011/12/23 14:44:11 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsutil.dll
[2011/12/23 14:44:11 | 000,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2011/12/23 14:44:11 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\version.dll
[2011/12/23 14:44:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2011/12/23 14:44:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdmdbg.dll
[2011/12/23 14:44:10 | 001,279,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2011/12/23 14:44:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2011/12/23 14:44:10 | 000,820,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2011/12/23 14:44:10 | 000,785,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Utilman.exe
[2011/12/23 14:44:10 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Utilman.exe
[2011/12/23 14:44:10 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsdyn.dll
[2011/12/23 14:44:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2011/12/23 14:44:10 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2011/12/23 14:44:10 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ulib.dll
[2011/12/23 14:44:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ulib.dll
[2011/12/23 14:44:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSTheme.exe
[2011/12/23 14:44:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSTheme.exe
[2011/12/23 14:44:10 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2011/12/23 14:44:10 | 000,034,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2011/12/23 14:44:08 | 001,681,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz.dll
[2011/12/23 14:44:08 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz.dll
[2011/12/23 14:44:08 | 001,234,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2011/12/23 14:44:08 | 001,085,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz2.dll
[2011/12/23 14:44:08 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2011/12/23 14:44:08 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz2.dll
[2011/12/23 14:44:08 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdscore.dll
[2011/12/23 14:44:08 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnNetsh.dll
[2011/12/23 14:44:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2011/12/23 14:44:08 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnNetsh.dll
[2011/12/23 14:44:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys
[2011/12/23 14:44:07 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2011/12/23 14:44:06 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2011/12/23 14:44:00 | 002,575,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2011/12/23 14:44:00 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2011/12/23 14:43:59 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2011/12/23 14:43:59 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2011/12/23 14:43:59 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2011/12/23 14:43:59 | 000,068,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2011/12/23 14:43:57 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/12/23 14:43:57 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2011/12/23 14:43:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2011/12/23 14:43:56 | 002,204,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/12/23 14:43:56 | 001,301,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2011/12/23 14:43:56 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thawbrkr.dll
[2011/12/23 14:43:56 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2011/12/23 14:43:54 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2011/12/23 14:43:54 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2011/12/23 14:43:54 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2011/12/23 14:43:54 | 000,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2011/12/23 14:43:54 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2011/12/23 14:43:53 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2011/12/23 14:43:51 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2011/12/23 14:43:51 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2011/12/23 14:43:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpmon.dll
[2011/12/23 14:43:51 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmon.dll
[2011/12/23 14:43:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2011/12/23 14:43:50 | 001,738,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscui.cpl
[2011/12/23 14:43:50 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WscEapPr.dll
[2011/12/23 14:43:50 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WscEapPr.dll
[2011/12/23 14:43:50 | 000,264,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2011/12/23 14:43:50 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscntfy.dll
[2011/12/23 14:43:50 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscntfy.dll
[2011/12/23 14:43:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2011/12/23 14:43:50 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2011/12/23 14:43:50 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2011/12/23 14:43:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshext.dll
[2011/12/23 14:43:50 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2011/12/23 14:43:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/12/23 14:43:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/12/23 14:43:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsepno.dll
[2011/12/23 14:43:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscisvif.dll
[2011/12/23 14:43:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscisvif.dll
[2011/12/23 14:43:49 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2011/12/23 14:43:49 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscui.cpl
[2011/12/23 14:43:49 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2011/12/23 14:43:49 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2011/12/23 14:43:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2011/12/23 14:43:49 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDMon.dll
[2011/12/23 14:43:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2011/12/23 14:43:49 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2011/12/23 14:43:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2011/12/23 14:43:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2011/12/23 14:43:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2011/12/23 14:43:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2011/12/23 14:43:48 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2011/12/23 14:43:44 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2011/12/23 14:43:44 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2011/12/23 14:43:21 | 000,557,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2011/12/23 14:43:20 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/12/23 14:43:20 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/12/23 14:43:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpcao.dll
[2011/12/23 14:43:19 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpcao.dll
[2011/12/23 14:43:18 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2011/12/23 14:43:18 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/12/23 14:43:16 | 001,882,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2011/12/23 14:43:12 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/12/23 14:43:06 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2011/12/23 14:43:05 | 001,543,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2011/12/23 14:43:05 | 000,622,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2011/12/23 14:43:04 | 001,891,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2011/12/23 14:43:01 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/12/23 14:42:59 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2011/12/23 14:42:56 | 002,680,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2011/12/23 14:42:55 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2011/12/23 14:42:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmlfilter.dll
[2011/12/23 14:42:47 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2011/12/23 14:42:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2011/12/23 14:42:44 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2011/12/23 14:42:44 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2011/12/23 14:42:43 | 001,065,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2011/12/23 14:42:43 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2011/12/23 14:42:43 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2011/12/23 14:42:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsldpc.dll
[2011/12/23 14:42:43 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldpc.dll
[2011/12/23 14:42:43 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsmsext.dll
[2011/12/23 14:42:43 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsmsext.dll
[2011/12/23 14:42:42 | 001,673,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeCPL.dll
[2011/12/23 14:42:40 | 001,394,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wercon.exe
[2011/12/23 14:42:40 | 001,114,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2011/12/23 14:42:40 | 001,110,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2011/12/23 14:42:40 | 000,946,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2011/12/23 14:42:40 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2011/12/23 14:42:40 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2011/12/23 14:42:40 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2011/12/23 14:42:40 | 000,688,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2011/12/23 14:42:40 | 000,669,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaaut.dll
[2011/12/23 14:42:40 | 000,660,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2011/12/23 14:42:40 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaaut.dll
[2011/12/23 14:42:40 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2011/12/23 14:42:40 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2011/12/23 14:42:40 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2011/12/23 14:42:40 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2011/12/23 14:42:40 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2011/12/23 14:42:40 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtapi.dll
[2011/12/23 14:42:40 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2011/12/23 14:42:40 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2011/12/23 14:42:40 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2011/12/23 14:42:40 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtapi.dll
[2011/12/23 14:42:40 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtutil.exe
[2011/12/23 14:42:40 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2011/12/23 14:42:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtutil.exe
[2011/12/23 14:42:40 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlgpclnt.dll
[2011/12/23 14:42:40 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlgpclnt.dll
[2011/12/23 14:42:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\whealogr.dll
[2011/12/23 14:42:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\whealogr.dll
[2011/12/23 14:42:38 | 003,894,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2011/12/23 14:42:38 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2011/12/23 14:42:38 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2011/12/23 14:42:37 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2011/12/23 14:42:37 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2011/12/23 14:42:37 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2011/12/23 14:42:37 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2011/12/23 14:42:36 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2011/12/23 14:42:36 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2011/12/23 14:42:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2011/12/23 14:42:36 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2011/12/23 14:41:52 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2011/12/23 14:41:52 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCommDlg.dll
[2011/12/23 14:41:52 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLUI.exe
[2011/12/23 14:41:52 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLLUA.exe
[2011/12/23 14:41:52 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwmi.dll
[2011/12/23 14:41:52 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2011/12/23 14:41:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwmi.dll
[2011/12/23 14:41:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/12/23 14:41:51 | 001,925,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2011/12/23 14:41:51 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sperror.dll
[2011/12/23 14:41:51 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2011/12/23 14:41:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sperror.dll
[2011/12/23 14:41:51 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2011/12/23 14:41:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2011/12/23 14:41:51 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2011/12/23 14:41:51 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\softkbd.dll
[2011/12/23 14:41:51 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2011/12/23 14:41:51 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\softkbd.dll
[2011/12/23 14:41:51 | 000,116,736 | ---- | C] (Microsoft) -- C:\Windows\SysNative\SMBHelperClass.dll
[2011/12/23 14:41:51 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\SMBHelperClass.dll
[2011/12/23 14:41:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spcmsg.dll
[2011/12/23 14:41:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spcmsg.dll
[2011/12/23 14:41:50 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCExt.dll
[2011/12/23 14:41:50 | 000,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcc.dll
[2011/12/23 14:41:50 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcc.dll
[2011/12/23 14:41:50 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2011/12/23 14:41:50 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCExt.dll
[2011/12/23 14:41:50 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCommDlg.dll
[2011/12/23 14:41:50 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2011/12/23 14:41:50 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2011/12/23 14:41:50 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2011/12/23 14:41:50 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLC.dll
[2011/12/23 14:41:50 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2011/12/23 14:41:50 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2011/12/23 14:41:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sendmail.dll
[2011/12/23 14:41:50 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcinst.dll
[2011/12/23 14:41:50 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcinst.dll
[2011/12/23 14:41:39 | 000,164,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Storport.sys
[2011/12/23 14:41:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Storprop.dll
[2011/12/23 14:41:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Storprop.dll
[2011/12/23 14:41:38 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys
[2011/12/23 14:41:38 | 000,581,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2011/12/23 14:41:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2011/12/23 14:41:38 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2011/12/23 14:41:38 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2011/12/23 14:41:38 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2011/12/23 14:41:38 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2011/12/23 14:41:38 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spinstall.exe
[2011/12/23 14:41:38 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spoolss.dll
[2011/12/23 14:41:38 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2011/12/23 14:41:38 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2011/12/23 14:41:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizui.dll
[2011/12/23 14:41:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spoolss.dll
[2011/12/23 14:41:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2011/12/23 14:41:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spreview.exe
[2011/12/23 14:41:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwinsat.dll
[2011/12/23 14:41:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwinsat.dll
[2011/12/13 21:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011/12/13 21:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2011/12/12 19:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011/12/12 19:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Earth Gold Edition
[2011/12/10 10:37:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Crayon Physics Deluxe
[2011/12/10 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Crayon Physics Deluxe
[2011/12/09 16:56:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Forgottenhp 2
[2011/12/09 16:55:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[2011/12/09 16:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[2010/07/27 20:06:16 | 001,228,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ProductionPremium_CS5_LS7.exe
[4 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[2 C:\Users\Owner\*.tmp files -> C:\Users\Owner\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 10:50:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/05 10:49:37 | 000,795,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/05 10:49:37 | 000,674,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/05 10:49:37 | 000,133,074 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/05 10:45:30 | 001,073,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp64.exe
[2012/01/05 10:43:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 10:43:27 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 10:43:27 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 10:43:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 10:43:14 | 4156,555,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 00:15:35 | 000,001,786 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/04 23:48:42 | 000,002,611 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word.lnk
[2012/01/04 23:39:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 23:10:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/04 20:03:48 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Documents\MBR.dat
[2012/01/04 19:01:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3EEF6292-6483-45EB-8622-92B8CF775846}.job
[2012/01/04 10:37:24 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/04 01:07:31 | 000,007,010 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2012/01/04 00:55:10 | 000,086,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/03 11:59:59 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2011/12/31 11:36:19 | 005,025,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/30 21:28:08 | 000,035,128 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg
[2011/12/30 18:49:23 | 475,011,423 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid1.mp4
[2011/12/30 16:29:39 | 008,434,703 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid.mp4
[2011/12/30 15:35:11 | 000,034,976 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg.bak
[2011/12/24 19:44:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/12/23 16:17:14 | 000,002,800 | ---- | M] () -- C:\Users\Owner\Documents\Register Vegas Pro.htm
[2011/12/23 16:11:56 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 11.0 (64-bit).lnk
[2011/12/23 15:26:11 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2011/12/21 17:11:54 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/13 21:37:37 | 000,001,820 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\EliseProfile0.dat
[2011/12/13 15:54:34 | 004,757,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp.exe
[2011/12/12 19:53:35 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth - The Art of Conquest.lnk
[2011/12/12 19:53:35 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2011/12/09 16:55:22 | 000,002,078 | ---- | M] () -- C:\Users\Owner\Desktop\Forgotten Hope 2.lnk
[4 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[2 C:\Users\Owner\*.tmp files -> C:\Users\Owner\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 22:42:13 | 4156,555,264 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/04 20:03:48 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Documents\MBR.dat
[2011/12/30 16:43:54 | 475,011,423 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid1.mp4
[2011/12/30 15:54:13 | 008,434,703 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid.mp4
[2011/12/30 15:35:11 | 000,035,128 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg
[2011/12/30 15:35:11 | 000,034,976 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg.bak
[2011/12/24 19:44:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/12/23 16:11:56 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 11.0 (64-bit).lnk
[2011/12/23 14:45:39 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2011/12/23 14:45:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/12/23 14:45:13 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2011/12/23 14:45:13 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2011/12/23 14:45:13 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml
[2011/12/23 14:45:13 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml
[2011/12/23 14:45:06 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2011/12/23 14:44:54 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2011/12/23 14:44:54 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2011/12/23 14:44:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/12/23 14:43:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/12/23 14:43:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2011/12/23 14:43:53 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/12/23 14:42:40 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2011/12/23 14:41:52 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2011/12/23 14:41:51 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2011/12/23 14:41:51 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2011/12/23 14:41:51 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2011/12/23 14:34:43 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2011/12/13 21:27:48 | 000,001,820 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\EliseProfile0.dat
[2011/12/13 21:02:50 | 000,001,786 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/12/12 19:53:35 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth - The Art of Conquest.lnk
[2011/12/12 19:53:35 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2011/12/09 16:55:22 | 000,002,078 | ---- | C] () -- C:\Users\Owner\Desktop\Forgotten Hope 2.lnk
[2011/05/18 17:50:43 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI
[2011/05/18 17:41:07 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2011/05/18 17:40:29 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/03 12:00:21 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/03/27 19:35:14 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/12/25 12:19:42 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys
[2010/12/25 12:16:10 | 000,033,127 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/12/25 12:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2010/12/25 12:15:18 | 000,002,336 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/12/13 19:51:52 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/13 19:51:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/19 15:14:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/08/10 13:09:16 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/09 13:36:35 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/29 13:50:25 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/07/27 20:06:16 | 3398,402,251 | ---- | C] () -- C:\Program Files (x86)\ProductionPremium_CS5_LS7.7z
[2010/06/28 10:41:51 | 000,000,617 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\myMPQ.ini
[2010/05/25 18:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2010/01/26 18:56:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/16 23:48:44 | 000,000,085 | ---- | C] () -- C:\Windows\ScreenHunter.INI
[2009/09/11 19:17:34 | 000,000,000 | ---- | C] () -- C:\Windows\SMM_HCEditor.INI
[2009/04/28 20:43:55 | 000,789,732 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/05 12:18:21 | 000,130,861 | ---- | C] () -- C:\Windows\hpoins18.dat
[2008/12/05 12:08:18 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2008/11/23 11:39:44 | 000,086,528 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 10:35:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/21 09:27:27 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/11/21 09:27:27 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/11/21 09:27:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/11/21 09:27:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/11/21 09:27:27 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/11/21 09:27:27 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/11/21 09:12:12 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/11/21 09:12:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/11/21 09:12:12 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/11/21 09:10:36 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/11/21 09:09:45 | 000,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2008/07/10 21:23:59 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/07/10 21:23:56 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/07/10 21:23:53 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/07/10 20:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/19 12:50:12 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Documents\clip0015.avi:TOC.WMV
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:63238B95
@Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:gnojStiSEVIGVsU4rJh
@Alternate Data Stream - 1118 bytes -> C:\ProgramData\Microsoft:8VQKJVBTzmRF9sBCgLQleSYF

< End of report >

And the Extra

OTL Extras logfile created on: 05/01/2012 10:52:31 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 54.46% Memory free
7.92 Gb Paging File | 6.03 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.54 Gb Total Space | 75.79 Gb Free Space | 26.92% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- %SystemRoot%\SysWow64\winhlp32.exe %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- %SystemRoot%\SysWow64\winhlp32.exe %1

[HKEY_USERS\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\SysWow64\winhlp32.exe %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\SysWow64\winhlp32.exe %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FA C0 33 07 B2 C1 CC 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BA8108-784F-4585-9F52-2E2B40B96DC8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{08F761FE-B5EE-4405-A038-C44BA3161C57}" = lport=3390 | protocol=6 | dir=in | app=system |
"{16B1B7B8-B9D1-4C7F-9D9F-495C8E56F2A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{266D69EB-12E2-4267-A325-18DC449667AE}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{27085E77-7A36-4E64-AEFC-B988E4BB4718}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AAA8DAF-1482-4741-917C-72EE0F3DD584}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3804DAEA-5B33-4315-BA4D-647F04A1C97F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4DA357ED-5D06-4946-B0D0-4869AA6F3784}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58337CC1-1FAE-42AA-A500-00D44A0BBA8E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FAE0233-7FF7-4EAB-897B-1F0B88F4CD3A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6401CDAA-1FF9-4694-9272-1CE7297999A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6626272A-BA72-440E-AB75-9D1A20BD14CF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{67D831E5-B793-4722-BEA5-828430718870}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{83407922-864B-419B-B0E9-8CF79F190EAE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8912DA49-84BD-48E4-AF07-8E2534C11161}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A961C66C-F32F-4CF1-8C5B-E79001C3B3FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABF549E1-AEF1-4295-9CA6-E95713D16802}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AC2F726A-2784-4C56-8B82-A76B8C9C73B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBE81603-EBD0-489A-8AEA-462CCD92C5ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7A76EA6-D1DD-4C0A-B7AD-2E014A5CBD36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC3B74F1-8F18-4371-BCE1-3B1DE1A15C02}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EC96DFF9-6B3A-4C0E-8C82-24DE22DC3C08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F618FAEB-E9D3-4C8E-99F6-867852D9840D}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154DFAAE-69E9-4E5D-A7BB-18CF8C59DA20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{1711B3ED-7B94-4936-A636-A839CC2F486B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{1E2FE5AB-EA00-44AE-A9F0-B4D2DEA8EC27}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1E3331C2-0136-4133-A1E2-5B66F9CF8B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{2E593E5F-BCBB-4955-9483-D600EA758975}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{30A2EEB6-0F69-4B13-84FA-12A6FDCC1C41}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{320C47A8-8BE3-408C-AF02-EEEDAF31DB89}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{32F60A3F-EF53-472C-AFF0-BEBC56AE203F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{378169B1-725D-4AE1-8ADB-5B683722F298}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{39468D5F-9BDD-43E8-9E31-73FD388CFC82}" = protocol=17 | dir=in | app=f:\sst\utilities\norton removal tool\symnrt.exe |
"{44FEC0FB-2C86-488A-842A-2EFF7E49C56E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{45E98996-1334-4E86-9CC9-1442DE030F10}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"{4A844505-EDFD-4288-AA2F-81EA0C080A04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{50EC7BC3-D595-45F9-A45B-3590F27BF007}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{53F8CB25-4672-4336-B365-19EB783D219D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"{57279748-0E5F-4B14-92EA-3692BE0BE2FE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5C891197-65D8-4007-B230-E0B30EDB01EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{5CE49EDB-6D3C-4BB9-BD6C-E960F362FC00}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{6484835B-D2B4-488D-BD04-BC176AE67993}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{67412096-0F7B-42BC-8992-33E33DE5F886}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{6EFD51B9-8851-42B0-99F3-03FEAA1B1430}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6F943F8B-9B39-4A9E-AFB3-F2275467CE74}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{761B6553-38BE-4131-B3A1-DFE9B6CF13C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe |
"{77B23CCC-1D31-474B-A11A-CC7511959497}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7D400422-294C-44AE-888E-EFCA7367CA15}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7E19B01B-C2EC-4FF0-B867-6EB859A44229}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war demo\medieval2.exe |
"{7E6A9912-EC5F-4D91-9C0E-1257D0F8A67D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8713C539-1EDF-40A1-B5EF-894FE4EF43E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8FF764DF-11A6-4A5B-9DBC-16362CF83E76}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{90A0DBC6-03E8-4651-909A-465A0DAF3255}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{9103ADBC-1045-497F-A988-D22503E85A2D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9299C020-4FE2-464B-8E15-4DDAAC73F2D0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A123B60C-2970-42DA-8E73-CA0D15B6D3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{B0B03646-67CF-4384-B322-2D31B33919CB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B41129D8-5433-4A50-BE89-8CF779FFE379}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B6AEDD0D-DCFC-4FDB-8FCC-8F0C09006634}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B6B23A4F-2CD9-4FD4-8A5F-73CB0902C0C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{B9682266-02E1-4B80-B03E-C1B63146CA0B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{BB0D149D-FDAF-4B2A-9456-CF04ED551D78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe |
"{BFD1E204-2889-4CE0-BCBE-3E284F4E8B2D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CB07749B-412F-40EB-B1C9-A5A2B148298A}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D33DAFCD-6933-4A5C-8A4D-AE0036BFEA62}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{D46B9777-D223-453C-A51D-17F0A7F14B6D}" = protocol=6 | dir=in | app=f:\sst\utilities\norton removal tool\symnrt.exe |
"{DB3AC6AF-5671-41DE-8B0B-AAB7EF042CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war demo\medieval2.exe |
"{DD7C6C9C-A7D1-4D01-BEF7-EC0A0ED051D3}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{E694AAD0-DA7D-4884-8C0F-48C5948DCC9E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E9BB3C09-1B45-4398-B1FA-7C63C82861A0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F2668B6C-07E2-4F56-86B7-2D98ADEE2ABC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F83BBB7A-DCAD-453D-B9C5-6ACD5DD1A043}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{FB128A7A-61A6-404D-9644-EA5708CA85BC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{005EA986-69F8-4F76-A8E0-9B0643926879}C:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe |
"TCP Query User{04D7CEAB-D06E-4E20-B8EF-59D18BD92B3C}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{088991DF-2BB6-493F-8F87-C94AAA991994}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{206F1784-D13A-47F3-8F7D-7ACE6DF149AF}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{22CDD5B2-4735-4CC2-B5F3-F0BA7E7AF839}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{4140A730-6978-4DC0-A1AB-64B0D9DE3BE0}C:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"TCP Query User{4969BFC2-6CC4-491D-8A00-3ECB02D2FE63}C:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe |
"TCP Query User{6DD829D9-14E4-436A-9FD1-E136E5C03248}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{9B7E446B-1C83-4B43-9693-4AAA777809E9}C:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe |
"TCP Query User{F625AA0A-3B47-481E-B164-5E4EA9732391}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{286E6350-C8E7-48DD-9EE7-92884B9209B0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{520B16D3-8017-4592-9128-F3B8257AD7CD}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{ACE8FF4D-A414-4E25-A0CC-1CF5B6976A11}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{B20A41C3-7974-4D18-9AFF-A93C68978FEF}C:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"UDP Query User{B771F183-F498-4DE8-9708-C5522B3ED608}C:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe |
"UDP Query User{C29EF8DF-9801-4A18-999B-E9686028C56E}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{D8FF6272-3812-451D-9319-D0CBD576ABF4}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{E1998D33-94AE-40A6-AE78-C2BB849F6F47}C:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe |
"UDP Query User{E83A5CC9-9EB9-4CA6-A004-1C6E4292D912}C:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe |
"UDP Query User{E9225875-F336-4E67-8BD4-3FFDA1663765}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java™ 6 Update 18 (64-bit)
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F97742F0-03A7-11E1-868F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists
"1B8C0FE57993F0D33DD0A689D44B5B3D8954B0F7" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{306D4754-BECE-4FC7-85F3-B7FEED274AA8}" = Razer Orochi
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{565DE707-5798-4FC3-8DF6-0F58A348A9B0}" = Adobe Premiere Pro CS5 Third Party Royalty Content
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{626B3D60-A661-4444-AAF5-6C75E55936E8}" = Adobe Creative Suite 5 Production Premium
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67EF34CE-7A02-4198-BBAA-32A0DE0DEDEA}" = XSplit
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{824539D7-D27E-4CC3-B36F-6404B5EB726B}" = Medal of Honor Pacific Assault™ Patch2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7F6127-CF84-476E-B2DE-F3CC912CBF6C}" = RuneScape
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}" = Microsoft DirectX SDK (August 2007)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AI RoboForm" = AI RoboForm (All Users)
"Akamai" = Akamai NetSession Interface Service
"Auto-Watcher v1.2" = Auto-Watcher v1.2
"AVerMedia C038 USB Capture Card" = AVerMedia C038 USB Capture Card 2.0.64.124
"AVerMedia DVD EZMaker Gold" = AVerMedia DVD EZMaker Gold 3.6.64.8
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.10
"Empire Earth Gold Edition_is1" = Empire Earth Gold Edition
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"GIF Animator" = Microsoft GIF Animator
"Google Chrome Frame" = Google Chrome Frame
"Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"OnlinePlay" = OnlinePlay 1.0
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sandbox" = Sandbox
"StarCraft II" = StarCraft II
"Steam App 18700" = And Yet It Moves
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 41100" = Hammerfight
"Steam App 4710" = Medieval II: Total War Demo
"ToolBox" = NCH Toolbox
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3279217432-494864419-1238032467-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ab9c3af4eb98e853" = RandomClassGen
"Akamai" = Akamai NetSession Interface
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:54 AM

Posted 06 January 2012 - 02:29 AM

Hi dan360!

Please run these scans for me:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


NEXT:


Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 dan360

dan360
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 06 January 2012 - 03:09 AM

ComboFix Log:

ComboFix 12-01-05.04 - Owner 06/01/2012 2:37.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3963.1885 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
c:\users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\.url
c:\users\Owner\AppData\Roaming\mIRC\logs\status.log
c:\users\Owner\Documents\~mga2599.tmp
c:\users\Owner\Documents\~WRD1030.tmp
c:\users\Owner\Documents\~WRL0005.tmp
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 07:55 . 2012-01-06 07:55 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-01-06 07:55 . 2012-01-06 07:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 21:51 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BCECA3E-F24E-4F68-BC7E-1287ECBCA5EF}\mpengine.dll
2011-12-25 18:27 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-25 18:27 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-12-25 00:44 . 2011-12-25 00:44 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2011-12-25 00:44 . 2011-12-25 00:44 -------- d-----w- c:\program files\Windows Portable Devices
2011-12-24 18:04 . 2009-10-08 23:20 3584 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-12-24 18:04 . 2009-09-25 01:35 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2011-12-24 18:04 . 2009-09-25 01:33 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2011-12-24 17:36 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2011-12-24 17:36 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2011-12-24 17:36 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-12-24 17:36 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-12-24 17:36 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-12-24 17:36 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-12-24 02:01 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-24 02:01 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-24 02:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-12-24 02:01 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-12-24 02:01 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-12-24 02:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-12-24 02:00 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-24 02:00 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2011-12-24 02:00 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2011-12-24 01:59 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-12-24 01:59 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-24 01:59 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-24 01:57 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-12-24 01:57 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-12-24 01:57 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-12-24 01:57 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-12-24 01:57 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-24 01:57 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-12-24 01:57 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-12-24 01:57 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-12-24 01:57 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-24 01:57 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-24 01:53 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-12-24 01:53 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-12-24 01:52 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-24 01:51 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-12-24 01:51 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-12-24 01:51 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-24 01:51 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-24 01:51 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-12-24 01:51 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-12-24 01:50 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-24 01:50 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-24 01:50 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-24 01:50 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-12-24 01:50 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-12-24 01:50 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-12-24 01:50 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-24 01:50 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-12-24 01:50 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-24 01:50 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-23 20:23 . 2011-12-23 20:24 -------- d-----w- c:\windows\SysWow64\ca-ES
2011-12-23 20:23 . 2011-12-23 20:24 -------- d-----w- c:\windows\SysWow64\eu-ES
2011-12-23 20:23 . 2011-12-23 20:24 -------- d-----w- c:\windows\SysWow64\vi-VN
2011-12-23 20:23 . 2011-12-23 20:24 -------- d-----w- c:\windows\system32\ca-ES
2011-12-23 20:23 . 2011-12-23 20:24 -------- d-----w- c:\windows\system32\eu-ES
2011-12-23 20:23 . 2011-12-23 20:24 -------- d-----w- c:\windows\system32\vi-VN
2011-12-23 20:19 . 2011-12-23 20:19 -------- d-----w- c:\windows\system32\SPReview
2011-12-23 19:58 . 2009-04-11 05:11 946688 ----a-w- c:\windows\system32\scavenge.dll
2011-12-23 19:57 . 2009-04-11 05:10 56320 ----a-w- c:\windows\system32\compcln.exe
2011-12-23 19:57 . 2009-04-11 05:07 3584 ----a-w- c:\windows\system32\drivers\en-US\hdaudbus.sys.mui
2011-12-23 19:57 . 2009-04-11 05:05 7680 ----a-w- c:\windows\system32\drivers\en-US\bthport.sys.mui
2011-12-23 19:45 . 2009-04-11 05:15 347112 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-23 19:44 . 2009-04-11 05:15 155112 ----a-w- c:\windows\system32\drivers\ecache.sys
2011-12-23 19:43 . 2009-04-11 05:11 886784 ----a-w- c:\windows\system32\sysmain.dll
2011-12-23 19:42 . 2009-04-11 04:28 1575936 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2011-12-23 19:41 . 2009-04-11 05:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2011-12-15 23:24 . 2011-12-15 23:24 605968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 02:24 . 2011-12-14 02:24 -------- d-----w- c:\program files (x86)\Razer
2011-12-13 00:51 . 2011-12-13 00:53 -------- d-----w- c:\program files (x86)\Empire Earth Gold Edition
2011-12-10 15:36 . 2011-12-10 16:02 -------- d-----w- c:\users\Owner\AppData\Roaming\Crayon Physics Deluxe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 06:07 . 2008-12-25 17:21 7010 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-11-11 19:44 . 2011-05-14 14:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-01 21:09 . 2011-07-24 16:39 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-01 21:09 . 2010-12-14 00:51 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-22 16:20 . 2011-10-22 16:20 11136744 ----a-w- C:\Spartan.exe
2011-10-22 16:20 . 2011-10-22 16:20 81998 ----a-w- C:\RockallDLL.dll
2011-10-22 16:20 . 2011-10-22 16:20 746496 ----a-w- C:\granny2.dll
2011-10-22 16:20 . 2011-10-22 16:20 173408 ----a-w- C:\pw32b.dll
2011-10-22 16:20 . 2011-10-22 16:20 139496 ----a-w- C:\eulax.dll
2011-10-22 16:20 . 2011-10-22 16:20 152848 ----a-w- C:\AOEOnlineReplace.exe
2011-10-22 16:20 . 2011-10-22 16:20 2984680 ----a-w- C:\AOEOnline.exe
2010-07-28 16:27 . 2010-07-28 01:06 1228424 ----a-w- c:\program files (x86)\ProductionPremium_CS5_LS7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Free"="0" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-29 16184]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-03-25 149280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Razer Orochi Driver"="c:\program files (x86)\Razer\Orochi\RazerOrochiTray.exe" [2009-10-22 2548056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2010-12-25 116056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 15:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 23:39]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-11 23:39]
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{3EEF6292-6483-45EB-8622-92B8CF775846}.job
- c:\windows\system32\msfeedssync.exe [2011-12-24 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF16888.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.ca/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-AVS Update Manager_is1 - c:\program files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-AVS4YOU Software Navigator_is1 - c:\program files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe
AddRemove-AVS4YOU Video Converter 7_is1 - c:\program files (x86)\AVS4YOU\AVSVideoConverter\unins001.exe
AddRemove-_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite X5\Setup\SetupARP.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3279217432-494864419-1238032467-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d8,45,e9,2c,11,63,40,9c,90,bc,10,66,d0,5b,8a,4e,ae,c1,09,e4,e2,d1,fb,
7a,b9,17,17,47,e5,36,c5,12,f2,3c,ed,40,8b,0b,33,44,ef,06,1c,3d,87,84,41,68,\
"??"=hex:d5,ca,29,05,79,32,36,4d,92,58,b4,49,7f,2e,99,a3
.
[HKEY_USERS\S-1-5-21-3279217432-494864419-1238032467-1000\Software\SecuROM\License information*]
"datasecu"=hex:c1,64,e0,1d,4f,3f,6f,1f,fa,be,52,66,96,5a,0e,9b,24,76,23,6d,5b,
ad,b7,d8,f1,b4,43,29,e2,a9,70,7b,19,ed,4b,b2,8c,1c,55,5c,3f,db,b3,f4,70,41,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:93,cb,26,21,eb,f0,d0,d6,17,24,7d,4c,cd,d6,92,ce,d2,ef,33,a0,52,
a9,3f,ed,77,ed,e6,85,6b,82,b8,98,93,c5,71,b2,df,0b,c9,1c,74,ec,df,35,0e,1e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:93,cb,26,21,eb,f0,d0,d6,17,24,7d,4c,cd,d6,92,ce,d2,ef,33,a0,52,
a9,3f,ed,77,ed,e6,85,6b,82,b8,98,93,c5,71,b2,df,0b,c9,1c,74,ec,df,35,0e,1e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-01-06 03:07:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-06 08:07
.
Pre-Run: 84,162,990,080 bytes free
Post-Run: 91,363,442,688 bytes free
.
- - End Of File - - 74C95BB6F6002B6CCDFD0C980E00BE9D

FFS Log

Farbar Service Scanner
Ran by Owner (administrator) on 06-01-2012 at 03:08:54
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024064 ____A (Microsoft Corporation) 1523AF19EE8B030BA682F7A53537EAEB

C:\Windows\SysWOW64\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-06-15 17:52] - [2011-04-21 09:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9

C:\Windows\System32\drivers\tdx.sys
[2011-12-23 14:43] - [2009-04-10 22:43] - 0094720 ____A (Microsoft Corporation) 458919C8C42E398DC4802178D5FFEE27

C:\Windows\System32\Drivers\tcpip.sys
[2011-12-23 21:01] - [2011-09-20 16:06] - 1426304 ____A (Microsoft Corporation) 2CC45D932BD193CD4117321D469AD6B2

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 19:15] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2011-12-23 14:45] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2011-12-23 14:44] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys
[2008-01-20 21:49] - [2008-01-20 21:49] - 0081408 ____A (Microsoft Corporation) C92B9ABDB65A5991E00C28F13491DBA2

C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2011-12-23 14:44] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2011-12-23 14:43] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2011-12-23 14:42] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2009-10-29 14:00] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2011-12-23 14:45] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2011-12-23 14:44] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2011-12-23 14:44] - [2009-04-11 00:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Windows\System32\svchost.exe
[2008-01-20 21:50] - [2008-01-20 21:50] - 0027648 ____A (Microsoft Corporation) CDA9F1373805AF88F6FA4F2064BBA24D

C:\Windows\System32\rpcss.dll
[2011-12-23 14:45] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Thanks for the help.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:54 AM

Posted 07 January 2012 - 02:11 AM

Hi dan360,

I'd like to see a new OTL scan.


Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:54 AM

Posted 07 January 2012 - 02:40 AM

Hi!

After you run the OTL scans, please do the following:

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:



Registry Export
I need some more information on a key in your registry. Please do the following:
Press Start => Run, Copy/Paste the command below into the run dialog box and press Ok:

reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC" "%userprofile%\desktop\look.txt"

You should see a new file on your Desktop named look.txt. Please double click on the file to open it, and then post the contents of look.txt in this thread.

Then run this command next:

reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc" "%userprofile%\desktop\puppy.txt"

You should see a new file on your Desktop named puppy.txt. Please double click on the file to open it, and then post the contents of puppy.txt in this thread.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 dan360

dan360
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 07 January 2012 - 11:16 AM

New OTL Report:

OTL logfile created on: 07/01/2012 11:06:36 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.30% Memory free
7.92 Gb Paging File | 5.94 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.54 Gb Total Space | 82.91 Gb Free Space | 29.45% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 10:50:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/01/04 01:04:22 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/13 19:51:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/01/29 11:16:26 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/10/22 09:43:58 | 002,548,056 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
PRC - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 01:04:22 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2010/07/27 19:18:44 | 005,537,232 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/04/24 18:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/10 22:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/12/13 16:49:47 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/13 19:51:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/10 00:03:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/18 04:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 18:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/11 23:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/30 20:27:14 | 000,508,928 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/08 20:14:24 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2009/04/01 07:56:08 | 000,189,440 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcwhdpvr.sys -- (hcwhdpvr)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/12 05:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/27 17:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 21:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/02 19:27:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 01:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 05:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/08/31 17:34:10 | 000,581,120 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2007/08/31 14:13:48 | 000,054,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/12/18 09:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.ca/"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/01/29 11:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/04 01:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/04 01:04:26 | 000,000,000 | ---D | M]

[2010/01/26 18:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/01/06 11:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions
[2010/08/06 20:44:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/22 10:19:46 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/08/22 10:19:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/22 10:19:49 | 000,000,000 | ---D | M] ("Flash Video Downloader Youtube Downloader Facebook") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\artur.dubovoy@gmail.com
[2011/07/27 16:38:48 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mp6iqkoz.default\extensions\autofillForms@blueimp.net
[2012/01/06 11:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/29 11:13:41 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

O1 HOSTS File: ([2012/01/06 02:58:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.75\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9462A263-61EA-41C1-A9B5-C52FA210ECE6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cf - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.75\npchrome_frame.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\new york wallpaper fog.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\new york wallpaper fog.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 03:07:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/06 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/01/06 02:58:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/06 02:33:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/06 02:33:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/06 02:33:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/06 02:33:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/06 02:33:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/06 02:31:44 | 004,372,321 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/01/05 18:03:43 | 001,073,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp64.exe
[2012/01/05 10:50:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/05 00:06:54 | 004,757,312 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp.exe
[2012/01/04 23:10:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/04 10:37:09 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/04 10:15:41 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2011/12/25 13:27:57 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/12/25 13:27:57 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/12/24 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2011/12/24 19:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/12/24 13:04:01 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2011/12/24 13:04:01 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2011/12/24 13:03:59 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2011/12/24 13:03:59 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2011/12/24 13:03:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2011/12/24 13:03:59 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2011/12/24 13:03:59 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2011/12/24 13:03:59 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2011/12/24 13:03:59 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2011/12/24 13:03:59 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2011/12/24 13:03:59 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2011/12/24 13:03:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2011/12/24 13:03:06 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2011/12/24 13:03:06 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2011/12/24 13:03:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2011/12/24 13:03:04 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2011/12/24 13:03:04 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2011/12/24 13:03:04 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2011/12/24 13:03:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2011/12/24 13:03:04 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2011/12/24 13:03:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2011/12/24 13:03:03 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2011/12/24 13:03:03 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2011/12/24 13:03:03 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2011/12/24 13:03:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2011/12/24 13:03:03 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2011/12/24 13:03:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2011/12/24 13:03:03 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2011/12/24 12:36:12 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2011/12/24 12:36:12 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2011/12/24 12:36:11 | 003,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011/12/24 12:36:11 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011/12/24 12:36:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011/12/24 12:36:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011/12/23 21:01:38 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/12/23 21:01:38 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/12/23 21:01:36 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/12/23 21:00:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/23 21:00:30 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2011/12/23 20:59:38 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/12/23 20:58:51 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2011/12/23 20:58:51 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2011/12/23 20:58:51 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/12/23 20:58:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/12/23 20:58:50 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/12/23 20:58:50 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2011/12/23 20:58:50 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2011/12/23 20:58:50 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2011/12/23 20:58:50 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/12/23 20:58:50 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2011/12/23 20:58:50 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/12/23 20:58:49 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2011/12/23 20:58:49 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2011/12/23 20:58:49 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2011/12/23 20:58:49 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2011/12/23 20:58:49 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2011/12/23 20:58:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2011/12/23 20:58:49 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/12/23 20:58:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/12/23 20:58:48 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/12/23 20:58:48 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2011/12/23 20:58:48 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2011/12/23 20:58:48 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2011/12/23 20:58:48 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/12/23 20:58:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2011/12/23 20:58:48 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/12/23 20:58:47 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/12/23 20:58:47 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2011/12/23 20:58:47 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2011/12/23 20:58:47 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2011/12/23 20:58:47 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2011/12/23 20:58:47 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/12/23 20:58:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2011/12/23 20:58:46 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2011/12/23 20:58:46 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2011/12/23 20:57:49 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/12/23 20:57:49 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/12/23 20:57:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/12/23 20:57:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/12/23 20:57:48 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/12/23 20:57:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/12/23 20:57:31 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/12/23 20:57:00 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/23 20:57:00 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/23 20:56:56 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/12/23 20:56:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/23 20:56:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/23 20:56:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/12/23 20:56:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/12/23 20:56:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/23 20:56:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/23 20:56:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/12/23 20:56:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/12/23 20:56:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/12/23 20:56:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/23 20:56:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/23 20:56:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/23 20:56:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/23 20:56:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/12/23 20:56:53 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/23 20:56:53 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/23 20:56:52 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/23 20:56:52 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/12/23 20:56:51 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/23 20:56:50 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/23 20:56:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/23 20:56:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/23 20:56:49 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/23 20:56:48 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/23 20:56:45 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/12/23 20:56:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/12/23 20:56:45 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/12/23 20:56:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/12/23 20:51:28 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/12/23 20:50:24 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/12/23 20:50:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/12/23 20:50:24 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/12/23 20:50:24 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/12/23 20:50:24 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/12/23 20:50:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/12/23 20:50:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/12/23 20:50:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2011/12/23 15:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2011/12/23 15:19:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/12/23 14:58:11 | 000,946,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavenge.dll
[2011/12/23 14:57:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\compcln.exe
[2011/12/23 14:46:04 | 002,247,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2011/12/23 14:46:03 | 003,341,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2011/12/23 14:46:03 | 003,235,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2011/12/23 14:46:03 | 003,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2011/12/23 14:46:03 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2011/12/23 14:46:03 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2011/12/23 14:46:03 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2011/12/23 14:46:03 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2011/12/23 14:46:03 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2011/12/23 14:46:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2011/12/23 14:46:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkitemfactory.dll
[2011/12/23 14:46:02 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2011/12/23 14:46:02 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0007.dll
[2011/12/23 14:46:02 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0009.dll
[2011/12/23 14:46:02 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxbde40.dll
[2011/12/23 14:46:02 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlhtml.dll
[2011/12/23 14:46:02 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2011/12/23 14:46:01 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswdat10.dll
[2011/12/23 14:46:01 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswstr10.dll
[2011/12/23 14:46:01 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2011/12/23 14:46:01 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2011/12/23 14:45:59 | 000,717,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2011/12/23 14:45:59 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2011/12/23 14:45:59 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp60.dll
[2011/12/23 14:45:59 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp60.dll
[2011/12/23 14:45:59 | 000,347,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/12/23 14:45:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msutb.dll
[2011/12/23 14:45:59 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2011/12/23 14:45:54 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2011/12/23 14:45:53 | 002,420,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2011/12/23 14:45:53 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetProjW.dll
[2011/12/23 14:45:53 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2011/12/23 14:45:53 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2011/12/23 14:45:53 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2011/12/23 14:45:53 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NcdProp.dll
[2011/12/23 14:45:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NcdProp.dll
[2011/12/23 14:45:52 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2011/12/23 14:45:52 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2011/12/23 14:45:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2011/12/23 14:45:52 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2011/12/23 14:45:51 | 001,444,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2011/12/23 14:45:51 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2011/12/23 14:45:51 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2011/12/23 14:45:51 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2011/12/23 14:45:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2011/12/23 14:45:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2011/12/23 14:45:50 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaui.dll
[2011/12/23 14:45:50 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pcaui.dll
[2011/12/23 14:45:50 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2011/12/23 14:45:49 | 002,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2011/12/23 14:45:49 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2011/12/23 14:45:49 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpui.dll
[2011/12/23 14:45:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2011/12/23 14:45:49 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PNPXAssoc.dll
[2011/12/23 14:45:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2011/12/23 14:45:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPutil.exe
[2011/12/23 14:45:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PJLMON.DLL
[2011/12/23 14:45:48 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2011/12/23 14:45:48 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2011/12/23 14:45:48 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpsetup.dll
[2011/12/23 14:45:48 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnpsetup.dll
[2011/12/23 14:45:47 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pidgenx.dll
[2011/12/23 14:45:46 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pidgenx.dll
[2011/12/23 14:45:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2011/12/23 14:45:45 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2011/12/23 14:45:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2011/12/23 14:45:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2011/12/23 14:45:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2011/12/23 14:45:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2011/12/23 14:45:44 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/12/23 14:45:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2011/12/23 14:45:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2011/12/23 14:45:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2011/12/23 14:45:43 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntmarta.dll
[2011/12/23 14:45:42 | 002,438,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oobefldr.dll
[2011/12/23 14:45:42 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oobefldr.dll
[2011/12/23 14:45:42 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\P2PGraph.dll
[2011/12/23 14:45:42 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\P2PGraph.dll
[2011/12/23 14:45:42 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2011/12/23 14:45:42 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2011/12/23 14:45:41 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offfilt.dll
[2011/12/23 14:45:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2011/12/23 14:45:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/12/23 14:45:40 | 001,740,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2011/12/23 14:45:39 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2011/12/23 14:45:39 | 001,499,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2011/12/23 14:45:39 | 001,040,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2011/12/23 14:45:39 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfp.dll
[2011/12/23 14:45:39 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleprn.dll
[2011/12/23 14:45:39 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfui.dll
[2011/12/23 14:45:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleprn.dll
[2011/12/23 14:45:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfui.dll
[2011/12/23 14:45:39 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfp.dll
[2011/12/23 14:45:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsCtfMonitor.dll
[2011/12/23 14:45:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsCtfMonitor.dll
[2011/12/23 14:45:38 | 000,727,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtcprx.dll
[2011/12/23 14:45:38 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2011/12/23 14:45:38 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexch40.dll
[2011/12/23 14:45:38 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexcl40.dll
[2011/12/23 14:45:36 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2011/12/23 14:45:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2011/12/23 14:45:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2011/12/23 14:45:35 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2011/12/23 14:45:35 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2011/12/23 14:45:34 | 003,108,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2011/12/23 14:45:34 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2011/12/23 14:45:33 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2011/12/23 14:45:31 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2011/12/23 14:45:31 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2011/12/23 14:45:31 | 000,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2011/12/23 14:45:31 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2011/12/23 14:45:31 | 000,073,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2011/12/23 14:45:30 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe
[2011/12/23 14:45:30 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mspbde40.dll
[2011/12/23 14:45:30 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscandui.dll
[2011/12/23 14:45:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscandui.dll
[2011/12/23 14:45:30 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2011/12/23 14:45:30 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/12/23 14:45:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/12/23 14:45:29 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrepl40.dll
[2011/12/23 14:45:29 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2011/12/23 14:45:29 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd3x40.dll
[2011/12/23 14:45:29 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd2x40.dll
[2011/12/23 14:45:29 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjtes40.dll
[2011/12/23 14:45:29 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msltus40.dll
[2011/12/23 14:45:29 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/12/23 14:45:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjter40.dll
[2011/12/23 14:45:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/12/23 14:45:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscb.dll
[2011/12/23 14:45:29 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2011/12/23 14:45:28 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjet40.dll
[2011/12/23 14:45:28 | 000,796,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/12/23 14:45:28 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2VDEC.DLL
[2011/12/23 14:45:28 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/12/23 14:45:28 | 000,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2011/12/23 14:45:28 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2VDEC.DLL
[2011/12/23 14:45:28 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2011/12/23 14:45:28 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstext40.dll
[2011/12/23 14:45:28 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2011/12/23 14:45:28 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2011/12/23 14:45:28 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2011/12/23 14:45:28 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstlsapi.dll
[2011/12/23 14:45:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstlsapi.dll
[2011/12/23 14:45:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjint40.dll
[2011/12/23 14:45:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msisip.dll
[2011/12/23 14:45:27 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/12/23 14:45:27 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2011/12/23 14:45:27 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2011/12/23 14:45:27 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2011/12/23 14:45:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2011/12/23 14:45:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2011/12/23 14:45:26 | 002,280,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/12/23 14:45:26 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/12/23 14:45:26 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/12/23 14:45:26 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/12/23 14:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msstrc.dll
[2011/12/23 14:45:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2011/12/23 14:45:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2011/12/23 14:45:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimtf.dll
[2011/12/23 14:45:24 | 000,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2011/12/23 14:45:24 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2011/12/23 14:45:24 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msisip.dll
[2011/12/23 14:45:22 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2011/12/23 14:45:22 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2011/12/23 14:45:22 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scksp.dll
[2011/12/23 14:45:22 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2011/12/23 14:45:22 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2011/12/23 14:45:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scksp.dll
[2011/12/23 14:45:20 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/12/23 14:45:19 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdohlp.dll
[2011/12/23 14:45:19 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2011/12/23 14:45:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/12/23 14:45:15 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiapi.dll
[2011/12/23 14:45:14 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2011/12/23 14:45:14 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2011/12/23 14:45:14 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011/12/23 14:45:14 | 000,055,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSHED.DLL
[2011/12/23 14:45:13 | 002,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2011/12/23 14:45:13 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2011/12/23 14:45:13 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasapi32.dll
[2011/12/23 14:45:13 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2011/12/23 14:45:13 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2011/12/23 14:45:13 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2011/12/23 14:45:13 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2011/12/23 14:45:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2011/12/23 14:45:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdial.exe
[2011/12/23 14:45:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdial.exe
[2011/12/23 14:45:12 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2011/12/23 14:45:12 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2011/12/23 14:45:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2011/12/23 14:45:12 | 000,123,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2011/12/23 14:45:12 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2011/12/23 14:45:11 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2011/12/23 14:45:11 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2011/12/23 14:45:11 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2011/12/23 14:45:11 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2011/12/23 14:45:11 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2011/12/23 14:45:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powrprof.dll
[2011/12/23 14:45:10 | 001,165,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2011/12/23 14:45:10 | 000,923,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2011/12/23 14:45:10 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnntfy.dll
[2011/12/23 14:45:10 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnntfy.dll
[2011/12/23 14:45:10 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propdefs.dll
[2011/12/23 14:45:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2011/12/23 14:45:09 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2011/12/23 14:45:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2011/12/23 14:45:09 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2011/12/23 14:45:09 | 000,289,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2011/12/23 14:45:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2011/12/23 14:45:09 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationSettings.exe
[2011/12/23 14:45:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2011/12/23 14:45:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2011/12/23 14:45:09 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2011/12/23 14:45:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rshx32.dll
[2011/12/23 14:45:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2011/12/23 14:45:08 | 000,671,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2011/12/23 14:45:08 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2011/12/23 14:45:08 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2011/12/23 14:45:08 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2011/12/23 14:45:08 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2011/12/23 14:45:08 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2011/12/23 14:45:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtffilt.dll
[2011/12/23 14:45:08 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2011/12/23 14:45:07 | 000,911,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdlg.dll
[2011/12/23 14:45:07 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdlg.dll
[2011/12/23 14:45:07 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2011/12/23 14:45:07 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasgcw.dll
[2011/12/23 14:45:07 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2011/12/23 14:45:07 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RelMon.dll
[2011/12/23 14:45:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasplap.dll
[2011/12/23 14:45:07 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasplap.dll
[2011/12/23 14:45:07 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RelMon.dll
[2011/12/23 14:45:07 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2011/12/23 14:45:07 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2011/12/23 14:45:07 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmontr.dll
[2011/12/23 14:45:07 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmontr.dll
[2011/12/23 14:45:07 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2011/12/23 14:45:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastapi.dll
[2011/12/23 14:45:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2011/12/23 14:45:06 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2011/12/23 14:45:06 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2011/12/23 14:45:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2011/12/23 14:45:06 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2011/12/23 14:45:06 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2011/12/23 14:45:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2011/12/23 14:45:06 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2011/12/23 14:45:06 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2011/12/23 14:45:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reg.exe
[2011/12/23 14:45:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2011/12/23 14:45:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2011/12/23 14:45:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\reg.exe
[2011/12/23 14:45:06 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2011/12/23 14:45:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rekeywiz.exe
[2011/12/23 14:45:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2011/12/23 14:45:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rekeywiz.exe
[2011/12/23 14:45:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/12/23 14:45:05 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2011/12/23 14:45:05 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2011/12/23 14:45:05 | 001,185,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2011/12/23 14:45:05 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2011/12/23 14:45:05 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapimig.exe
[2011/12/23 14:45:05 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsound.dll
[2011/12/23 14:45:05 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2011/12/23 14:45:05 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2011/12/23 14:45:05 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapimig.exe
[2011/12/23 14:45:05 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2011/12/23 14:45:05 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2011/12/23 14:45:05 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2011/12/23 14:45:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2011/12/23 14:45:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2011/12/23 14:45:05 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/12/23 14:45:05 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsprop.dll
[2011/12/23 14:45:05 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsprop.dll
[2011/12/23 14:45:05 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmsynth.dll
[2011/12/23 14:45:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmusic.dll
[2011/12/23 14:45:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2011/12/23 14:45:05 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskadp.dll
[2011/12/23 14:45:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskmon.dll
[2011/12/23 14:45:05 | 000,029,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys
[2011/12/23 14:45:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceEject.exe
[2011/12/23 14:45:04 | 001,930,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2011/12/23 14:45:04 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2011/12/23 14:45:04 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devmgr.dll
[2011/12/23 14:45:04 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devmgr.dll
[2011/12/23 14:45:04 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2011/12/23 14:45:04 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2011/12/23 14:45:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2011/12/23 14:45:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/12/23 14:45:04 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingWizard.exe
[2011/12/23 14:45:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2011/12/23 14:45:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingProxy.dll
[2011/12/23 14:45:04 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingProxy.dll
[2011/12/23 14:45:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dataclen.dll
[2011/12/23 14:45:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2011/12/23 14:45:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2011/12/23 14:45:03 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2011/12/23 14:45:03 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBth.dll
[2011/12/23 14:45:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBth.dll
[2011/12/23 14:45:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdSSDP.dll
[2011/12/23 14:45:03 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingWizard.exe
[2011/12/23 14:45:03 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdSSDP.dll
[2011/12/23 14:45:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2011/12/23 14:45:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2011/12/23 14:45:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fc.exe
[2011/12/23 14:45:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fc.exe
[2011/12/23 14:45:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBthProxy.dll
[2011/12/23 14:45:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBthProxy.dll
[2011/12/23 14:45:02 | 003,079,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/12/23 14:45:02 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/12/23 14:45:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2011/12/23 14:45:02 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fundisc.dll
[2011/12/23 14:45:02 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2011/12/23 14:45:02 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2011/12/23 14:45:02 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2011/12/23 14:45:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\f3ahvoas.dll
[2011/12/23 14:45:02 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2011/12/23 14:45:02 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/12/23 14:45:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\f3ahvoas.dll
[2011/12/23 14:45:01 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FunctionDiscoveryFolder.dll
[2011/12/23 14:45:01 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FunctionDiscoveryFolder.dll
[2011/12/23 14:45:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2011/12/23 14:45:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWSD.dll
[2011/12/23 14:45:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\feclient.dll
[2011/12/23 14:45:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdWSD.dll
[2011/12/23 14:45:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\feclient.dll
[2011/12/23 14:45:01 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2011/12/23 14:45:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2011/12/23 14:44:55 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2011/12/23 14:44:55 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2011/12/23 14:44:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll
[2011/12/23 14:44:55 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2011/12/23 14:44:55 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2011/12/23 14:44:55 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys
[2011/12/23 14:44:55 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2011/12/23 14:44:54 | 002,506,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/12/23 14:44:54 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/12/23 14:44:54 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2011/12/23 14:44:54 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2011/12/23 14:44:54 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2011/12/23 14:44:54 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2011/12/23 14:44:54 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll
[2011/12/23 14:44:54 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2011/12/23 14:44:54 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2011/12/23 14:44:54 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorShell.dll
[2011/12/23 14:44:54 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2011/12/23 14:44:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorPwdMgr.dll
[2011/12/23 14:44:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorPwdMgr.dll
[2011/12/23 14:44:53 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2011/12/23 14:44:53 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2011/12/23 14:44:53 | 000,153,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2011/12/23 14:44:53 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2011/12/23 14:44:52 | 001,418,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2011/12/23 14:44:52 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2011/12/23 14:44:52 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2011/12/23 14:44:52 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2011/12/23 14:44:52 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2011/12/23 14:44:52 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2011/12/23 14:44:52 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2011/12/23 14:44:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsigd.dll
[2011/12/23 14:44:51 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\brcpl.dll
[2011/12/23 14:44:51 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2011/12/23 14:44:51 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2011/12/23 14:44:51 | 000,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2011/12/23 14:44:51 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2011/12/23 14:44:51 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2011/12/23 14:44:51 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2011/12/23 14:44:51 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayDriverLib.dll
[2011/12/23 14:44:51 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2011/12/23 14:44:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\btpanui.dll
[2011/12/23 14:44:51 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthudtask.exe
[2011/12/23 14:44:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthudtask.exe
[2011/12/23 14:44:50 | 001,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2011/12/23 14:44:50 | 001,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2011/12/23 14:44:50 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthci.dll
[2011/12/23 14:44:49 | 002,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apds.dll
[2011/12/23 14:44:49 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apds.dll
[2011/12/23 14:44:49 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2011/12/23 14:44:48 | 002,272,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2011/12/23 14:44:48 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2011/12/23 14:44:48 | 000,734,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2011/12/23 14:44:48 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2011/12/23 14:44:48 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2011/12/23 14:44:48 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2011/12/23 14:44:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2011/12/23 14:44:48 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authz.dll
[2011/12/23 14:44:48 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\audiodg.exe
[2011/12/23 14:44:47 | 000,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2011/12/23 14:44:47 | 000,123,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2011/12/23 14:44:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmmon32.exe
[2011/12/23 14:44:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmmon32.exe
[2011/12/23 14:44:46 | 000,521,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmdial32.dll
[2011/12/23 14:44:46 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmdial32.dll
[2011/12/23 14:44:45 | 000,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2011/12/23 14:44:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2011/12/23 14:44:44 | 001,691,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\connect.dll
[2011/12/23 14:44:44 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2011/12/23 14:44:44 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2011/12/23 14:44:44 | 001,259,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2011/12/23 14:44:44 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2011/12/23 14:44:44 | 001,035,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2011/12/23 14:44:44 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comuid.dll
[2011/12/23 14:44:44 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comuid.dll
[2011/12/23 14:44:44 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2011/12/23 14:44:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conime.exe
[2011/12/23 14:44:44 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\conime.exe
[2011/12/23 14:44:44 | 000,039,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2011/12/23 14:44:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2011/12/23 14:44:43 | 001,748,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2011/12/23 14:44:43 | 001,658,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2011/12/23 14:44:43 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2011/12/23 14:44:43 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\console.dll
[2011/12/23 14:44:42 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2011/12/23 14:44:42 | 000,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnrollUI.dll
[2011/12/23 14:44:42 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnrollUI.dll
[2011/12/23 14:44:42 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certreq.exe
[2011/12/23 14:44:42 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certreq.exe
[2011/12/23 14:44:42 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cbsra.exe
[2011/12/23 14:44:41 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2011/12/23 14:44:41 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2011/12/23 14:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2011/12/23 14:44:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cipher.exe
[2011/12/23 14:44:40 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2011/12/23 14:44:40 | 000,164,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2011/12/23 14:44:40 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cipher.exe
[2011/12/23 14:44:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CHxReadingStringIME.dll
[2011/12/23 14:44:39 | 006,100,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chtbrkr.dll
[2011/12/23 14:44:39 | 000,380,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2011/12/23 14:44:39 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2011/12/23 14:44:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CHxReadingStringIME.dll
[2011/12/23 14:44:38 | 001,676,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chsbrkr.dll
[2011/12/23 14:44:38 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2011/12/23 14:44:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2011/12/23 14:44:38 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2011/12/23 14:44:37 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2011/12/23 14:44:37 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2011/12/23 14:44:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\korwbrkr.dll
[2011/12/23 14:44:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2011/12/23 14:44:37 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2011/12/23 14:44:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logagent.exe
[2011/12/23 14:44:37 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2011/12/23 14:44:37 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2011/12/23 14:44:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2011/12/23 14:44:36 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2011/12/23 14:44:36 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2011/12/23 14:44:36 | 000,171,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2011/12/23 14:44:36 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2011/12/23 14:44:36 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2011/12/23 14:44:36 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\l2nacp.dll
[2011/12/23 14:44:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\l2nacp.dll
[2011/12/23 14:44:36 | 000,046,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardcpl.cpl
[2011/12/23 14:44:35 | 000,620,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2011/12/23 14:44:35 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2011/12/23 14:44:35 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2011/12/23 14:44:35 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2011/12/23 14:44:35 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2011/12/23 14:44:35 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2011/12/23 14:44:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2011/12/23 14:44:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2011/12/23 14:44:34 | 000,935,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsecsnp.dll
[2011/12/23 14:44:34 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsecsnp.dll
[2011/12/23 14:44:34 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2011/12/23 14:44:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipconfig.exe
[2011/12/23 14:44:33 | 002,715,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2011/12/23 14:44:33 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\milcore.dll
[2011/12/23 14:44:33 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\milcore.dll
[2011/12/23 14:44:33 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2011/12/23 14:44:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2011/12/23 14:44:33 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2011/12/23 14:44:32 | 003,263,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2011/12/23 14:44:32 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2011/12/23 14:44:32 | 001,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2011/12/23 14:44:32 | 001,060,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2011/12/23 14:44:32 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2011/12/23 14:44:32 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2011/12/23 14:44:32 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2011/12/23 14:44:32 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpr.dll
[2011/12/23 14:44:32 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmci.dll
[2011/12/23 14:44:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcico.dll
[2011/12/23 14:44:31 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2011/12/23 14:44:31 | 000,967,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2011/12/23 14:44:31 | 000,403,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2011/12/23 14:44:31 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2011/12/23 14:44:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\modemui.dll
[2011/12/23 14:44:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\modemui.dll
[2011/12/23 14:44:31 | 000,223,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2011/12/23 14:44:31 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mdminst.dll
[2011/12/23 14:44:23 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hdwwiz.exe
[2011/12/23 14:44:23 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hdwwiz.exe
[2011/12/23 14:44:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2011/12/23 14:44:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2011/12/23 14:44:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2011/12/23 14:44:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2011/12/23 14:44:19 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpedit.dll
[2011/12/23 14:44:19 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpedit.dll
[2011/12/23 14:44:19 | 000,779,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2011/12/23 14:44:19 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2011/12/23 14:44:19 | 000,166,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2011/12/23 14:44:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2011/12/23 14:44:18 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpresult.exe
[2011/12/23 14:44:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2011/12/23 14:44:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2011/12/23 14:44:18 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpupdate.exe
[2011/12/23 14:44:15 | 001,019,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2011/12/23 14:44:15 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2011/12/23 14:44:15 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2011/12/23 14:44:15 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2011/12/23 14:44:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imm32.dll
[2011/12/23 14:44:14 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2011/12/23 14:44:14 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2011/12/23 14:44:13 | 001,381,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2011/12/23 14:44:13 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2011/12/23 14:44:13 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifmon.dll
[2011/12/23 14:44:13 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifmon.dll
[2011/12/23 14:44:13 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2011/12/23 14:44:13 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2011/12/23 14:44:12 | 001,146,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2011/12/23 14:44:12 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2011/12/23 14:44:12 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2011/12/23 14:44:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2011/12/23 14:44:12 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi.dll
[2011/12/23 14:44:12 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi.dll
[2011/12/23 14:44:11 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsdyn.dll
[2011/12/23 14:44:11 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2011/12/23 14:44:11 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2011/12/23 14:44:11 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2011/12/23 14:44:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2011/12/23 14:44:11 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/12/23 14:44:11 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2011/12/23 14:44:11 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsutil.dll
[2011/12/23 14:44:11 | 000,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2011/12/23 14:44:11 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\version.dll
[2011/12/23 14:44:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2011/12/23 14:44:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdmdbg.dll
[2011/12/23 14:44:10 | 001,279,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2011/12/23 14:44:10 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2011/12/23 14:44:10 | 000,820,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2011/12/23 14:44:10 | 000,785,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Utilman.exe
[2011/12/23 14:44:10 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Utilman.exe
[2011/12/23 14:44:10 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsdyn.dll
[2011/12/23 14:44:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2011/12/23 14:44:10 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2011/12/23 14:44:10 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ulib.dll
[2011/12/23 14:44:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ulib.dll
[2011/12/23 14:44:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSTheme.exe
[2011/12/23 14:44:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSTheme.exe
[2011/12/23 14:44:10 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2011/12/23 14:44:10 | 000,034,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2011/12/23 14:44:08 | 001,681,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz.dll
[2011/12/23 14:44:08 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz.dll
[2011/12/23 14:44:08 | 001,234,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2011/12/23 14:44:08 | 001,085,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz2.dll
[2011/12/23 14:44:08 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2011/12/23 14:44:08 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz2.dll
[2011/12/23 14:44:08 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdscore.dll
[2011/12/23 14:44:08 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnNetsh.dll
[2011/12/23 14:44:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2011/12/23 14:44:08 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnNetsh.dll
[2011/12/23 14:44:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys
[2011/12/23 14:44:07 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2011/12/23 14:44:06 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2011/12/23 14:44:00 | 002,575,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2011/12/23 14:44:00 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2011/12/23 14:43:59 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2011/12/23 14:43:59 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2011/12/23 14:43:59 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2011/12/23 14:43:59 | 000,068,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2011/12/23 14:43:57 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/12/23 14:43:57 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2011/12/23 14:43:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2011/12/23 14:43:56 | 002,204,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/12/23 14:43:56 | 001,301,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2011/12/23 14:43:56 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thawbrkr.dll
[2011/12/23 14:43:56 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2011/12/23 14:43:54 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2011/12/23 14:43:54 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2011/12/23 14:43:54 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2011/12/23 14:43:54 | 000,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2011/12/23 14:43:54 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2011/12/23 14:43:53 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2011/12/23 14:43:51 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2011/12/23 14:43:51 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2011/12/23 14:43:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpmon.dll
[2011/12/23 14:43:51 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmon.dll
[2011/12/23 14:43:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2011/12/23 14:43:50 | 001,738,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscui.cpl
[2011/12/23 14:43:50 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WscEapPr.dll
[2011/12/23 14:43:50 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WscEapPr.dll
[2011/12/23 14:43:50 | 000,264,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2011/12/23 14:43:50 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscntfy.dll
[2011/12/23 14:43:50 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscntfy.dll
[2011/12/23 14:43:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2011/12/23 14:43:50 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2011/12/23 14:43:50 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2011/12/23 14:43:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshext.dll
[2011/12/23 14:43:50 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2011/12/23 14:43:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/12/23 14:43:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/12/23 14:43:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsepno.dll
[2011/12/23 14:43:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscisvif.dll
[2011/12/23 14:43:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscisvif.dll
[2011/12/23 14:43:49 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2011/12/23 14:43:49 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscui.cpl
[2011/12/23 14:43:49 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2011/12/23 14:43:49 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2011/12/23 14:43:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2011/12/23 14:43:49 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDMon.dll
[2011/12/23 14:43:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2011/12/23 14:43:49 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2011/12/23 14:43:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2011/12/23 14:43:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2011/12/23 14:43:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2011/12/23 14:43:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2011/12/23 14:43:48 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2011/12/23 14:43:44 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2011/12/23 14:43:44 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2011/12/23 14:43:21 | 000,557,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2011/12/23 14:43:20 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/12/23 14:43:20 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/12/23 14:43:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpcao.dll
[2011/12/23 14:43:19 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpcao.dll
[2011/12/23 14:43:18 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2011/12/23 14:43:18 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/12/23 14:43:16 | 001,882,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2011/12/23 14:43:12 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/12/23 14:43:06 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2011/12/23 14:43:05 | 001,543,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2011/12/23 14:43:05 | 000,622,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2011/12/23 14:43:04 | 001,891,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2011/12/23 14:43:01 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/12/23 14:42:59 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2011/12/23 14:42:56 | 002,680,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2011/12/23 14:42:55 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2011/12/23 14:42:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmlfilter.dll
[2011/12/23 14:42:47 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2011/12/23 14:42:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2011/12/23 14:42:44 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2011/12/23 14:42:44 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2011/12/23 14:42:43 | 001,065,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2011/12/23 14:42:43 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2011/12/23 14:42:43 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2011/12/23 14:42:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsldpc.dll
[2011/12/23 14:42:43 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldpc.dll
[2011/12/23 14:42:43 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsmsext.dll
[2011/12/23 14:42:43 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsmsext.dll
[2011/12/23 14:42:42 | 001,673,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeCPL.dll
[2011/12/23 14:42:40 | 001,394,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wercon.exe
[2011/12/23 14:42:40 | 001,114,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2011/12/23 14:42:40 | 001,110,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2011/12/23 14:42:40 | 000,946,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2011/12/23 14:42:40 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2011/12/23 14:42:40 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2011/12/23 14:42:40 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2011/12/23 14:42:40 | 000,688,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2011/12/23 14:42:40 | 000,669,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaaut.dll
[2011/12/23 14:42:40 | 000,660,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2011/12/23 14:42:40 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaaut.dll
[2011/12/23 14:42:40 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2011/12/23 14:42:40 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2011/12/23 14:42:40 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2011/12/23 14:42:40 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2011/12/23 14:42:40 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2011/12/23 14:42:40 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtapi.dll
[2011/12/23 14:42:40 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2011/12/23 14:42:40 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2011/12/23 14:42:40 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2011/12/23 14:42:40 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtapi.dll
[2011/12/23 14:42:40 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtutil.exe
[2011/12/23 14:42:40 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2011/12/23 14:42:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtutil.exe
[2011/12/23 14:42:40 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlgpclnt.dll
[2011/12/23 14:42:40 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlgpclnt.dll
[2011/12/23 14:42:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\whealogr.dll
[2011/12/23 14:42:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\whealogr.dll
[2011/12/23 14:42:38 | 003,894,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2011/12/23 14:42:38 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2011/12/23 14:42:38 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2011/12/23 14:42:37 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2011/12/23 14:42:37 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2011/12/23 14:42:37 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2011/12/23 14:42:37 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2011/12/23 14:42:36 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2011/12/23 14:42:36 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2011/12/23 14:42:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2011/12/23 14:42:36 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2011/12/23 14:41:52 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2011/12/23 14:41:52 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCommDlg.dll
[2011/12/23 14:41:52 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLUI.exe
[2011/12/23 14:41:52 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLLUA.exe
[2011/12/23 14:41:52 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwmi.dll
[2011/12/23 14:41:52 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2011/12/23 14:41:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwmi.dll
[2011/12/23 14:41:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/12/23 14:41:51 | 001,925,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2011/12/23 14:41:51 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sperror.dll
[2011/12/23 14:41:51 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2011/12/23 14:41:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sperror.dll
[2011/12/23 14:41:51 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2011/12/23 14:41:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2011/12/23 14:41:51 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2011/12/23 14:41:51 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\softkbd.dll
[2011/12/23 14:41:51 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2011/12/23 14:41:51 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\softkbd.dll
[2011/12/23 14:41:51 | 000,116,736 | ---- | C] (Microsoft) -- C:\Windows\SysNative\SMBHelperClass.dll
[2011/12/23 14:41:51 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\SMBHelperClass.dll
[2011/12/23 14:41:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spcmsg.dll
[2011/12/23 14:41:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spcmsg.dll
[2011/12/23 14:41:50 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCExt.dll
[2011/12/23 14:41:50 | 000,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcc.dll
[2011/12/23 14:41:50 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcc.dll
[2011/12/23 14:41:50 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2011/12/23 14:41:50 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCExt.dll
[2011/12/23 14:41:50 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCommDlg.dll
[2011/12/23 14:41:50 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2011/12/23 14:41:50 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2011/12/23 14:41:50 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2011/12/23 14:41:50 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLC.dll
[2011/12/23 14:41:50 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2011/12/23 14:41:50 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2011/12/23 14:41:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sendmail.dll
[2011/12/23 14:41:50 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcinst.dll
[2011/12/23 14:41:50 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcinst.dll
[2011/12/23 14:41:39 | 000,164,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Storport.sys
[2011/12/23 14:41:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Storprop.dll
[2011/12/23 14:41:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Storprop.dll
[2011/12/23 14:41:38 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys
[2011/12/23 14:41:38 | 000,581,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2011/12/23 14:41:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2011/12/23 14:41:38 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2011/12/23 14:41:38 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2011/12/23 14:41:38 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2011/12/23 14:41:38 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2011/12/23 14:41:38 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spinstall.exe
[2011/12/23 14:41:38 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spoolss.dll
[2011/12/23 14:41:38 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2011/12/23 14:41:38 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2011/12/23 14:41:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizui.dll
[2011/12/23 14:41:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spoolss.dll
[2011/12/23 14:41:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2011/12/23 14:41:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spreview.exe
[2011/12/23 14:41:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwinsat.dll
[2011/12/23 14:41:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwinsat.dll
[2011/12/13 21:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011/12/13 21:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2011/12/12 19:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011/12/12 19:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Earth Gold Edition
[2011/12/10 10:37:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Crayon Physics Deluxe
[2011/12/10 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Crayon Physics Deluxe
[2011/12/09 16:56:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Forgottenhp 2
[2011/12/09 16:55:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[2011/12/09 16:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[2010/07/27 20:06:16 | 001,228,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ProductionPremium_CS5_LS7.exe
[2 C:\Users\Owner\*.tmp files -> C:\Users\Owner\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/07 11:07:27 | 000,795,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/07 11:07:27 | 000,674,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/07 11:07:27 | 000,133,074 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/07 11:01:26 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/07 11:01:13 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 11:01:12 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 11:01:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/07 11:01:02 | 4156,555,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/07 02:05:54 | 000,001,786 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/07 01:39:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/07 00:02:35 | 000,002,611 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word.lnk
[2012/01/06 20:43:10 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3EEF6292-6483-45EB-8622-92B8CF775846}.job
[2012/01/06 03:14:15 | 001,073,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp64.exe
[2012/01/06 02:58:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/06 02:32:29 | 000,333,917 | ---- | M] () -- C:\Users\Owner\Desktop\FSS.exe
[2012/01/06 02:31:42 | 004,372,321 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/01/06 02:21:14 | 000,023,328 | ---- | M] () -- C:\Users\Owner\Documents\Anthro Movie Comsumer.veg
[2012/01/06 02:14:58 | 000,023,328 | ---- | M] () -- C:\Users\Owner\Documents\Anthro Movie Comsumer.veg.bak
[2012/01/05 10:50:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/01/04 23:10:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/01/04 20:03:48 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Documents\MBR.dat
[2012/01/04 10:37:24 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/01/04 01:07:31 | 000,007,010 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2012/01/04 00:55:10 | 000,086,528 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 11:36:19 | 005,025,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/30 21:28:08 | 000,035,128 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg
[2011/12/30 18:49:23 | 475,011,423 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid1.mp4
[2011/12/30 16:29:39 | 008,434,703 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid.mp4
[2011/12/30 15:35:11 | 000,034,976 | ---- | M] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg.bak
[2011/12/24 19:44:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/12/23 16:17:14 | 000,002,800 | ---- | M] () -- C:\Users\Owner\Documents\Register Vegas Pro.htm
[2011/12/23 16:11:56 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 11.0 (64-bit).lnk
[2011/12/23 15:26:11 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2011/12/21 17:11:54 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/13 21:37:37 | 000,001,820 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\EliseProfile0.dat
[2011/12/13 15:54:34 | 004,757,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp.exe
[2011/12/12 19:53:35 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth - The Art of Conquest.lnk
[2011/12/12 19:53:35 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2011/12/09 16:55:22 | 000,002,078 | ---- | M] () -- C:\Users\Owner\Desktop\Forgotten Hope 2.lnk
[2 C:\Users\Owner\*.tmp files -> C:\Users\Owner\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 02:33:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/06 02:33:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/06 02:33:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/06 02:33:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/06 02:33:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/06 02:32:31 | 000,333,917 | ---- | C] () -- C:\Users\Owner\Desktop\FSS.exe
[2012/01/06 02:04:07 | 000,023,328 | ---- | C] () -- C:\Users\Owner\Documents\Anthro Movie Comsumer.veg.bak
[2012/01/06 02:04:07 | 000,023,328 | ---- | C] () -- C:\Users\Owner\Documents\Anthro Movie Comsumer.veg
[2012/01/04 22:42:13 | 4156,555,264 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/04 20:03:48 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Documents\MBR.dat
[2011/12/30 16:43:54 | 475,011,423 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid1.mp4
[2011/12/30 15:54:13 | 008,434,703 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid.mp4
[2011/12/30 15:35:11 | 000,035,128 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg
[2011/12/30 15:35:11 | 000,034,976 | ---- | C] () -- C:\Users\Owner\Documents\Apocolipse Vid.veg.bak
[2011/12/24 19:44:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/12/23 16:11:56 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 11.0 (64-bit).lnk
[2011/12/23 14:45:39 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2011/12/23 14:45:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/12/23 14:45:13 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2011/12/23 14:45:13 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2011/12/23 14:45:13 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml
[2011/12/23 14:45:13 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml
[2011/12/23 14:45:06 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2011/12/23 14:44:54 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2011/12/23 14:44:54 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2011/12/23 14:44:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/12/23 14:43:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/12/23 14:43:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2011/12/23 14:43:53 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/12/23 14:42:40 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2011/12/23 14:41:52 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2011/12/23 14:41:51 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2011/12/23 14:41:51 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2011/12/23 14:41:51 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2011/12/23 14:34:43 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2011/12/13 21:27:48 | 000,001,820 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\EliseProfile0.dat
[2011/12/13 21:02:50 | 000,001,786 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/12/12 19:53:35 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth - The Art of Conquest.lnk
[2011/12/12 19:53:35 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2011/12/09 16:55:22 | 000,002,078 | ---- | C] () -- C:\Users\Owner\Desktop\Forgotten Hope 2.lnk
[2011/05/18 17:50:43 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI
[2011/05/18 17:41:07 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2011/05/18 17:40:29 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/03 12:00:21 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/03/27 19:35:14 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/12/25 12:19:42 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys
[2010/12/25 12:16:10 | 000,033,127 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/12/25 12:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2010/12/25 12:15:18 | 000,002,336 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/12/13 19:51:52 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/13 19:51:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/19 15:14:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/08/10 13:09:16 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/09 13:36:35 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/29 13:50:25 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/07/27 20:06:16 | 3398,402,251 | ---- | C] () -- C:\Program Files (x86)\ProductionPremium_CS5_LS7.7z
[2010/06/28 10:41:51 | 000,000,617 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\myMPQ.ini
[2010/05/25 18:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2010/01/26 18:56:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/16 23:48:44 | 000,000,085 | ---- | C] () -- C:\Windows\ScreenHunter.INI
[2009/09/11 19:17:34 | 000,000,000 | ---- | C] () -- C:\Windows\SMM_HCEditor.INI
[2009/04/28 20:43:55 | 000,789,732 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/05 12:18:21 | 000,130,861 | ---- | C] () -- C:\Windows\hpoins18.dat
[2008/12/05 12:08:18 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2008/11/23 11:39:44 | 000,086,528 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 10:35:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/21 09:27:27 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/11/21 09:27:27 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/11/21 09:27:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/11/21 09:27:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/11/21 09:27:27 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/11/21 09:27:27 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/11/21 09:12:12 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/11/21 09:12:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/11/21 09:12:12 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/11/21 09:10:36 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/11/21 09:09:45 | 000,001,460 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2008/07/10 21:23:59 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/07/10 21:23:56 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/07/10 21:23:53 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/07/10 20:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/19 12:50:12 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Documents\clip0015.avi:TOC.WMV
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:63238B95
@Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:gnojStiSEVIGVsU4rJh
@Alternate Data Stream - 1118 bytes -> C:\ProgramData\Microsoft:8VQKJVBTzmRF9sBCgLQleSYF

< End of report >

Extra Report:

OTL Extras logfile created on: 07/01/2012 11:06:36 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.30% Memory free
7.92 Gb Paging File | 5.94 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.54 Gb Total Space | 82.91 Gb Free Space | 29.45% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- %SystemRoot%\SysWow64\winhlp32.exe %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- %SystemRoot%\SysWow64\winhlp32.exe %1

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\SysWow64\winhlp32.exe %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\SysWow64\winhlp32.exe %1
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FA C0 33 07 B2 C1 CC 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BA8108-784F-4585-9F52-2E2B40B96DC8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{08F761FE-B5EE-4405-A038-C44BA3161C57}" = lport=3390 | protocol=6 | dir=in | app=system |
"{16B1B7B8-B9D1-4C7F-9D9F-495C8E56F2A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{266D69EB-12E2-4267-A325-18DC449667AE}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{27085E77-7A36-4E64-AEFC-B988E4BB4718}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AAA8DAF-1482-4741-917C-72EE0F3DD584}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3804DAEA-5B33-4315-BA4D-647F04A1C97F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4DA357ED-5D06-4946-B0D0-4869AA6F3784}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58337CC1-1FAE-42AA-A500-00D44A0BBA8E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FAE0233-7FF7-4EAB-897B-1F0B88F4CD3A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6401CDAA-1FF9-4694-9272-1CE7297999A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6626272A-BA72-440E-AB75-9D1A20BD14CF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{67D831E5-B793-4722-BEA5-828430718870}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{83407922-864B-419B-B0E9-8CF79F190EAE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8912DA49-84BD-48E4-AF07-8E2534C11161}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A961C66C-F32F-4CF1-8C5B-E79001C3B3FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABF549E1-AEF1-4295-9CA6-E95713D16802}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AC2F726A-2784-4C56-8B82-A76B8C9C73B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBE81603-EBD0-489A-8AEA-462CCD92C5ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7A76EA6-D1DD-4C0A-B7AD-2E014A5CBD36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC3B74F1-8F18-4371-BCE1-3B1DE1A15C02}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EC96DFF9-6B3A-4C0E-8C82-24DE22DC3C08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F618FAEB-E9D3-4C8E-99F6-867852D9840D}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{154DFAAE-69E9-4E5D-A7BB-18CF8C59DA20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{1711B3ED-7B94-4936-A636-A839CC2F486B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{1E2FE5AB-EA00-44AE-A9F0-B4D2DEA8EC27}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1E3331C2-0136-4133-A1E2-5B66F9CF8B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{2E593E5F-BCBB-4955-9483-D600EA758975}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{30A2EEB6-0F69-4B13-84FA-12A6FDCC1C41}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{320C47A8-8BE3-408C-AF02-EEEDAF31DB89}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires online\spartan.exe |
"{32F60A3F-EF53-472C-AFF0-BEBC56AE203F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{378169B1-725D-4AE1-8ADB-5B683722F298}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{39468D5F-9BDD-43E8-9E31-73FD388CFC82}" = protocol=17 | dir=in | app=f:\sst\utilities\norton removal tool\symnrt.exe |
"{44FEC0FB-2C86-488A-842A-2EFF7E49C56E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{45E98996-1334-4E86-9CC9-1442DE030F10}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"{4A844505-EDFD-4288-AA2F-81EA0C080A04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{50EC7BC3-D595-45F9-A45B-3590F27BF007}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{53F8CB25-4672-4336-B365-19EB783D219D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"{57279748-0E5F-4B14-92EA-3692BE0BE2FE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5C891197-65D8-4007-B230-E0B30EDB01EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{5CE49EDB-6D3C-4BB9-BD6C-E960F362FC00}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{6484835B-D2B4-488D-BD04-BC176AE67993}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{67412096-0F7B-42BC-8992-33E33DE5F886}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{6EFD51B9-8851-42B0-99F3-03FEAA1B1430}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6F943F8B-9B39-4A9E-AFB3-F2275467CE74}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{761B6553-38BE-4131-B3A1-DFE9B6CF13C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe |
"{77B23CCC-1D31-474B-A11A-CC7511959497}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7D400422-294C-44AE-888E-EFCA7367CA15}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7E19B01B-C2EC-4FF0-B867-6EB859A44229}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war demo\medieval2.exe |
"{7E6A9912-EC5F-4D91-9C0E-1257D0F8A67D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8713C539-1EDF-40A1-B5EF-894FE4EF43E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8FF764DF-11A6-4A5B-9DBC-16362CF83E76}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{90A0DBC6-03E8-4651-909A-465A0DAF3255}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{9103ADBC-1045-497F-A988-D22503E85A2D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9299C020-4FE2-464B-8E15-4DDAAC73F2D0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A123B60C-2970-42DA-8E73-CA0D15B6D3BA}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{B0B03646-67CF-4384-B322-2D31B33919CB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B41129D8-5433-4A50-BE89-8CF779FFE379}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B6AEDD0D-DCFC-4FDB-8FCC-8F0C09006634}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B6B23A4F-2CD9-4FD4-8A5F-73CB0902C0C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{B9682266-02E1-4B80-B03E-C1B63146CA0B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"{BB0D149D-FDAF-4B2A-9456-CF04ED551D78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe |
"{BFD1E204-2889-4CE0-BCBE-3E284F4E8B2D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CB07749B-412F-40EB-B1C9-A5A2B148298A}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D33DAFCD-6933-4A5C-8A4D-AE0036BFEA62}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{D46B9777-D223-453C-A51D-17F0A7F14B6D}" = protocol=6 | dir=in | app=f:\sst\utilities\norton removal tool\symnrt.exe |
"{DB3AC6AF-5671-41DE-8B0B-AAB7EF042CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war demo\medieval2.exe |
"{DD7C6C9C-A7D1-4D01-BEF7-EC0A0ED051D3}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{E694AAD0-DA7D-4884-8C0F-48C5948DCC9E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E9BB3C09-1B45-4398-B1FA-7C63C82861A0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F2668B6C-07E2-4F56-86B7-2D98ADEE2ABC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F83BBB7A-DCAD-453D-B9C5-6ACD5DD1A043}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{FB128A7A-61A6-404D-9644-EA5708CA85BC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{005EA986-69F8-4F76-A8E0-9B0643926879}C:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe |
"TCP Query User{04D7CEAB-D06E-4E20-B8EF-59D18BD92B3C}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{088991DF-2BB6-493F-8F87-C94AAA991994}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{206F1784-D13A-47F3-8F7D-7ACE6DF149AF}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{22CDD5B2-4735-4CC2-B5F3-F0BA7E7AF839}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{4140A730-6978-4DC0-A1AB-64B0D9DE3BE0}C:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"TCP Query User{4969BFC2-6CC4-491D-8A00-3ECB02D2FE63}C:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe |
"TCP Query User{6DD829D9-14E4-436A-9FD1-E136E5C03248}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{9B7E446B-1C83-4B43-9693-4AAA777809E9}C:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe |
"TCP Query User{F625AA0A-3B47-481E-B164-5E4EA9732391}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{286E6350-C8E7-48DD-9EE7-92884B9209B0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{520B16D3-8017-4592-9128-F3B8257AD7CD}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{ACE8FF4D-A414-4E25-A0CC-1CF5B6976A11}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"UDP Query User{B20A41C3-7974-4D18-9AFF-A93C68978FEF}C:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"UDP Query User{B771F183-F498-4DE8-9708-C5522B3ED608}C:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\2adb0db11c28410fa4bf98b7b30cb547\relicdownloader.exe |
"UDP Query User{C29EF8DF-9801-4A18-999B-E9686028C56E}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{D8FF6272-3812-451D-9319-D0CBD576ABF4}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{E1998D33-94AE-40A6-AE78-C2BB849F6F47}C:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire earth gold edition\empire earth\empire earth.exe |
"UDP Query User{E83A5CC9-9EB9-4CA6-A004-1C6E4292D912}C:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\forgottenhope2.exe |
"UDP Query User{E9225875-F336-4E67-8BD4-3FFDA1663765}C:\users\owner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java™ 6 Update 18 (64-bit)
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F97742F0-03A7-11E1-868F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists
"1B8C0FE57993F0D33DD0A689D44B5B3D8954B0F7" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{306D4754-BECE-4FC7-85F3-B7FEED274AA8}" = Razer Orochi
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{565DE707-5798-4FC3-8DF6-0F58A348A9B0}" = Adobe Premiere Pro CS5 Third Party Royalty Content
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{626B3D60-A661-4444-AAF5-6C75E55936E8}" = Adobe Creative Suite 5 Production Premium
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67EF34CE-7A02-4198-BBAA-32A0DE0DEDEA}" = XSplit
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{824539D7-D27E-4CC3-B36F-6404B5EB726B}" = Medal of Honor Pacific Assault™ Patch2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7F6127-CF84-476E-B2DE-F3CC912CBF6C}" = RuneScape
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}" = Microsoft DirectX SDK (August 2007)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AI RoboForm" = AI RoboForm (All Users)
"Akamai" = Akamai NetSession Interface Service
"Auto-Watcher v1.2" = Auto-Watcher v1.2
"AVerMedia C038 USB Capture Card" = AVerMedia C038 USB Capture Card 2.0.64.124
"AVerMedia DVD EZMaker Gold" = AVerMedia DVD EZMaker Gold 3.6.64.8
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.10
"Empire Earth Gold Edition_is1" = Empire Earth Gold Edition
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"GIF Animator" = Microsoft GIF Animator
"Google Chrome Frame" = Google Chrome Frame
"Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"OnlinePlay" = OnlinePlay 1.0
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sandbox" = Sandbox
"StarCraft II" = StarCraft II
"Steam App 18700" = And Yet It Moves
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 41100" = Hammerfight
"Steam App 4710" = Medieval II: Total War Demo
"ToolBox" = NCH Toolbox
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ab9c3af4eb98e853" = RandomClassGen
"Akamai" = Akamai NetSession Interface
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#9 dan360

dan360
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 07 January 2012 - 11:32 AM

and both of the command lines didn't work. No look.txt and puppy.txt appeared on my desktop after I ran those lines.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:54 AM

Posted 08 January 2012 - 06:08 AM

Hi!

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] 0 File not found
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 64 bytes -> C:\Users\Owner\Documents\clip0015.avi:TOC.WMV
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:63238B95
    @Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:gnojStiSEVIGVsU4rJh
    @Alternate Data Stream - 1118 bytes -> C:\ProgramData\Microsoft:8VQKJVBTzmRF9sBCgLQleSYF
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 dan360

dan360
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 08 January 2012 - 12:43 PM

Hi, here the log from the "Run Fix" scan.

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft AutoScreenRecorder 3.1 Free deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Users\Owner\Documents\clip0015.avi:TOC.WMV deleted successfully.
ADS C:\ProgramData\Temp:63238B95 deleted successfully.
ADS C:\ProgramData\Microsoft:gnojStiSEVIGVsU4rJh deleted successfully.
ADS C:\ProgramData\Microsoft:8VQKJVBTzmRF9sBCgLQleSYF deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 156841287 bytes
->Temporary Internet Files folder emptied: 33415127 bytes
->Java cache emptied: 96642579 bytes
->FireFox cache emptied: 47474882 bytes
->Flash cache emptied: 95578 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60129 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 319.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01082012_120745

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#12 dan360

dan360
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 08 January 2012 - 12:54 PM

The other OTL scan.

OTL logfile created on: 08/01/2012 12:44:57 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 52.81% Memory free
7.92 Gb Paging File | 5.98 Gb Available in Paging File | 75.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.54 Gb Total Space | 84.39 Gb Free Space | 29.97% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 7.53 Gb Free Space | 99.12% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - - File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: LtMoh - hkey= - key= - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
MsConfig:64bit - StartUpReg: OneCareUI - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44ACAF42-0CE0-CFD4-FCD0-9E6DB5B69375} - Microsoft Windows Media Player
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {52FC891D-4E47-DE59-7E40-92EFC027F336} - Browser Customizations
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D6B1C1F2-8916-37E6-B4D4-2CEB4F07DC9A} - Offline Browsing Pack
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.MFZ0 - C:\Windows\SysWow64\MyFlashZip0.ax (Moyea Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)


========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/10/22 11:20:11 | 002,984,680 | ---- | M] (Microsoft Studios) -- C:\AOEOnline.exe
[2011/10/22 11:20:12 | 000,152,848 | ---- | M] (Microsoft Studios) -- C:\AOEOnlineReplace.exe
[2011/10/22 11:20:25 | 011,136,744 | ---- | M] (Microsoft Studios) -- C:\Spartan.exe


< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/03/12 01:55:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/03/12 01:53:06 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2009/04/11 02:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2009/04/11 00:15:46 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/04/11 00:15:46 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2008/01/20 21:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 21:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008/01/20 21:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/01/20 21:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/04 01:04:24 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/04 01:04:24 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/04 01:04:24 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/01/04 01:04:22 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/01/04 01:04:22 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/04 01:04:22 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/11/02 23:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/03 00:11:36 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/03 00:11:36 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/03 00:11:36 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc >

< End of report >

Thanks :)

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:54 AM

Posted 09 January 2012 - 04:08 AM

Hi!

Please make sure you complete the back-up of the registry before proceeding with the fixes below.


Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:



We Need to Run a Registry Script

Please download the following attached registry scripts to your computer.

You will want to double click each registry fix individual and allow it to run.

If you get prompted by User Account Control please select Yes

Press Yes, and then Ok, when prompted.





Then please run a new scan with Farbar Service Scanner and post the lg for me to review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 dan360

dan360
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 09 January 2012 - 03:01 PM

I'm getting this error for the first two scrips.
"Cannot import C:/Users/Owner/Desktop/legacy_sdrsvc.reg: Error accessing the registry."

Only mpssvc.reg worked and was "added to the registry"

New FSS Log.

Farbar Service Scanner
Ran by Owner (administrator) on 09-01-2012 at 15:36:22
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024064 ____A (Microsoft Corporation) 1523AF19EE8B030BA682F7A53537EAEB

C:\Windows\SysWOW64\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-06-15 17:52] - [2011-04-21 09:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9

C:\Windows\System32\drivers\tdx.sys
[2011-12-23 14:43] - [2009-04-10 22:43] - 0094720 ____A (Microsoft Corporation) 458919C8C42E398DC4802178D5FFEE27

C:\Windows\System32\Drivers\tcpip.sys
[2011-12-23 21:01] - [2011-09-20 16:06] - 1426304 ____A (Microsoft Corporation) 2CC45D932BD193CD4117321D469AD6B2

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 19:15] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2011-12-23 14:45] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2011-12-23 14:44] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys
[2008-01-20 21:49] - [2008-01-20 21:49] - 0081408 ____A (Microsoft Corporation) C92B9ABDB65A5991E00C28F13491DBA2

C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2011-12-23 14:44] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2011-12-23 14:43] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2011-12-23 14:42] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2009-10-29 14:00] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2011-12-23 14:45] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2011-12-23 14:44] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2011-12-23 14:44] - [2009-04-11 00:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Windows\System32\svchost.exe
[2008-01-20 21:50] - [2008-01-20 21:50] - 0027648 ____A (Microsoft Corporation) CDA9F1373805AF88F6FA4F2064BBA24D

C:\Windows\System32\rpcss.dll
[2011-12-23 14:45] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Edited by dan360, 09 January 2012 - 03:36 PM.


#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:54 AM

Posted 10 January 2012 - 08:54 AM

Hi!

Can you please try to access Windows Security Center and see if it allows you to access it successfully after running the script below?

Please run this OTL fix:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    
    :Files
    sc stop MpsSvc /c
    sc start MpsSvc /c
    sc stop mpsdrv /c
    sc start mpsdrv /c
    sc stop sdrsvc /c
    sc start sdrsvc /c
    sc stop vss /c
    sc start vss /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users